SOL53729441 - MySQL vulnerability CVE-2016-2047

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL61275340 - Java vulnerability CVE-2013-5823

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL51484039 - PHP 'snmp.c' remote format string vulnerability CVE-2016-4071

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

SOL11772107 - BIG-IP and BIG-IQ cloud image vulnerability CVE-2016-2084

Note: Upgrading a vulnerable version to a not vulnerable version will not mitigate this issue; performing an upgrade on a vulnerable instance will cause the instance to remain vulnerable after the upgrade. Furthermore, any backups that are made from a vulnerable instance and restored to a not...

SOL05272632 - BIG-IP AOM password sync vulnerability CVE-2015-8611

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL17447 - Linux kernel UDF vulnerabilities CVE-2014-9728, CVE-2014-9729, and CVE-2014-9730

Recommended Action If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are currently...

SOL17270 - OpenSSH vulnerability CVE-2015-6565

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...

SOL16907 - Apache HTTPD vulnerability CVE-2011-3607

Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted...

SOL16716 - Multiple Mozilla NSS vulnerabilities

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

SOL16708 - cURL and libcurl vulnerabilities CVE-2015-3144 and CVE-2015-3145

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...

SOL16320 - OpenSSL vulnerability CVE-2015-0289

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...

SOL15732 - Linux kernel vulnerability CVE-2013-0311

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...

SOL15484 - OpenSSH vulnerability CVE-2006-4925

Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...

SOL15172 - BIND vulnerability CVE-2010-3762

F5 Product Development has determined that these BIG-IP and Enterprise Manager versions use a vulnerable version of BIND. However, the vulnerable code is not used by default on these BIG-IP or Enterprise Manager systems. These products are only vulnerable if BIND was manually configured...

SOL15086 - OpenSSH vulnerability CVE-2008-1657

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy...

SOL14201 - BIND denial-of-service attack CVE-2012-5166/CVE-2012-4244

Recommended Action To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column in the previous table. To mitigate this vulnerability, you can disable recursion of the DNS server. To do so, perform the following procedure: Impact of action...

SOL13231 - PHP vulnerability CVE-2009-2626

In PHP 5.3.0 and PHP 5.2.10 and earlier, the zendrestoreinientrycb function in zendini.c allows context-specific attackers to obtain sensitive information memory contents and causes PHP to fail by using the iniset function to declare a variable, and then using the inirestore function to restore t...

SOL11533 - OpenSSL vulnerability CVE-2010-0740

The ssl3getrecord function in ssl/s3pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service crash via a malformed record in a TLS connection that triggers a NULL pointer de-reference, related to the minor version number. Information about this advisory is...

SOL8106 - OpenSSL SSL_get_shared_ciphers vulnerability CVE-2007-5135

F5 Product Development has determined that the BIG-IP and Enterprise Manager products use a vulnerable version of OpenSSL; however, the vulnerable code is not used in either TMM or in Apache on the BIG-IP system. The vulnerability is considered to be a local vulnerability and cannot be exploited...

K000141459: Angular JS vulnerabilities CVE-2019-14863 and CVE-2022-25869

Security Advisory Description CVE-2019-14863 There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it. CVE-2022-2586...

K000139793: MacOS vulnerability CVE-2023-41993

Security Advisory Description The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7...

K000139594: libxml2 vulnerability CVE-2022-40304

Security Advisory Description An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. CVE-2022-40304. Impact This vulnerability allows a remot...

K000139228: Envoy vulnerability CVE-2024-27919

Security Advisory Description Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTINUATION frames. Envoy's HTTP/2 codec does not reset a request when header map limits have been exceeded. This...

K000139227: amphp/http vulnerability CVE-2024-2653

Security Advisory Description amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set ENDHEADERS flag, resulting in an OOM crash. CVE-2024-2653 Impact There is no impact; F5 products are not affected by this vulnerability. Securi...

K000138444: NGINX HTTP/3 QUIC vulnerability CVE-2024-24989

Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. CVE-2024-24989 Note : The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information,...

K000138057: mod_ssl vulnerabilities CVE-2002-1157 and CVE-2002-0653

Security Advisory Description CVE-2002-1157 Cross-site scripting vulnerability in the modssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on...

K000133753: PHP vulnerability CVE-2023-0662

Security Advisory Description In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU...

K000133612: OpenJDK vulnerability CVE-2023-21939

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Swing. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and...

K000133517: OpenSSH vulnerability CVE-2023-28531

Security Advisory Description ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9. CVE-2023-28531 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...

K38110373: Apache Tomcat vulnerability CVE-2014-7810

Security Advisory Description The Expression Language EL implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a...

K29002929: INTEL-SA-00223 - Intel Unified Extensible Firmware Interface CVE-2019-0120

Security Advisory Description Insufficient key protection vulnerability in silicon reference firmware for IntelR PentiumR Processor J Series, IntelR PentiumR Processor N Series, IntelR CeleronR J Series, IntelR CeleronR N Series, IntelR AtomR Processor A Series, IntelR AtomR Processor E3900 Serie...

K32541890: DHCP Client Script Code Execution vulnerability CVE-2018-1111

Security Advisory Description DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP...

K02585438: MySQL vulnerabilities CVE-2019-2815, CVE-2019-2819, CVE-2019-2822, and CVE-2019-2826

Security Advisory Description CVE-2019-2815 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

K11009429: MySQL vulnerabilities CVE-2018-3170, CVE-2018-3171, CVE-2018-3173, CVE-2018-3174, and CVE-2018-3182

Security Advisory Description CVE-2018-3170 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DDL. Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols...

K93683207: Apache vulnerability CVE-2018-1333

Security Advisory Description By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 Affected 2.4.18-2.4.30,2.4.33. CVE-2018-1333 Impact There is no impact; F5...

K44611310: MySQL vulnerability CVE-2015-0411

Security Advisory Description Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption. CVE-2015-0411 Impact Through...

K93554290: Linux kernel vulnerability CVE-2018-19407

Security Advisory Description The vcpuscanioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service NULL pointer dereference and BUG via crafted system calls that reach a situation where ioapic is uninitialized. CVE-2018-19407 Impact...

K49331953: libicu vulnerability CVE-2017-17484

Security Advisory Description The ucnvUTF8FromUTF8 function in ucnvu8.cpp in International Components for Unicode ICU for C/C++ through 60.1 mishandles ucnvconvertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service stack-based buffer overflow and...

K52325031: Linux kernel vulnerabilities CVE-2019-16231 and CVE-2019-16233

Security Advisory Description CVE-2019-16231 drivers/net/fjes/fjesmain.c in the Linux kernel 5.2.14 does not check the allocworkqueue return value, leading to a NULL pointer dereference. CVE-2019-16233 drivers/scsi/qla2xxx/qlaos.c in the Linux kernel 5.2.14 does not check the allocworkqueue retur...

K82248373: Linux kernel vulnerability CVE-2020-16119

Security Advisory Description Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccpshctxccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123,...

K31332013: Linux kernel vulnerability CVE-2016-10905

Security Advisory Description An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4.8. A use-after-free is caused by the functions gfs2clearrgrpd and readrindexentry. CVE-2016-10905 Security Advisory Status F5 Product Development has evaluated the currently supported releases for...

K17123: Apache Tomcat vulnerability CVE-2014-0230

Security Advisory Description Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service thread consumption...

K93532943: SSHD session.c vulnerability CVE-2016-3115

Security Advisory Description Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the 1 doauthenticated1 and 2 sessionx11req functions...

K13597: OpenSSL vulnerability CVE-2012-1165

Security Advisory Description The mimeparamcmp function in crypto/asn1/asnmime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service NULL pointer dereference and application crash using a crafted S/MIME message; a different vulnerability than...

K14433: PHP SOAP vulnerability CVE-2013-1643

Security Advisory Description PHP allows the use of external entities while parsing SOAP wsdl files, which allows an attacker to read arbitrary files. If a web application unserializes user-supplied data and tries to execute any method of it, an attacker can send a serialized SoapClient object...

K52136304: SCSI libsas driver vulnerability CVE-2019-15807

Security Advisory Description In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sasexpander.c when SAS expander discovery fails. This will cause a BUG and denial of service. CVE-2019-15807 Impact There is no impact; F5 products are not affected by this vulnerability...

K49440205: Linux kernel vulnerability CVE-2021-38300

Security Advisory Description arch/mips/net/bpfjit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. This occurs because conditional branches can exceed the 128 KB...

K37155600: BIG-IP RTSP profile vulnerability CVE-2022-28691

Security Advisory Description When a Real Time Streaming Protocol RTSP profile is configured on a virtual server, undisclosed traffic can cause an increase in Traffic Management Microkernel TMM resource utilization. CVE-2022-28691 Impact System performance can degrade until the process is either...

K40317110: MySQL vulnerabilities CVE-2017-10320, CVE-2017-10365, CVE-2017-10378, CVE-2017-10379, and CVE-2017-10384

Security Advisory Description CVE-2017-10320 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: InnoDB. Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

K35232053: PHP vulnerability CVE-2016-7125

Security Advisory Description ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by obje...