SOL16904 - OpenSSL ssleay_rand_byte(s) regression CVE-2015-3216

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

SOL16940 - Multiple Wireshark vulnerabilities

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL16869 - logrotate vulnerability CVE-2011-1098

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...

SOL16859 - SUSE coreutils vulnerabilities CVE-2013-0221, CVE-2013-0222, and CVE-2013-0223

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

SOL15892 - Oracle Database Server vulnerabilities CVE-2013-3751, CVE-2013-3774, CVE-2014-4236, CVE-2014-4237, and CVE-2014-4245

CVE-2013-3751 Unspecified vulnerability in the XML Parser component in Oracle Database Server 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. CVE-2013-3774 Unspecified vulnerability in the Network Layer...

SOL15376 - OpenSSL 0.9.8k vulnerability CVE-2009-0789

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

SOL15300 - Apache HTTP Server mod_dav DoS vulnerability CVE-2013-6438

Recommended Action ARX If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To mitigate th...

SOL12597 - PHP vulnerability CVE-2010-4156

PHP vulnerability CVE-2010-4156 describes a vulnerability where the mbstrcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter aka the length parameter. Information...

SOL12566 - OpenSSL vulnerability CVE-2010-3864

For information about this advisory, refer to the Common Vulnerabilities and Exposures website at the following location:...

K05710614: BIG-IP HSB vulnerability CVE-2024-39778

Security Advisory Description When a stateless virtual server is configured on a BIG-IP system with a High-Speed Bridge HSB, undisclosed requests can cause virtual servers to stop processing client connections and the Traffic Management Microkernel TMM to terminate. CVE-2024-39778 Impact Traffic ...

K000139627: NGINX HTTP/3 QUIC vulnerability CVE-2024-34161

Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit MTU of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously...

K000139615: Node.js vulnerability CVE-2024-27982

Security Advisory Description The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly,...

K000138178: Apache Tomcat vulnerability CVE-2023-42795

Security Advisory Description Incomplete Cleanup vulnerability in Apache Tomcat. When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to...

K000137204: Intel BIOS vulnerability CVE-2022-43505

Security Advisory Description Insufficient control flow management in the BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable denial of service via local access. CVE-2022-43505 Impact This vulnerability may allow a privileged user to potentially enable...

K000135206: Linux kernel vulnerability CVE-2023-32233

Security Advisory Description In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous...

K000135178: OpenSSL vulnerability CVE-2023-2650

Security Advisory Description Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message...

K000134507: jQuery UI vulnerability CVE-2022-31160

Security Advisory Description jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes...

K000132765: OpenSSL vulnerabilities CVE-2022-4203, CVE-2023-0216, CVE-2023-0217, and CVE-2023-0401

Security Advisory Description CVE-2022-4203 A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or...

K54211024: OpenSSL vulnerability CVE-2016-6304

Security Advisory Description Multiple memory leaks in t1lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service memory consumption via large OCSP Status Request extensions. CVE-2016-6304 Impact A remote attacker can...

K40523020: Linux kernel vulnerability CVE-2018-16658

Security Advisory Description An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdromioctldrivestatus in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is...

K08306700: DHCP client vulnerability CVE-2018-5732

Security Advisory Description An out-of-bound memory access flaw was found in the way dhclient processed a DHCP response packet. A malicious DHCP server could potentially use this flaw to crash dhclient processes running on DHCP client machines via a crafted DHCP response packet. CVE-2018-5732...

K9754: BIND 9 vulnerability CVE-2009-0025

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...

K24322529: libxml2 vulnerabilities CVE-2016-4447 and CVE-2016-4449

Security Advisory Description CVE-2016-4447 The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service heap-based buffer underread and application crash via a crafted file, involving xmlParseName. CVE-2016-4449 XML external...

K9642: Samba vulnerability CVE-2008-1105

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...

K00409335: procps-ng vulnerability CVE-2018-1122

Security Advisory Description procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the configfil...

K15840535: BIND vulnerability CVE-2019-6477

Security Advisory Description With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the serve...

K11542555: iApps vulnerability CVE-2020-17507

Security Advisory Description An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. readxbmbody in gui/image/qxbmhandler.cpp has a buffer over-read. CVE-2020-17507 Impact An unauthenticated remote attacker can trick an administrator into processing a large file wi...

K15328: OpenSSL vulnerability CVE-2010-5298

Security Advisory Description Race condition in the ssl3readbytes function in s3pkt.c in OpenSSL through 1.0.1g, when SSLMODERELEASEBUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service use-after-free and parsing error via an SSL connection in a...

K15623: GnuTLS vulnerability CVE-2009-5138

Security Advisory Description GnuTLS before 2.7.6, when the GNUTLSVERIFYALLOWX509V1CACRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new...

K16486: PHP vulnerability CVE-2015-2787

Security Advisory Description Use-after-free vulnerability in the processnesteddata function in ext/standard/varunserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of...

K16441: MIT Kerberos 5 vulnerability CVE-2014-9423

Security Advisory Description The svcauthgssacceptseccontext function in lib/rpc/svcauthgss.c in MIT Kerberos 5 aka krb5 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive...

K16834: OpenSSL vulnerability CVE-2011-3210

Security Advisory Description The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service daemon crash via...

K9762: OpenSSL vulnerability - CVE-2008-5077

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

K65271605: NTP vulnerability CVE-2016-1549

Security Advisory Description A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and...

K48448204: PHP vulnerability CVE-2016-6207

Security Advisory Description Integer overflow in the gdContributionsAlloc function in gdinterpolation.c in GD Graphics Library aka libgd before 2.2.3 allows remote attackers to cause a denial of service out-of-bounds memory write or memory consumption via unspecified vectors. CVE-2016-6207 Impac...

K4119: Buffer overflow in mod_ssl - CVE-2002-0082

Security Advisory Description Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5...

K52259753: Intel Processor vulnerability CVE-2022-26373

Security Advisory Description Non-transparent sharing of return predictor targets between contexts in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access. CVE-2022-26373 Impact There is no impact; F5 products are not affected by this...

K90011301: libssh2 vulnerabilities CVE-2019-3856, CVE-2019-3857, and CVE-2019-3863

Security Advisory Description CVE-2019-3856 An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system...

K17296065: Apache mod_userdir vulnerability CVE-2016-4975

Security Advisory Description Possible CRLF injection allowing HTTP response splitting attacks for sites which use moduserdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache...

K10812540: OpenJDK vulnerability CVE-2019-18197

Security Advisory Description In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or...

K53345784: Linux kernel vulnerability CVE-2017-16912

Security Advisory Description The "getpipe" function drivers/usb/usbip/stubrx.c in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service out-of-bounds read via a specially crafted USB over IP packet. CVE-2017-16912 Impact This vulnerability allo...

K37923932: libTIFF vulnerability CVE-2022-3970

Security Advisory Description A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tifgetimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been...

K02354867: Kernel vulnerability CVE-2020-10711

Security Advisory Description A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option CIPSO protocol's category bitmap into the SELinux extensible bitmap via the'...

K25451853: TMUI XSS vulnerability CVE-2022-28716

Security Advisory Description A DOM-based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP AFM, CGNAT, and PEM Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. CVE-2022-28716 Impact An attacker ma...

K23432135: Apache Struts 2 vulnerability CVE-2016-3093

Security Advisory Description Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service block access to a web site via unspecified vectors. CVE-2016-3093 Impact The Object-Graph...

K92327553: BlueZ and Intel Smart Sound Technology vulnerabilities CVE-2020-0556 and CVE-2020-0583

Security Advisory Description CVE-2020-0556 Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access CVE-2020-0583 Improper access control in the subsystem for Intel...

K10204425: PHP vulnerability CVE-2018-5712

Security Advisory Description An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file. CVE-2018-5712 Impact There is no impact; F5 products are not...

K17386005: MySQL vulnerabilities CVE-2019-2420, CVE-2019-2434, CVE-2019-2435, CVE-2019-2436, and CVE-2019-2455

Security Advisory Description CVE-2019-2420 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network...

K54252492: Side-channel processor vulnerability CVE-2018-3693

Security Advisory Description Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. CVE-2018-3693 also known as Spectre ...

K54423555: PHP vulnerability CVE-2015-4147

Security Advisory Description The SoapClient::call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that defaultheaders is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an...