SOL8920 - Linux kernel vulnerability CVE-2007-2876

A flaw in the connection tracking support for SCTP allows a remote user to cause a denial of service by dereferencing a NULL pointer. Information about this advisory is available at the following location: Note: This link takes you to a resource outside of AskF5, and it is possible that the...

SOL8922 - Linux kernel vulnerability CVE-2007-3739

A flaw in the stack expansion when using the hugetlb kernel on a PowerPC system allows a local user to cause a denial of service. Information about this advisory is available at the following location: Note: This link takes you to a resource outside of AskF5, and it is possible that the informati...

SOL6795 - ClamAV CHM Chunk Name Length DoS Vulnerability - CVE-2006-5295

The FirePass controller can be configured to provide anti-virus scanning of files uploaded through Portal Access using the ClamAV open source software. A vulnerability in ClamAV 0.88.4 and earlier versions could allow a remote attacker to crash the scanner process using a specially crafted...

SOL3568 - DNS denial of service vulnerability - CAN-2004-0789

Vulnerability description and product information: Multiple implementations of the DNS protocol, including 1 Poslib 1.0.2-1 and earlier as used by Posadis, 2 Axis Network products before firmware 3.13, and 3 Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to caus...

K000148465: Spring framework vulnerability CVE-2024-38816

Security Advisory Description Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process i...

K000148259: libarchive vulnerability CVE-2016-10350 and CVE-2016-10349

Security Advisory Description CVE-2016-10350 The archivereadformatcabreadheader function in archivereadsupportformatcab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted file. CVE-2016-10349 The archivele32de...

K000139630: Expat vulnerability CVE-2023-52425

Security Advisory Description libexpat through 2.5.0 allows a denial of service resource consumption because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. CVE-2023-52425 Impact There is no impact; F5 products are not affected by this...

K000138732: BIG-IP Next Central Manager OData Injection vulnerability CVE-2024-21793

Security Advisory Description An OData injection vulnerability exists in the BIG-IP Next Central Manager API URI. CVE-2024-21793 Impact An unauthenticated attacker can exploit this vulnerability to execute malicious SQL statements which may allow the attacker to access but not update information...

K000139225: nghttp2 vulnerability CVE-2024-28182

Security Advisory Description nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes...

K000138953: Python vulnerability CVE-2023-41105

Security Advisory Description An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath, the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for...

K000137796: BIG-IP SSL profile security exposure

Security Advisory Description The BIG-IP system may not honor the revocation status of a certificate present in the certificate revocation list CRL file, potentially allowing unauthorized connections. This issue occurs when all of the following conditions are met: A ClientSSL or ServerSSL profile...

K000137315: ZebOS BGP vulnerability CVE-2023-45886

Security Advisory Description The BGP daemon bgpd in ZebOS through 7.10.6 allows remote attackers to cause a denial-of-service DoS by sending crafted BGP update messages containing a malformed attribute. CVE-2023-45886 Impact This vulnerability may allow a remote unauthenticated attacker to cause...

K000137211: cURL vulnerabilities CVE-2023-38546

Security Advisory Description This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single...

K000137054: libwebp vulnerabilities CVE-2023-4863 and CVE-2023-5129

Security Advisory Description CVE-2023-4863 Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Critical CVE-2023-5129 REJECTED This CVE I...

K93960557: Linux kernel vulnerability CVE-2018-5953

Security Advisory Description The swiotlbprintinfo function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call. CVE-2018-5953 Impact There is no impact; F5 products are not...

K49033153: Apache Syncope vulnerabilities CVE-2018-1321 and CVE-2018-1322

Security Advisory Description CVE-2018-1321 An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can use XSL Transformations XSLT to perform malicious operations,...

K05112543: HTTPS monitor vulnerability CVE-2018-5542

Security Advisory Description F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.6, or 11.2.1-11.6.3.2 HTTPS health monitors do not validate the identity of the monitored server. CVE-2018-5542 Impact This vulnerability may allow unauthorized disclosure and modification of monitor traffic by an attacker with ...

K56851402: Linux kernel vulnerability CVE-2019-17666

Security Advisory Description rtlp2pnoaie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow. CVE-2019-17666 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...

K05032915: GNU Binutils vulnerability CVE-2019-1010204

Security Advisory Description GNU binutils gold gold v1.11-v1.16 GNU binutils v2.21-v2.31.1 is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcppfile.h:644. The attack vect...

K26310765: HTTP/2 profile vulnerability CVE-2022-23012

Security Advisory Description When the HTTP/2 profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-23012 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote unauthenticate...

K63525027: Memcached vulnerability CVE-2018-1000115

Security Advisory Description Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume Network Amplification, CWE-406 vulnerability in the UDP support of the memcached server that can result in denial of service via network flood traffic amplification of 1:50,000 has bee...

K29421535: Intel processor vulnerability CVE-2021-33117

Security Advisory Description Improper access control for some 3rd Generation IntelR XeonR Scalable Processors before BIOS version MR7, may allow a local attacker to potentially enable information disclosure via local access. CVE-2021-33117 Impact This vulnerability may potentially allow a local...

K48527562: Samba vulnerabilities CVE-2021-20277, CVE-2017-14746, CVE-2017-15275

Security Advisory Description CVE-2021-20277 A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is t...

K21766035: mod_perl vulnerability CVE-2011-2767

Security Advisory Description modperl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because contrary to the documentation there is no configuration option that permits Perl code for the administrator's control of HTTP request...

K00174195: Apache Tomcat vulnerability CVE-2021-25122

Security Advisory Description When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both se...

K13217575: Session data may be exposed when using a proxy to multiplex connections to the BIG-IP APM system

Security Advisory Description This issue occurs when all of the following conditions are met: The BIG-IP APM system is configured to perform NTLM SSO authentication to back-end servers. A proxy in front of the BIG-IP APM system multiplexes connections from different users. Impact Users may be...

K44590877: PHP vulnerabilities CVE-2019-11034 and CVE-2019-11035

Security Advisory Description CVE-2019-11034 When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exifprocessIFDTAG function. This may lead to information disclosure or crash...

K17541: Linux kernel vulnerability CVE-2015-2150

Security Advisory Description Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest users to cause a denial of service non-maskable interrupt and host crash by disabling the 1 memory or 2 I/O decoding fo...

K29241247: GNU C Library (glibc) vulnerability CVE-2015-8984

Security Advisory Description The fnmatch function in the GNU C Library aka glibc or libc6 before 2.22 might allow context-dependent attackers to cause a denial of service application crash via a malformed pattern, which triggers an out-of-bounds read. CVE-2015-8984 Impact An attacker with...

K35240323: PHP vulnerability CVE-2016-4539

Security Advisory Description The xmlparseintostruct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service buffer under-read and segmentation fault or possibly have unspecified other impact via crafted XML da...

K17025: BIND DNSSEC vulnerability CVE-2010-0097

Security Advisory Description ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC 1 NSEC and 2 NSEC3 records. CVE-2010-0097 Impact Remote attackers may be able to add the Authenticated Data AD flag to a forg...

K17457: Linux kernel vulnerability CVE-2015-6252

Security Advisory Description The vhostdevioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users to cause a denial of service memory consumption via a VHOSTSETLOGFD ioctl call that triggers permanent file-descriptor allocation. CVE-2015-6252 Impact None. F5...

K22040951: systemd-journald vulnerability CVE-2019-3815

Security Advisory Description A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatchmessagereal in journald-server.c does not free the memory allocated by setiovecfieldfree to store the CMDLINE= entry. A local attacker may use this...

K61570943: Multiple libXML2 vulnerabilities

Security Advisory Description CVE-2015-5312 The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted XML data, a different vulnerability...

K88162221: The BIG-IP ASM system may not properly perform signature checks on cookies

Security Advisory Description The BIG-IP ASM system may not properly perform signature checks on cookies. This issue occurs when the following condition is met: You have a security policy enabled with cookie scope attack signatures. Impact Cookies containing malicious payload may pass through the...

K17079: Java SE vulnerabilities CVE-2015-2590 and CVE-2015-4732

Security Advisory Description CVE-2015-2590 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than...

K60001344: Linux kernel vulnerability CVE-2019-19056

Security Advisory Description A memory leak in the mwifiexpciealloccmdrspbuf function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memory consumption by triggering mwifiexmappcimemory failures, aka CID-db8fd2cde932...

K16976: PHP vulnerability CVE-2015-1352

Security Advisory Description The buildtablename function in pgsql.c in the PostgreSQL aka pgsql extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service. CVE-2015-1352 Impact There is no impact; F5 products are...

K8108: OpenSSL vulnerability CVE-2007-3108

Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...

K54891070: Tomcat vulnerabilities CVE-2012-5885, CVE-2012-5886, and CVE-2012-5887

Security Advisory Description CVE-2012-5885 The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce aka client nonce values instead of nonce aka server nonce and nc...

K54647543: Linux kernel vulnerability CVE-2019-25044

Security Advisory Description The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blkmqfreerqs and blkcleanupqueue. CVE-2019-25044 Impact There is...

K33440533: BIG-IP ASM Bot Defense open redirection vulnerability CVE-2021-22984

Security Advisory Description When receiving a unauthenticated client request with a maliciously crafted URI, a BIG-IP Advanced WAF or ASM virtual server configured with a DoS profile with Proactive Bot Defense versions prior to 14.1.0, or a Bot Defense profile versions 14.1.0 and later, may...

K06878231: LLDPD vulnerabilities CVE-2015-8011 and CVE-2015-8012

Security Advisory Description CVE-2015-8011 Buffer overflow in the lldpdecode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service daemon crash and possibly execute arbitrary code via vectors involving large management addresses and TLV...

K21571420: Multiple Samba vulnerabilities

Security Advisory Description CVE-2022-2031 A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this...

K49000195: Apache Tomcat vulnerability CVE-2017-5647

Security Advisory Description A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the...

K24465120: iControl REST vulnerability CVE-2017-6167

Security Advisory Description Race conditions in iControl REST may lead to commands executed with different privilege levels than expected. CVE-2017-6167 Impact Sending asynchronous tasks using the iControl REST API may be processed as the wrong user and result in an error. Security Advisory Stat...

K28508558: Apache mod_cache vulnerability CVE-2013-4352

Security Advisory Description The cacheinvalidate function in modules/cache/cachestorage.c in the modcache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service NULL pointer dereference and daemon crash via vectors...

K05405841: GCM nonce vulnerability CVE-2016-0270

Security Advisory Description IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce i...

K46394694: Linux kernel vulnerability CVE-2016-8650

Security Advisory Description The mpipowm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service stack memory corruption and panic via an addkey system call for an RSA key with ...

K08478022: Linux kernel vulnerability CVE-2017-7616

Security Advisory Description Incorrect error handling in the setmempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation...