6392 matches found
K35802610: Multiple MySQL vulnerabilities CVE-2022-21569, CVE-2022-21824, CVE-2022-22968, CVE-2022-27778
Security Advisory Description CVE-2022-21569 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocol...
K83120834: Diffie-Hellman key agreement protocol weaknesses CVE-2002-20001 & CVE-2022-40735
Security Advisory Description The Diffie-Hellman Key Agreement Protocol allows remote attackers from the client side to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a DHEater attack. The client needs very...
K15159: OpenSSL vulnerability CVE-2014-0160
Security Advisory Description The 1 TLS and 2 DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as...
K95208524: jQuery vulnerability CVE-2016-7103
Security Advisory Description Cross-site scripting XSS vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. CVE-2016-7103 Impact This vulnerability allows a remote attacker to perform an...
K14700: BIG-IP APM clickjacking vulnerability CVE-2013-5975
Security Advisory Description The access policy logon page logon.inc in F5 BIG-IP APM 11.1.0 through 11.2.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. CVE-2013-5975 Impact Clickjacking protection in the BIG-IP APM access policy logon page may be insufficient...
K06420357: PHP vulnerability CVE-2017-16642
Security Advisory Description In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelibmeridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related...
K30444545: libxslt vulnerability CVE-2019-11068
Security Advisory Description libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded...
SOL15564 - TLS vulnerability CVE-2014-3511
1 If you are planning to upgrade to BIG-IP APM 11.5.1 HF6 to mitigate this issue, you should instead upgrade to 11.5.1 HF7 to avoid an issue specific to BIG-IP APM. For more information, refer to SOL15914: The tmm process may restart and produce a core file after BIG-IP APM systems are upgraded...
K14933: Apache Struts vulnerability CVE-2013-2251
Security Advisory Description Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted 1 action:, 2 redirect:, or 3 redirectAction: prefix. CVE-2013-2251 Impact None Security Advisory Status To determine if your release is kno...
K14052032: OpenSSH vulnerability CVE-2018-15919
Security Advisory Description Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such...
SOL73112451 - Oracle Java SE vulnerability CVE-2016-3427
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL16620 - QEMU vulnerability CVE-2015-3456
1 vCMP is not available on BIG-IP versions prior to 11.0.0. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are...
K18484125: Eclipse Jetty vulnerability CVE-2020-27216
Security Advisory Description In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of...
K40812100: OpenSSL vulnerability CVE-2021-3711
Security Advisory Description In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is...
K15595: Apache Xalan-Java vulnerability CVE-2014-0107
Security Advisory Description Description The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURESECUREPROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access...
K35033051: Tomcat vulnerability CVE-2021-30640
Security Advisory Description A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45...
K88125023: Linux kernel vulnerabilities CVE-2019-16921, CVE-2019-18683, CVE-2019-18805
Security Advisory Description CVE-2019-16921 In the Linux kernel before 4.17, hnsroceallocucontext in drivers/infiniband/hw/hns/hnsrocemain.c does not initialize the resp data structure, which might allow attackers to obtain sensitive information from kernel stack memory, aka CID-df7e40425813...
K02692210: BIG-IP virtual server with HTTP Explicit Proxy and/or SOCKS vulnerability CVE-2017-6157
Security Advisory Description BIG-IP virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an unauthenticated, remote attack that allows modification of BIG-IP system configuration, extraction of sensitive system files, and/or...
K01217337: Linux kernel vulnerability CVE-2021-22543
Security Advisory Description An issue was discovered in Linux: KVM through Improper handling of VMIO|VMPFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write...
K48602933: Nginx vulnerability CVE-2017-7529
Security Advisory Description Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. CVE-2017-7529 Impact This vulnerabilit...
K53648360: Linux kernel vulnerability CVE-2022-27666
Security Advisory Description A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat...
K50116122: Apache Tomcat vulnerability CVE-2016-6816
Security Advisory Description The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the...
K32760744: libxml2 vulnerability CVE-2022-23308
Security Advisory Description valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. CVE-2022-23308 Impact The security impact of xmlGetID returning a pointer to freed memory depends on the application and mostly results in denial-of-service DoS. The typical use case of...
SOL48414132 - PHP SOAP vulnerability CVE-2015-8835
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL04403302 - Apache Struts 1 vulnerability CVE-2016-1182
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
K34002344: Overview of Log4j vulnerabilities (2021 and 2022)
Security Advisory Description This document is intended to serve as an overview of the 2021 and 2022 Log4j vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated security advisory. High CVEs Medium CVEs Not Vulnerable CVEs High CV...
K17247: PHP vulnerability CVE-2015-1351
Security Advisory Description Use-after-free vulnerability in the zendsharedmemdup function in zendsharedalloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2015-1351 Impact...
K32172755: Multiple Java vulnerabilities CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, and CVE-2022-21496
Security Advisory Description CVE-2022-21426 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5,...
K32957101: Apache HTTPD vulnerability CVE-2019-0211
Security Advisory Description In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of...
SOL16883 - TCP sequence number vulnerability CVE-1999-0077
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL15893 - Apache HTTP server vulnerabilities CVE-2014-0117, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231, and CVE-2014-3523
Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. Supplemental...
K02495251: Ghostscript vulnerability CVE-2018-16509 (VU#332928)
Security Advisory Description An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction...
K16139: OpenSSL vulnerability CVE-2015-0204
Security Advisory Description The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORTRSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a...
K00503780: Apache Struts 2 vulnerability CVE-2017-7672
Security Advisory Description If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version...
K49820145: Apache Tomcat vulnerability CVE-2016-8735
Security Advisory Description Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener...
SOL14371 - Apache Axis vulnerability CVE-2012-5784
Vulnerability Recommended Actions If you are using iControl Assembly 11.2 and earlier, the Apache axis.jar file is vulnerable to CVE-2012-5784. To eliminate this vulnerability, upgrade to iControl Assembly 11.3. To do so, download the latest version of the iControl Assembly package at . Note: A...
K18352029: Linux kernel vulnerability CVE-2017-18017
Security Advisory Description The tcpmssmanglepacket function in net/netfilter/xtTCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service use-after-free and memory corruption or possibly have unspecified other impact by leveraging the...
K63104801: OpenVPN vulnerabilities CVE-2017-7508, CVE-2017-7520, CVE-2017-7521, and CVE-2017-7522
Security Advisory Description CVE-2017-7508 OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. CVE-2017-7520 OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive...
K16883: TCP sequence number vulnerability CVE-1999-0077
Security Advisory Description Predictable TCP sequence numbers allow spoofing. CVE-1999-0077 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status To determine if your release is known to be vulnerable, the components or features that are affected...
SOL80285422 - PHP vulnerabilities CVE-2015-4642, CVE-2015-4643, and CVE-2015-4644
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
K45356577: Java vulnerability CVE-2022-21449
Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable...
K74374841: Linux kernel vulnerability CVE-2018-5391
Security Advisory Description The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various...
K67090077: Apache HTTP Server vulnerability CVE-2022-22720
Security Advisory Description Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling. CVE-2022-22720 Impact Any authenticated user may exploit this vulnerability and cause a...
SOL16515 - JBoss vulnerability CVE-2015-0279
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
K19559038: OpenSSL vulnerability CVE-2021-3712
Security Advisory Description ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which i...
K15342: OpenSSL vulnerability CVE-2014-3470
Security Advisory Description The ssl3sendclientkeyexchange function in s3clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service NULL pointer dereference and client crash by...
K92111011: Linux kernel vulnerability CVE-2016-2117
Security Advisory Description The atl2probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data.CVE-2016-2117 Impact...
K31781390: January 2019 OpenSSH security vulnerabilities
Security Advisory Description In January 2019, a security researcher announced the discovery of the following OpenSSH SCP client vulnerabilities: CVE-2018-20685 OpenSSH: Improper check in scp.c:sink allows malicious servers to bypass access restrictions in scp client CVE-2019-6109 OpenSSH: Missin...
K97843387: Overview of F5 vulnerabilities (November 2022)
Security Advisory Description On November 16, 2022, F5 announced the following issues. This document is intended to serve as an overview of these issues to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. Distributed Cloud and Manage...
K62832776: RPC portmapper vulnerability CVE-1999-0632
Security Advisory Description The RPC portmapper service is running. CVE-1999-0632 Impact This issue affects an unknown function of the component RPC portmapper service. The manipulation with an unknown input leads to a privilege escalation vulnerability impacting confidentiality, integrity, and...