6413 matches found
K61570943: Multiple libXML2 vulnerabilities
Security Advisory Description CVE-2015-5312 The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted XML data, a different vulnerability...
K94255403: BIG-IP AFM vulnerability CVE-2021-23040
Security Advisory Description A SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This issue is exposed only when BIG-IP AFM is provisioned. CVE-2021-23040 Impact An authenticated attacker can exploit this vulnerability to execute malicious SQL...
K17079: Java SE vulnerabilities CVE-2015-2590 and CVE-2015-4732
Security Advisory Description CVE-2015-2590 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than...
K65271605: NTP vulnerability CVE-2016-1549
Security Advisory Description A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and...
K15341: BIG-IP ASM Virtual Edition may run out of memory under certain DoS conditions
Security Advisory Description The BIG-IP ASM system limits the maximum number of concurrent requests with large payloads 10,000 bytes or larger by default to 100, using the maxconcurrentlongrequest internal parameter. The BIG-IP ASM system drops new requests with large payloads once this limit is...
K16837: tcpdump before 4.7.2 vulnerabilities CVE-2015-0261, CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155
Security Advisory Description Description CVE-2015-0261 Integer signedness error in the mobilityoptprint function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service out-of-bounds read and crash or possibly execute arbitrary code via a negativ...
K35981055: glibc vulnerability CVE-2018-11237
Security Advisory Description An AVX-512-optimized implementation of the mempcpy function in the GNU C Library aka glibc or libc6 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in mempcpyavx512novzeroupper. CVE-2018-11237 Impact There is no impact; F5...
K71581599: libgd vulnerability CVE-2016-6161
Security Advisory Description The output function in gdgifout.c in the GD Graphics Library aka libgd allows remote attackers to cause a denial of service out-of-bounds read via a crafted image. CVE-2016-6161 Impact When using PHP to generate GIF images, it is possible for a specially crafted GD2...
K52114338: systemd vulnerability CVE-2017-9445
Security Advisory Description In systemd through 233, certain sizes passed to dnspacketnew in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating ...
K04450715: libxml2 vulnerability CVE-2015-8806
Security Advisory Description dict.c in libxml2 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via an unexpected character immediately after the " Identified Medium screen. To determine if your release is known to be vulnerable, the componen...
K94375254: LibTIFF vulnerability CVE-2016-3991
Security Advisory Description Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service out-of-bounds write or execute arbitrary code via a crafted TIFF image with zero tiles. CVE-2016-3991 Impact...
K29282483: BIG-IP APM CTU vulnerability CVE-2021-22980
Security Advisory Description An untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility CTU for Windows can allow an attacker to load a malicious DLL library from its current directory. User interaction is required to exploit this vulnerability because the victim mus...
K40356136: systemd vulnerability CVE-2018-15686
Security Advisory Description A vulnerability in unitdeserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are...
K21856463: MySQL vulnerability CVE-2016-8289
Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows local users to affect integrity and availability via vectors related to Server: InnoDB. CVE-2016-8289 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...
K54337315: Linux kernel vulnerability CVE-2019-12614
Security Advisory Description An issue was discovered in dlparparseccproperty in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop-name, which might allow an attacker to cause a denial of service NULL pointer dereference and system...
K62318311: glibc vulnerability CVE-2017-17426
Security Advisory Description The malloc function in the GNU C Library aka glibc or libc6 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZEMAX, potentially leading to a subsequent heap overflow. This occurs because the...
K22715344: PolicyKit vulnerability CVE-2019-6133
Security Advisory Description In PolicyKit aka polkit 0.115, the "start time" protection mechanism can be bypassed because fork is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c...
K76434343: gdk-pixbuf vulnerability CVE-2015-4491
Security Advisory Description Integer overflow in the makefiltertable function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary...
K50401227: Linux kernel vulnerability CVE-2022-26354
Security Advisory Description A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions = 6.2.0. CVE-2022-26354 Impact There...
K69232741: Linux kernel vulnerability CVE-2019-20934
Security Advisory Description An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in shownumastats because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c. CVE-2019-20934 Impact There is no impact; F5...
K7827: tcpdump 3.9.6 vulnerability CVE-2007-3798
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K01294982: Oracle Java SE vulnerability CVE-2018-2811
Security Advisory Description Vulnerability in the Java SE component of Oracle Java SE subcomponent: Install. Supported versions that are affected are Java SE: 8u162 and 10. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes ...
K84797753: Linux kernel vulnerability CVE-2019-19062
Security Advisory Description A memory leak in the cryptoreport function in crypto/cryptouserbase.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memory consumption by triggering cryptoreportalg failures, aka CID-ffdde5932042. CVE-2019-19062 Impact A local...
K03593314: Linux kernel vulnerability CVE-2018-16880
Security Advisory Description A flaw was found in the Linux kernel's handlerx function in the vhostnet driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system...
K81859243: Kernel vulnerability CVE-2018-8822
Security Advisory Description Incorrect buffer length handling in the ncpreadkernel function in fs/ncpfs/ncplibkernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplibkernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to...
K30683410: systemd vulnerability CVE-2018-16866
Security Advisory Description An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable. CVE-2018-16866 Impact There is n...
K14454359: Intel BIOS vulnerability CVE-2021-0153
Security Advisory Description Out-of-bounds write in the BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2021-0153 Impact A local attacker logged in as a privileged user can exploit this vulnerability to gain...
K91100352: Mozilla NSS vulnerability CVE-2016-1950
Security Advisory Description Heap-based buffer overflow in Mozilla Network Security Services NSS before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data ...
K70933496: Linux Kernel Vulnerability CVE-2019-19079
Security Advisory Description A memory leak in the qrtrtunwriteiter function in net/qrtr/tun.c in the Linux kernel before 5.3 allows attackers to cause a denial of service memory consumption, aka CID-a21b7f0cff19. CVE-2019-19079 Impact There is no impact; F5 products are not affected by this...
K17301056: libFLAC vulnerabilities CVE-2014-8962 and CVE-2014-9028
Security Advisory Description CVE-2014-8962 Stack-based buffer overflow in streamdecoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. CVE-2014-9028 Heap-based buffer overflow in streamdecoder.c in libFLAC before 1.3.1 allows remote attacker...
K16900: Multiple FreeType vulnerabilities
Security Advisory Description CVE-2014-9657 The ttfaceloadhdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via a crafted...
K91432940: libarchive vulnerabilities CVE-2015-8920 and CVE-2016-4809
Security Advisory Description CVE-2015-8920 The arreadheader function in archivereadsupportformatar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service out-of-bounds stack read via a crafted ar file. CVE-2016-4809 The archivereadformatcpioreadheader function in...
K33535454: Linux kernel vulnerability CVE-2019-19063
Security Advisory Description Two memory leaks in the rtlusbprobe function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service memory consumption, aka CID-3f9361695113. CVE-2019-19063 Impact There is no impact; F5 products...
K96414292: Linux kernel vulnerability CVE-2020-12657
Security Advisory Description An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfqidleslicetimerbody. CVE-2020-12657 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5...
K44288218: Apache Tomcat vulnerability CVE-2012-5568
Security Advisory Description Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service daemon outage via partial HTTP requests, as demonstrated by Slowloris. CVE-2012-5568 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Stat...
K39428424: SQL injection vulnerability CVE-2017-0304
Security Advisory Description The SQL injection vulnerability in the Configuration utility is related to the BIG-IP AFM system. CVE-2017-0304 Impact An attacker can exploit this vulnerability regardless of the BIG-IP AFM provisioning configuration; however, exploiting this vulnerability does not...
K45243961: OpenLDAP vulnerability CVE-2020-12243
Security Advisory Description In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service daemon crash. CVE-2020-12243 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5...
K51535953: Intel CPU vulnerability CVE-2019-0185
Security Advisory Description Insufficient access control in protected memory subsystem for SMM for 6th, 7th, 8th and 9th Generation IntelR CoreTM Processor families; IntelR XeonR Processor E3-1500 v5 and v6 families; IntelR XeonR E-2100 and E-2200 Processor families with IntelR Processor Graphic...
K85298305: Multiple MySQL vulnerabilities
Security Advisory Description CVE-2016-0503 Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0504. CVE-2016-0504 Unspecified vulnerability in Oracle...
K27003374: Linux Kernel vulnerability CVE-2018-14734
Security Advisory Description drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucmaleavemulticast to access a certain data structure after a cleanup step in ucmaprocessjoin, which allows attackers to cause a denial of service use-after-free. CVE-2018-14734 Impact There is...
K08125515: cURL vulnerability CVE-2019-5435
Security Advisory Description An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. CVE-2019-5435 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated th...
K52534925: BIG-IP APM and F5 SSL Orchestrator vulnerability CVE-2022-33203
Security Advisory Description When a BIG-IP APM access policy with Service Connect agent is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. CVE-2022-33203 Impact System performance can degrade until the Traffic Management Microkernel TMM...
K15567: OpenSSL vulnerability CVE-2014-5139
Security Advisory Description The sslsetclientdisabled function in t1lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service NULL pointer dereference and client application crash via a ServerHello message that includes an SRP ciphersuite without the required...
K20804323: NTP vulnerability CVE-2016-2518
Security Advisory Description The MATCHASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. CVE-2016-2518 Using a crafted packet to create a peer association with hmode 7...
K23946311: glibc vulnerability CVE-2015-8776
Security Advisory Description The strftime function in the GNU C Library aka glibc or libc6 before 2.23 allows context-dependent attackers to cause a denial of service application crash or possibly obtain sensitive information via an out-of-range time value. CVE-2015-8776 Impact An application or...
K40284849: Apache vulnerability CVE-2010-0434
Security Advisory Description The apreadrequest function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow...
K22234807: Apache vulnerability CVE-2009-3094
Security Advisory Description The approxyftphandler function in modules/proxy/proxyftp.c in the modproxyftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service NULL pointer dereference and child process crash via a malformed reply to an EPSV...
K93203055: Java vulnerability CVE-2015-4872
Security Advisory Description Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect integrity via unknown vectors related to Security. CVE-2015-4872 Impact A remote attacker may affect the integrity of the...
K000132638: SnakeYAML vulnerability CVE-2022-1471
Security Advisory Description SnakeYaml's Constructor class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content...
K000132525: Apache vulnerability CVE-2006-20001
Security Advisory Description A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. CVE-2006-2000...