K15452143: IPsec-Tools (racoon) vulnerability CVE-2004-0607

Security Advisory Description The eaycheckx509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication. CVE-2004-0607 Impact There is no impact; F5 products are not affected by this vulnerabilit...

K15867: Perl vulnerabilities CVE-2012-5195, CVE-2012-5526, CVE-2012-6329, and CVE-2013-1667

Security Advisory Description CVE-2012-5195 Heap-based buffer overflow in the Perlrepeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service memory consumption and crash or possibly...

K14204: BIND vulnerability CVE-2011-4313

Security Advisory Description ISC reports that query.c in BIND may allow remote attackers to cause a denial-of-service assertion failure and named exit. The vulnerability uses unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver. Th...

K16427: Linux kernel vulnerability CVE-2013-7421

Security Advisory Description The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AFALG socket with a module name in the salgname field, a different vulnerability than CVE-2014-9644. CVE-2013-7421 Impact There is no...

K38336243: Binutils vulnerabilities CVE-2018-20623, CVE-2018-20651, and CVE-2018-20712

Security Advisory Description CVE-2018-20623 In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the processarchive function in readelf.c via a crafted ELF file. CVE-2018-20651 A NULL pointer dereference was discovered in elflinkaddobjectsymbols i...

K12254802: Apache httpd HTTP/2 vulnerability CVE-2016-1546

Security Advisory Description The Apache HTTP Server 2.4.17 and 2.4.18, when modhttp2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of service stream-processing outage via modified flow-control...

K51317292: glibc vulnerability CVE-2020-1751

Security Advisory Description An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential...

K76930736: Libpng vulnerability CVE-2015-8126

Security Advisory Description Multiple buffer overflows in the 1 pngsetPLTE and 2 pnggetPLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service applicatio...

K70933496: Linux Kernel Vulnerability CVE-2019-19079

Security Advisory Description A memory leak in the qrtrtunwriteiter function in net/qrtr/tun.c in the Linux kernel before 5.3 allows attackers to cause a denial of service memory consumption, aka CID-a21b7f0cff19. CVE-2019-19079 Impact There is no impact; F5 products are not affected by this...

K81952114: Authenticated iControl REST in Appliance mode vulnerability CVE-2022-26415

Security Advisory Description When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. CVE-2022-26415 Impact In Appliance mode, an authenticated user with valid user...

K84155336: rsync vulnerability CVE-2020-14387

Security Advisory Description A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing a man-in-the-middle attack using a valid certificate for another...

K40778012: Intel CPU vulnerability CVE-2021-0127

Security Advisory Description Insufficient control flow management in some IntelR Processors may allow an authenticated user to potentially enable a denial of service via local access. CVE-2021-0127 Impact An authenticated attacker may exploit the Intel processor firmware to cause a denial of...

K44288218: Apache Tomcat vulnerability CVE-2012-5568

Security Advisory Description Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service daemon outage via partial HTTP requests, as demonstrated by Slowloris. CVE-2012-5568 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Stat...

K39428424: SQL injection vulnerability CVE-2017-0304

Security Advisory Description The SQL injection vulnerability in the Configuration utility is related to the BIG-IP AFM system. CVE-2017-0304 Impact An attacker can exploit this vulnerability regardless of the BIG-IP AFM provisioning configuration; however, exploiting this vulnerability does not...

K45243961: OpenLDAP vulnerability CVE-2020-12243

Security Advisory Description In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service daemon crash. CVE-2020-12243 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5...

K23153696: Apache HTTPD vulnerability CVE-2020-1927

Security Advisory Description In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. CVE-2020-1927 Impact An attacker can abuse...

K95010211: Samba vulnerability CVE-2019-14907

Security Advisory Description All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" or above then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provid...

K08125515: cURL vulnerability CVE-2019-5435

Security Advisory Description An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. CVE-2019-5435 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated th...

K11414891: Linux Kernel vulnerability CVE-2018-13053

Security Advisory Description The alarmtimernsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktimeaddsafe is not used. CVE-2018-13053 Impact There is no impact; F5 products are not affected by this...

K22494544: SNMP Incorrect Access Control vulnerability CVE-2017-5135

Security Advisory Description Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor formerly Cisco DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from th...

K15316: PHP vulnerability CVE-2013-4635

Security Advisory Description Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service application hang via a large argument to the jdtojewish function...

K15879: SOAP parser vulnerability CVE-2013-1824

Security Advisory Description The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue in the...

K82644737: NTP vulnerability CVE-2016-4954

Security Advisory Description The processpacket function in ntpproto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service peer-variable modification by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an...

K20804323: NTP vulnerability CVE-2016-2518

Security Advisory Description The MATCHASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. CVE-2016-2518 Using a crafted packet to create a peer association with hmode 7...

K17232507: OpenSSL vulnerability CVE-2016-0798

Security Advisory Description Memory leak in the SRPVBASEgetbyuser implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service memory consumption by providing an invalid username in a connection attempt, related to apps/sserver.c and...

K32262483: NTP vulnerability CVE-2017-6451

Security Advisory Description The mx4200send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an...

K68499208: Linux kernel vulnerability CVE-2017-18204

Security Advisory Description The ocfs2setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service deadlock via DIO requests. CVE-2017-18204 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...

K40284849: Apache vulnerability CVE-2010-0434

Security Advisory Description The apreadrequest function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow...

K93203055: Java vulnerability CVE-2015-4872

Security Advisory Description Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect integrity via unknown vectors related to Security. CVE-2015-4872 Impact A remote attacker may affect the integrity of the...

SOL24923910 - LibTIFF vulnerability CVE-2016-3632

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL30905674 - Linux kernel vulnerability CVE-2014-9904

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

SOL08206127 - PHP vulnerability CVE-2016-4072

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

SOL61974123 - ImageMagick vulnerability CVE-2016-3718

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL81903701 - Libpng vulnerability CVE-2015-8472

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL30714460 - OpenSSL vulnerability CVE-2015-3193

Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4918: Overview of the F5 critical issue hotfix policy...

SOL17200 - PHP vulnerability CVE-2015-2783

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...

SOL16937 - OpenSSL vulnerability CVE-2015-1793

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. F5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity value...

SOL16840 - SSH vulnerability CVE-1999-1085

OpenSSH supports the use of the SSH1 protocol; however, it is not enabled in default configurations. SSH1 can only be enabled by manually editing the OpenSSH configuration file. Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles...

SOL16743 - MIT Kerberos 5 vulnerability CVE-2014-5355

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

SOL16494 - phpMyAdmin vulnerability CVE-2015-2206

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...

SOL16480 - Multiple unzip vulnerabilities CVE-2014-8139, CVE-2014-8140, and CVE-2014-8141

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...

SOL16380 - FreeType vulnerabilities CVE-2014-9656 and CVE-2014-9659

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate these vulnerabilities by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any...

SOL15967 - glibc and eglibc vulnerability CVE-2011-2702

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

SOL15426 - Apache Tomcat vulnerability CVE-2014-0075

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...

SOL15305 - OpenSSL vulnerability CVE-2004-0975

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

SOL15250 - BIND vulnerability CVE-2014-3214

The prefetch implementation in named in ISC BIND 9.10.0, when a recursive nameserver is enabled, allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit via a DNS query that triggers a response with unspecified attributes. CVE-2014-3214...

SOL15160 - GnuTLS vulnerability CVE-2014-0092

Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. For affected ARX...

SOL14907 - MySQL Server vulnerability CVE-2012-3163

Recommended action To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column in the previous table. To mitigate this vulnerability on Enterprise Manager, you should not enable remote access to the statistics database. Remote access to t...

SOL14236 - OpenSSL vulnerability CVE-2012-2686

Recommended action None Supplemental Information Common Vulnerabilities and Exposures CVE-2012-2686 Note: This link takes you to a resource outside of AskF5, and it is possible that the documents may be removed without our knowledge. SOL9970: Subscribing to email notifications regarding F5 produc...

SOL12986 - BIND vulnerability CVE-2011-2464

Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a Denial of Service DoS named daemon crash by way of a crafted UPDATE request. Information about this advisory is available at the following...