SOL9889 - NTP vulnerability CVE-2009-0021

Description NTP may not properly check the return value from the OpenSSL EVPVerifyFinal function, which may allow a remote attacker to bypass validation of the certificate chain by way of a malformed SSL/TLS signature for DSA and ECDSA keys. Note: This is a similar vulnerability to CVE-2008-5077...

SOL9913 - Apache Tomcat vulnerability - CVE-2008-4308

Description The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request. Information about this advisory is...

SOL9754 - BIND 9 vulnerability CVE-2009-0025

BIND does not properly check the return value from the OpenSSL DSAverify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature. Information about this advisory is available at the following location: Note: The previous link takes y...

SOL8939 - SNMPv3 HMAC verification vulnerability CVE-2008-0960 - VU#878044

Information about this advisory is available at the following locations: F5 Product Development tracked this issue as CR99838 for BIG-IP LTM, GTM, ASM, PSM, Link Controller, and WebAccelerator and it was fixed in BIG-IP 9.4.6 and 10.0.0. For information about upgrading, refer to the BIG-IP LTM,...

SOL8924 - Linux kernel vulnerability CVE-2007-3843

A flaw in the CIFS handling of the mount option sec= that did not enable integrity checking and did not produce any error message. Information about this advisory is available at the following location:...

SOL8917 - Linux kernel vulnerability CVE-2007-1217

A flaw in the ISDN CAPI subsystem allows a remote user to cause a denial of service or potential remote access. Exploitation would require the attacker to be able to send arbitrary frames over the ISDN network to the vulnerable system. Information about this advisory is available at the following...

SOL8425 - Linux Kernel Vulnerability - CVE-2008-0600

CVE-2008-0600 - Linux Kernel Multiple Memory Access Vulnerabilities. The vmsplicetopipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges through crafted arguments in a vmsplice syste...

SOL8280 - Cross-site scripting vulnerabilities in BIG-IP Configuration utility CVE-2008-0265

The vulnerability is only available to authenticated users. Theoretically, a malicious site could use another tab in an admin user's browser to hit a list URL and cause the admin user's Configuration utility to render malicious JavaScript in the admin user's browser. The results are not saved...

SOL6924 - Insertion of special characters in URL path circumvents Accessibility Scope and Access Control Lists

It is possible to bypass the Deny list, configured in the Accessibility Scope section located on the Portal Access: Web Applications: Master Group Settings page, by inserting certain special characters into a URL path. In FirePass version 6.0, this issue also applies to the Deny list configured...

K000149247: Apache tomcat vulnerability CVE-2024-56337

Security Advisory Description Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for CVE-2024-50379 was incomplete. Users...

K000141402: SQLite vulnerabilities CVE-2018-20506, CVE-2018-20505, CVE-2018-20346, CVE-2015-5895, CVE-2015-3717

Security Advisory Description CVE-2018-20506 SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow and resultant buffer overflow for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute...

K000141099: Curl vulnerability CVE-2024-8096

Security Advisory Description When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned...

K000140910: MySQL Server vulnerability CVE-2024-21177

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple...

K000140529: NGINX ngx_http_mp4_module vulnerability CVE-2024-7347

Security Advisory Description NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the...

K000139578: Node.js vulnerability CVE-2024-21896

Security Advisory Description The permission model protects itself against path traversal attacks by calling path.resolve on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from to obtain a Buffer from the result of path.resolve. By...

K000139508: rust-openssl vulnerability CVE-2024-3296

Security Advisory Description A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of tria...

K000139429: Oracle GraalVM Vulnerability CVE-2024-20954 and CVE-2024-21098

Security Advisory Description CVE-2024-20954 Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Compiler. Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3....

K000138814: OpenLDAP vulnerability CVE-2023-2953

Security Advisory Description A vulnerability was found in openldap. This security flaw causes a null pointer dereference in bermemallocx function. CVE-2023-2953. Impact This vulnerability may result in low system memory leading to failure in LDAP authentication. Security Advisory Status F5 Produ...

K32544615: BIG-IP iControl REST API vulnerability CVE-2024-22389

Security Advisory Description When BIG-IP is deployed in high availability HA and an iControl REST API token is updated, the change does not sync to the peer device. CVE-2024-22389 Impact This vulnerability may allow a high privileged remote authenticated attacker to use deleted or updated API...

K000137965: Apache Tomcat vulnerability CVE-2023-45648

Security Advisory Description Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid...

K000137582: BIND vulnerability CVE-2023-3341

Security Advisory Description The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run...

K000136909: BIG-IP APM Clients TunnelCrack vulnerability CVE-2023-43125

Security Advisory Description BIG-IP APM clients may send IP traffic outside of the VPN tunnel. CVE-2023-43125 Impact If a client machine connects to a malicious DNS device, an attacker may be able to trick the client into sending IP traffic outside of the VPN tunnel. Any clear text traffic leake...

K000136924: Node.JS vulnerabilities CVE-2018-7158, CVE-2018-7164, and CVE-2018-7166

Security Advisory Description CVE-2018-7158 The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The...

K000135632: AMD Ryzen vulnerability CVE-2023-20593

Security Advisory Description An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. CVE-2023-20593 also known as Zen Bleed Vulnerability Impact There is no impact; F5 products are not affected by this...

K000133668: Python urllib3 vulnerability CVE-2018-20060

Security Advisory Description urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow for credentials in the Authorization header to be exposed to unintended hosts or...

K15423: GNU Libtasn1 vulnerabilities CVE-2014-3467 and CVE-2014-3468

Security Advisory Description GNU Libtasn1 has been cited with the following vulnerabilities, which may be exploitable on some F5 products: CVE-2014-3467 Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnutTLS, allow remote attackers to cause a denia...

K22505850: BIG-IP and BIG-IQ iControl REST vulnerability CVE-2022-41770

Security Advisory Description An authenticated iControl REST user can cause an increase in memory resource utilization, through undisclosed requests. CVE-2022-41770 Impact BIG-IP and BIG-IQ System performance degradation can occur until the process is either forced to restart or manually restarte...

K22691834: Linux kernel vulnerability CVE-2018-16597

Security Advisory Description An issue was discovered in the Linux kernel through 4.18.6. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem. CVE-2018-16597 Impact There is no impact; F5 products are not affected...

K94778122: tcpdump vulnerabilities CVE-2016-7985, CVE-2016-7992, CVE-2016-7993, CVE-2016-8574, and CVE-2016-8575

Security Advisory Description CVE-2016-7985 The CALM FAST parser in tcpdump before 4.9.0 has a buffer overflow in print-calm-fast.c:calmfastprint. CVE-2016-7992 The Classical IP over ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-cip.c:cipifprint. CVE-2016-7993 A bug in...

K87235248: ImageMagick vulnerability CVE-2020-29599

Security Advisory Description ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject...

K35104614: Java SE vulnerability CVE-2017-10116

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows...

K47227224: Linux kernel vulnerability CVE-2019-17133

Security Advisory Description In the Linux kernel through 5.3.2, cfg80211mgdwextgiwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow. CVE-2019-17133 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status ...

K63771715: Linux kernel vulnerability CVE-2017-7261

Security Advisory Description The vmwsurfacedefineioctl function in drivers/gpu/drm/vmwgfx/vmwgfxsurface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service ZEROSIZEPTR dereference, and GPF and possibly...

K13145361: Linux kernel KVM subsystem vulnerability CVE-2014-3647

Security Advisory Description arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service guest OS crash via a crafted application. CVE-2014-3647 Impact A local user with Advanced...

K39041624: NTP vulnerability CVE-2016-9042

Security Advisory Description An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted...

K29203191: Linux kernel vulnerability CVE-2019-10220

Security Advisory Description Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists. CVE-2019-10220 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has...

K15873: cURL/libcURL vulnerability CVE-2014-2522

Security Advisory Description curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate when accessing a...

K9025: FirePass SNMP DoS vulnerability

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K17049: PHP vulnerability CVE-2015-4598

Security Advisory Description PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls 1 a DOMDocument save method or 2 t...

K15484: OpenSSH vulnerability CVE-2006-4925

Security Advisory Description packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service crash by sending an invalid protocol sequence with USERAUTHSUCCESS before NEWKEYS, which causes newkeysmode to be NULL. CVE-2006-4925 Impact An attacker may be able to cause a...

K93231374: BIG-IP HTTP vulnerability CVE-2021-23042

Security Advisory Description When an HTTP profile is configured on a virtual server, undisclosed requests can cause a significant increase in system resource utilization. CVE-2021-23042 Impact System performance degradation can occur until the process is either forced to restart or manually...

K23641249: KVM hypervisor vulnerability CVE-2020-2732

Security Advisory Description A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessibl...

K11720: Samba server vulnerability CVE-2010-2063

Security Advisory Description Note : Versions that are not listed in this articles have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...

K4743: Inadequate validation for TCP segments CVE-2005-0356

Security Advisory Description Note: Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K16389: Multiple MySQL vulnerabilities

Security Advisory Description CVE-2013-5908 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling. CVE-2014-0401 Unspecifie...

K15341: BIG-IP ASM Virtual Edition may run out of memory under certain DoS conditions

Security Advisory Description The BIG-IP ASM system limits the maximum number of concurrent requests with large payloads 10,000 bytes or larger by default to 100, using the maxconcurrentlongrequest internal parameter. The BIG-IP ASM system drops new requests with large payloads once this limit is...

K10550253: ImageMagick vulnerability CVE-2016-3715

Security Advisory Description The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. CVE-2016-3715 Note : This vulnerability is one of the series of vulnerabilities known as ImageTragick. Impact Exploiting...

K05918709: PHP vulnerability CVE-2016-7479

Security Advisory Description In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution. CVE-2016-7479 Impact There is no impact; F5...

K15356: OpenSSL vulnerability CVE-2014-0195

Security Advisory Description The dtls1reassemblefragment function in d1both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denia...

K41827200: MySQL vulnerabilities CVE-2018-2562, CVE-2018-2573, CVE-2018-2576, CVE-2018-2583, and CVE-2018-2590

Security Advisory Description CVE-2018-2562 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server : Partition. Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attack...