6413 matches found
K43239141: 9p filesystem vulnerability CVE-2019-16413
Security Advisory Description The 9p filesystem did not protect isizewrite properly, which causes an isizeread infinite loop and denial of service on SMP systems. CVE-2019-16413 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...
K15122200: Linux kernel vulnerability CVE-2019-3460
Security Advisory Description A heap data infoleak in multiple locations including L2CAPPARSECONFRSP was found in the Linux kernel before 5.1-rc1. CVE-2019-3460 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has...
K13145361: Linux kernel KVM subsystem vulnerability CVE-2014-3647
Security Advisory Description arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service guest OS crash via a crafted application. CVE-2014-3647 Impact A local user with Advanced...
K62103028: Multiple Java vulnerabilities CVE-2020-2583, CVE-2020-2590, CVE-2020-2593
Security Advisory Description CVE-2020-2583 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows...
K74605824: MySQL Server UDF vulnerability CVE-2017-3529
Security Advisory Description Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: UDF. Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to...
K13277: Apache vulnerability CVE-2009-2412
Security Advisory Description Multiple integer overflows in the Apache Portable Runtime APR library and the Apache Portable Utility library aka APR-util 0.9.x and 1.3.x allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code by way of vectors that...
K15872: libxml2 vulnerability CVE-2014-3660
Security Advisory Description parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted XML document containing a large number of...
K15873: cURL/libcURL vulnerability CVE-2014-2522
Security Advisory Description curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate when accessing a...
K16866: PowerDNS vulnerabilities CVE-2014-8601 and CVE-2015-1868
Security Advisory Description CVE-2014-8601 PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service "performance degradations" via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it...
K13463: FirePass SQL injection vulnerability CVE-2012-1777
Security Advisory Description F5 has identified a possible SQL injection vulnerability for FirePass. FirePass may not perform adequate user input validation of particular fields. CVE-2012-1777 Impact An unauthenticated attacker may be able to exploit the vulnerability via SQL injection. Security...
K17957133: Linux kernel vulnerability CVE-2019-3701
Security Advisory Description An issue was discovered in cancangwrcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the candlc field. Because of a missing check, the CAN drivers may write arbitrary...
K15484: OpenSSH vulnerability CVE-2006-4925
Security Advisory Description packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service crash by sending an invalid protocol sequence with USERAUTHSUCCESS before NEWKEYS, which causes newkeysmode to be NULL. CVE-2006-4925 Impact An attacker may be able to cause a...
K93231374: BIG-IP HTTP vulnerability CVE-2021-23042
Security Advisory Description When an HTTP profile is configured on a virtual server, undisclosed requests can cause a significant increase in system resource utilization. CVE-2021-23042 Impact System performance degradation can occur until the process is either forced to restart or manually...
K11720: Samba server vulnerability CVE-2010-2063
Security Advisory Description Note : Versions that are not listed in this articles have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...
K17079: Java SE vulnerabilities CVE-2015-2590 and CVE-2015-4732
Security Advisory Description CVE-2015-2590 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than...
K4743: Inadequate validation for TCP segments CVE-2005-0356
Security Advisory Description Note: Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K16385: Multiple MySQL vulnerabilities
Security Advisory Description CVE-2013-5894 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. CVE-2013-5881 Unspecified vulnerability in the MySQL Server...
K51591999: Multiple Java vulnerabilities CVE-2020-14562, CVE-2020-14573, CVE-2020-14578, CVE-2020-14579, CVE-2020-14581, CVE-2020-14593
Security Advisory Description CVE-2020-14562 Vulnerability in the Java SE product of Oracle Java SE component: ImageIO. Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols ...
K8108: OpenSSL vulnerability CVE-2007-3108
Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...
K10550253: ImageMagick vulnerability CVE-2016-3715
Security Advisory Description The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. CVE-2016-3715 Note : This vulnerability is one of the series of vulnerabilities known as ImageTragick. Impact Exploiting...
K61200338: NTP vulnerability CVE-2016-2517
Security Advisory Description NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service prevent subsequent authentication by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey,...
K86221000: Bash vulnerability CVE-2019-18276
Security Advisory Description An issue was discovered in disableprivmode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly...
K35981055: glibc vulnerability CVE-2018-11237
Security Advisory Description An AVX-512-optimized implementation of the mempcpy function in the GNU C Library aka glibc or libc6 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in mempcpyavx512novzeroupper. CVE-2018-11237 Impact There is no impact; F5...
K52114338: systemd vulnerability CVE-2017-9445
Security Advisory Description In systemd through 233, certain sizes passed to dnspacketnew in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating ...
K04450715: libxml2 vulnerability CVE-2015-8806
Security Advisory Description dict.c in libxml2 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via an unexpected character immediately after the " Identified Medium screen. To determine if your release is known to be vulnerable, the componen...
K48641455: QEMU buffer-overflow vulnerability CVE-2018-17962
Security Advisory Description Qemu has a Buffer Overflow in pcnetreceive in hw/net/pcnet.c because an incorrect integer data type is used. CVE-2018-17962 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated th...
K30002521: GNU C Library vulnerability CVE-2018-19591
Security Advisory Description In the GNU C Library aka glibc or libc6 through 2.28, attempting to resolve a crafted hostname via getaddrinfo leads to the allocation of a socket descriptor that is not closed. This is related to the ifnametoindex function. CVE-2018-19591 Impact There is no impact; ...
K16317: OpenSSL vulnerability CVE-2015-0286
Security Advisory Description The ASN1TYPEcmp function in crypto/asn1/atype.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform Boolean-type comparisons, which allows remote attackers to cause a denial of service invalid read...
K88205061: Linux kernel vulnerability CVE-2021-28952
Security Advisory Description An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. This has been fixed in 5.12-rc4. CVE-2021-28952 Impact There ...
K73710094: XSS vulnerability in undisclosed page of the NGINX Swagger UI
Security Advisory Description An issue in the swagger-ui, the third-party component bundled in the NGINX Plus packages, may expose an XSS security risk. The purpose of the swagger-ui is to provide interactive documentation for the API specification supplied in a swagger YAML file and used in the...
K43470422: BIG-IP MPTCP vulnerability CVE-2021-23003
Security Advisory Description The Traffic Management Microkernel TMM process may produce a core file when undisclosed MPTCP traffic passes through a standard virtual server. CVE-2021-23003 Impact A remote attacker may be able to cause the BIG-IP system to produce a core file, disrupting the flow ...
K45012029: OpenJDK vulnerability CVE-2020-14796, CVE-2020-14798, CVE-2020-14803
Security Advisory Description CVE-2020-14796 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows...
K61620494: TMUI vulnerability CVE-2018-15329
Security Advisory Description When authenticated administrative users run commands in the Traffic Management User Interface TMUI, also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. CVE-2018-15329 Impact This vulnerability may allow...
K41454238: Apache mod_auth_openidc vulnerabilities CVE-2021-32785 CVE-2021-32786 CVE-2021-32792
Security Advisory Description CVE-2021-32785 modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When modauthopenidc versions prior to 2.4.9 are configur...
K10027302: Libsoup vulnerability CVE-2018-12910
Security Advisory Description The getcookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname. CVE-2018-12910 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...
K74327432: F5 Container Ingress Services vulnerability CVE-2019-6648
Security Advisory Description If DEBUG logging is enabled, F5 Container Ingress Services CIS for Kubernetes and Red Hat OpenShift k8s-bigip-ctlr log files may contain BIG-IP system secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration...
K70652532: F5 BIG-IP Guided Configuration logging vulnerability CVE-2021-23046
Security Advisory Description When a configuration that contains secure properties is created and deployed from BIG-IP Guided Configuration AGC, secure properties are logged in restnoded logs. CVE-2021-23046 Impact Users with access to restnoded logs may gain access to sensitive information from...
K12852: BIND vulnerability CVE-2010-3615
Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this Solution have not been evaluated for...
K15571: OpenSSL vulnerability CVE-2014-3508
Security Advisory Description Description The OBJobj2txt function in crypto/objects/objdat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to...
K31856317: BIG-IP Packet Filters vulnerability CVE-2022-27182
Security Advisory Description When BIG-IP packet filters are enabled and a virtual server is configured with the type set to Reject, undisclosed requests can cause an increase in memory resource utilization. CVE-2022-27182 Impact System performance can degrade until the process is either forced t...
K94093538: NGINX Service Mesh control plane vulnerability CVE-2022-27495
Security Advisory Description NGINX Service Mesh control plane endpoints are exposed to the cluster overlay network. CVE-2022-27495 Impact An attacker may affect traffic policies, security policies, and other reverse proxy capabilities of NGINX Service Mesh if they've gained access to a Kubernete...
K48414132: PHP SOAP vulnerability CVE-2015-8835
Security Advisory Description The makehttpsoaprequest function in ext/soap/phphttp.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service NULL pointer dereference, type confusion, and...
K15867: Perl vulnerabilities CVE-2012-5195, CVE-2012-5526, CVE-2012-6329, and CVE-2013-1667
Security Advisory Description CVE-2012-5195 Heap-based buffer overflow in the Perlrepeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service memory consumption and crash or possibly...
K38336243: Binutils vulnerabilities CVE-2018-20623, CVE-2018-20651, and CVE-2018-20712
Security Advisory Description CVE-2018-20623 In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the processarchive function in readelf.c via a crafted ELF file. CVE-2018-20651 A NULL pointer dereference was discovered in elflinkaddobjectsymbols i...
K51317292: glibc vulnerability CVE-2020-1751
Security Advisory Description An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential...
K12254802: Apache httpd HTTP/2 vulnerability CVE-2016-1546
Security Advisory Description The Apache HTTP Server 2.4.17 and 2.4.18, when modhttp2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of service stream-processing outage via modified flow-control...
K25244852: BIND vulnerability CVE-2018-5745
Security Advisory Description "managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses...
K81952114: Authenticated iControl REST in Appliance mode vulnerability CVE-2022-26415
Security Advisory Description When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. CVE-2022-26415 Impact In Appliance mode, an authenticated user with valid user...
K26422113: libxml2 vulnerability CVE-2016-1839
Security Advisory Description The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document...
K40778012: Intel CPU vulnerability CVE-2021-0127
Security Advisory Description Insufficient control flow management in some IntelR Processors may allow an authenticated user to potentially enable a denial of service via local access. CVE-2021-0127 Impact An authenticated attacker may exploit the Intel processor firmware to cause a denial of...