6413 matches found
K000141500: Intel BIOS vulnerability CVE-2024-23599
Security Advisory Description Race condition in Seamless Firmware Updates for some IntelR reference platforms may allow a privileged user to potentially enable denial of service via local access. CVE-2024-23599 Impact Attackers may exploit this vulnerability to enable privilege escalation via loc...
K000141045: OpenSSH vulnerability CVE-2024-39894
Security Advisory Description OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry e.g., for su and Sudo because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur. CVE-2024-39894 Impact There...
K000140910: MySQL Server vulnerability CVE-2024-21177
Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple...
K000140528: BIND vulnerability CVE-2024-0760
Security Advisory Description A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. This issue affects BIND 9 versions...
K000140405: Multiple OpenJDK vulnerabilities
Security Advisory Description CVE-2024-21147 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1;...
K000139609: NGINX HTTP/3 QUIC vulnerability CVE-2024-32760
Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause other potential impact. CVE-2024-32760 Note : This issue affects NGINX systems compiled with the...
K000139810: Oracle Java vulnerability CVE-2024-20919
Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK:...
K000139570: UNIX CPIO vulnerability CVE-2023-7216
Security Advisory Description A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended...
K000138636: BIG-IP Configuration utility XSS vulnerability CVE-2024-31156
Security Advisory Description A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. CVE-2024-31156 Impact An authenticated attacker may exploit thi...
K000138814: OpenLDAP vulnerability CVE-2023-2953
Security Advisory Description A vulnerability was found in openldap. This security flaw causes a null pointer dereference in bermemallocx function. CVE-2023-2953. Impact This vulnerability may result in low system memory leading to failure in LDAP authentication. Security Advisory Status F5 Produ...
K000138629: Python vulnerability CVE-2022-48560
Security Advisory Description A use-after-free exists in Python through 3.9 via heappushpop in heapq. CVE-2022-48560 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently supported releases for...
K32544615: BIG-IP iControl REST API vulnerability CVE-2024-22389
Security Advisory Description When BIG-IP is deployed in high availability HA and an iControl REST API token is updated, the change does not sync to the peer device. CVE-2024-22389 Impact This vulnerability may allow a high privileged remote authenticated attacker to use deleted or updated API...
K000138511: Linux kernel vulnerability CVE-2023-38427
Security Advisory Description An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read in deassemblenegcontexts. CVE-2023-38427 Impact There is no impact; F5 products are not affected by this vulnerability. Security...
K000137965: Apache Tomcat vulnerability CVE-2023-45648
Security Advisory Description Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid...
K000137353: BIG-IP Configuration utility unauthenticated remote code execution vulnerability CVE-2023-46747
Security Advisory Description Undisclosed requests may bypass Configuration utility authentication. CVE-2023-46747 Impact This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary...
K000136168: Intel BIOS firmware vulnerabilities CVE-2022-44611 and CVE-2022-27879
Security Advisory Description CVE-2022-44611 Improper input validation in the BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. CVE-2022-27879 Improper buffer restrictions in the BIOS firmware for some IntelR...
K000133706: OpenSSL vulnerability CVE-2023-0464
Security Advisory Description A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain th...
K15423: GNU Libtasn1 vulnerabilities CVE-2014-3467 and CVE-2014-3468
Security Advisory Description GNU Libtasn1 has been cited with the following vulnerabilities, which may be exploitable on some F5 products: CVE-2014-3467 Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnutTLS, allow remote attackers to cause a denia...
K94778122: tcpdump vulnerabilities CVE-2016-7985, CVE-2016-7992, CVE-2016-7993, CVE-2016-8574, and CVE-2016-8575
Security Advisory Description CVE-2016-7985 The CALM FAST parser in tcpdump before 4.9.0 has a buffer overflow in print-calm-fast.c:calmfastprint. CVE-2016-7992 The Classical IP over ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-cip.c:cipifprint. CVE-2016-7993 A bug in...
K4207: Buffer overflow in mod_include - CAN-2004-0940
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K87235248: ImageMagick vulnerability CVE-2020-29599
Security Advisory Description ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject...
K40264570: Java SE vulnerabilities CVE-2019-2987, CVE-2019-2988, and CVE-2019-2992
Security Advisory Description CVE-2019-2987 Vulnerability in the Java SE product of Oracle Java SE component: 2D. Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...
K75540265: BIG-IP APM ACL bypass vulnerability CVE-2021-23016
Security Advisory Description An attacker may be able to bypass APM's internal restrictions and retrieve static content that is hosted within APM by sending specifically crafted requests to an APM Virtual Server. CVE-2021-23016 Impact This vulnerability may allow an attacker to retrieve static...
K70569537: BIG-IP DNS Express vulnerability CVE-2022-41787
Security Advisory Description When the DNS profile is configured on a virtual server with DNS Express enabled, undisclosed DNS queries with Domain Name System Security Extensions DNSSEC can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-41787 Impact Traffic is disrupted while...
K63771715: Linux kernel vulnerability CVE-2017-7261
Security Advisory Description The vmwsurfacedefineioctl function in drivers/gpu/drm/vmwgfx/vmwgfxsurface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service ZEROSIZEPTR dereference, and GPF and possibly...
K39041624: NTP vulnerability CVE-2016-9042
Security Advisory Description An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted...
K62279530: ConfigSync mcpd vulnerability CVE-2017-6161
Security Advisory Description When configuration synchronization ConfigSync is configured, attackers on adjacent networks may be able to bypass the TLS protections usually used to encrypt and authenticate connections to mcpd. CVE-2017-6161 Impact This vulnerability may allow remote attackers to...
K15874: Samba vulnerability CVE-2013-4475
Security Advisory Description Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfsstreamsdepot or vfsstreamsxattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated...
K9025: FirePass SNMP DoS vulnerability
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K17049: PHP vulnerability CVE-2015-4598
Security Advisory Description PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls 1 a DOMDocument save method or 2 t...
K15561: Kerberos vulnerability CVE-2014-4344
Security Advisory Description The accctxcont function in the SPNEGO acceptor in lib/gssapi/spnego/spnegomech.c in MIT Kerberos 5 aka krb5 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty continuatio...
K17330: GnuTLS vulnerability CVE-2015-3308
Security Advisory Description Double free vulnerability in lib/x509/x509ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point. CVE-2015-3308 Impact A remote attacker may be able to cause a...
K5576: Authentication vulnerability in Apache mod_digest - CAN-2003-0987
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K16596: Privilege escalation vulnerability CVE-2014-3215
Security Advisory Description seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges ...
K28507582: PHP vulnerability CVE-2017-12933
Security Advisory Description The finishnesteddata function in ext/standard/varunserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the...
K4743: Inadequate validation for TCP segments CVE-2005-0356
Security Advisory Description Note: Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K14261: OpenSSL OCSP vulnerability CVE-2013-0166
Security Advisory Description OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for Online Certificate Status Protocol OCSP responses, which allow remote attackers to cause a denial-of-service DoS NULL pointer dereference and...
K15721: GnuTLS vulnerability CVE-2013-1619
Security Advisory Description The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to...
K16389: Multiple MySQL vulnerabilities
Security Advisory Description CVE-2013-5908 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling. CVE-2014-0401 Unspecifie...
K8186: Cross-site scripting vulnerability in Apache mod_imap CVE-2007-5000
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K89096577: LibTIFF vulnerabilities CVE-2016-5314 and CVE-2015-8784
Security Advisory Description CVE-2016-5314 Buffer overflow in the PixarLogDecode function in tifpixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by...
K34958244: PHP vulnerability CVE-2016-3074
Security Advisory Description Integer signedness error in GD Graphics Library 2.1.1 aka libgd or libgd2 allows remote attackers to cause a denial of service crash or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow. CVE-2016-3074 Impa...
K05918709: PHP vulnerability CVE-2016-7479
Security Advisory Description In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution. CVE-2016-7479 Impact There is no impact; F5...
K15356: OpenSSL vulnerability CVE-2014-0195
Security Advisory Description The dtls1reassemblefragment function in d1both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denia...
K41827200: MySQL vulnerabilities CVE-2018-2562, CVE-2018-2573, CVE-2018-2576, CVE-2018-2583, and CVE-2018-2590
Security Advisory Description CVE-2018-2562 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server : Partition. Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attack...
K59836191: GnuTLS vulnerabilities CVE-2017-5335, CVE-2017-5336, and CVE-2017-5337
Security Advisory Description CVE-2017-5335 The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service out-of-memory error and crash via a crafted OpenPGP certificate. CVE-2017-5336 Stack-based buffe...
K30737254: Linux kernel vulnerability CVE-2017-2671
Security Advisory Description The pingunhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service panic by leveraging...
K15439: Samba vulnerability CVE-2014-0244
Security Advisory Description The sysrecvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a malformed UDP packet. CVE-2014-0244 Impact None. No F5 products are...
K13231: PHP vulnerability CVE-2009-2626
Security Advisory Description In PHP 5.3.0 and PHP 5.2.10 and earlier, the zendrestoreinientrycb function in zendini.c allows context-specific attackers to obtain sensitive information memory contents and causes PHP to fail by using the iniset function to declare a variable, and then using the...
K61968355: Linux kernel vulnerability CVE-2017-7374
Security Advisory Description Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service NULL pointer dereference or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing...