K42266856: DHCP vulnerability CVE-2017-3144

Security Advisory Description A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also b...

K95345942: Linux kernel vulnerability CVE-2015-3339

Security Advisory Description Race condition in the preparebinprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is n...

K15902: Apache vulnerability CVE-2010-1623

Security Advisory Description Memory leak in the aprbrigadesplitline function in buckets/aprbrigade.c in the Apache Portable Runtime Utility library aka APR-util before 1.3.10, as used in the modreqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a...

K9025: FirePass SNMP DoS vulnerability

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K12876166: Linux kernel vulnerability CVE-2019-12817

Security Advisory Description arch/powerpc/mm/mmucontextbook3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are...

K16866: PowerDNS vulnerabilities CVE-2014-8601 and CVE-2015-1868

Security Advisory Description CVE-2014-8601 PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service "performance degradations" via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it...

K17957133: Linux kernel vulnerability CVE-2019-3701

Security Advisory Description An issue was discovered in cancangwrcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the candlc field. Because of a missing check, the CAN drivers may write arbitrary...

K8918: Linux kernel vulnerability CVE-2007-3851

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K17330: GnuTLS vulnerability CVE-2015-3308

Security Advisory Description Double free vulnerability in lib/x509/x509ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point. CVE-2015-3308 Impact A remote attacker may be able to cause a...

K16596: Privilege escalation vulnerability CVE-2014-3215

Security Advisory Description seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges ...

K94255403: BIG-IP AFM vulnerability CVE-2021-23040

Security Advisory Description A SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This issue is exposed only when BIG-IP AFM is provisioned. CVE-2021-23040 Impact An authenticated attacker can exploit this vulnerability to execute malicious SQL...

K8186: Cross-site scripting vulnerability in Apache mod_imap CVE-2007-5000

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K51591999: Multiple Java vulnerabilities CVE-2020-14562, CVE-2020-14573, CVE-2020-14578, CVE-2020-14579, CVE-2020-14581, CVE-2020-14593

Security Advisory Description CVE-2020-14562 Vulnerability in the Java SE product of Oracle Java SE component: ImageIO. Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols ...

K4532: gzip vulnerabilities CAN-2005-0758, CAN-2005-0988, and CAN-2005-1228

Security Advisory Description Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5...

K89096577: LibTIFF vulnerabilities CVE-2016-5314 and CVE-2015-8784

Security Advisory Description CVE-2016-5314 Buffer overflow in the PixarLogDecode function in tifpixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by...

K52285493: Multiple Intel CPU vulnerabilities

Security Advisory Description CVE-2020-8670 Race condition in the firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2020-8700 Improper input validation in the firmware for some IntelR Processors may allow a privileg...

K23033557: Intel software vulnerabilities CVE-2020-8746, CVE-2020-8747, CVE-2020-8749, CVE-2020-8752, CVE-2020-8753

Security Advisory Description CVE-2020-8746 Integer overflow in subsystem for IntelR AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable denial of service via adjacent access. CVE-2020-8747 Out-of-bounds read in subsystem fo...

K43470422: BIG-IP MPTCP vulnerability CVE-2021-23003

Security Advisory Description The Traffic Management Microkernel TMM process may produce a core file when undisclosed MPTCP traffic passes through a standard virtual server. CVE-2021-23003 Impact A remote attacker may be able to cause the BIG-IP system to produce a core file, disrupting the flow ...

K61968355: Linux kernel vulnerability CVE-2017-7374

Security Advisory Description Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service NULL pointer dereference or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing...

K16506: NTP vulnerability CVE-2015-1799

Security Advisory Description The symmetric-key feature in the receive function in ntpproto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service...

K70938105: Expat XML library vulnerability CVE-2016-5300

Security Advisory Description The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete...

K17515: NTP vulnerability CVE-2015-7855

Security Advisory Description The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service assertion failure via a 6 or mode 7 packet containing a long data value. CVE-2015-7855 Impact A locally authenticated user may ...

K16213320: Python Pillow vulnerabilities CVE-2020-5312 and CVE-2020-5313

Security Advisory Description CVE-2020-5312 libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow. CVE-2020-5313 libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow. Impact There is no impact; F5 products are not affected by this vulnerability. Securi...

K70652532: F5 BIG-IP Guided Configuration logging vulnerability CVE-2021-23046

Security Advisory Description When a configuration that contains secure properties is created and deployed from BIG-IP Guided Configuration AGC, secure properties are logged in restnoded logs. CVE-2021-23046 Impact Users with access to restnoded logs may gain access to sensitive information from...

K05046514: NTP vulnerability CVE-2015-7979

Security Advisory Description NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service client-server association tear down by sending broadcast packets with invalid authentication to a broadcast client. CVE-2015-7979 Impact An attacker may exploit this...

K16011: Linux kernel vulnerability CVE-2012-6657

Security Advisory Description The socksetsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with a stream socket, which allows local users to cause a denial of service system crash by leveraging the ability to create a raw...

K52638558: RESOLV::lookup iRule command vulnerability CVE-2016-6876

Security Advisory Description A specially crafted reply to DNS queries from RESOLV::lookup may consume excess system resources or possibly lead to a crash and failover. CVE-2016-6876 Impact The BIG-IP system may consume excess system resources, or experience a Traffic Management Microkernel TMM...

K51213246: BIG-IP APM AD authentication vulnerability CVE-2021-23008

Security Advisory Description BIG-IP APM AD Active Directory authentication can be bypassed using a spoofed AS-REP Kerberos Authentication Service Response response sent over a hijacked KDC Kerberos Key Distribution Center connection, or from an AD server compromised by an attacker.CVE-2021-23008...

K11023978: Linux kernel vulnerability CVE-2017-6346

Security Advisory Description Race condition in net/packet/afpacket.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service use-after-free or possibly have unspecified other impact via a multithreaded application that makes PACKETFANOUT setsockopt system calls...

K44994972: Linux kernel vulnerability CVE-2020-25704

Security Advisory Description A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERFEVENTIOCSETFILTER. A local user could use this flaw to starve the resources causing denial of service. CVE-2020-25704 Impact This vulnerability may allow a local...

K94093538: NGINX Service Mesh control plane vulnerability CVE-2022-27495

Security Advisory Description NGINX Service Mesh control plane endpoints are exposed to the cluster overlay network. CVE-2022-27495 Impact An attacker may affect traffic policies, security policies, and other reverse proxy capabilities of NGINX Service Mesh if they've gained access to a Kubernete...

K84797753: Linux kernel vulnerability CVE-2019-19062

Security Advisory Description A memory leak in the cryptoreport function in crypto/cryptouserbase.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memory consumption by triggering cryptoreportalg failures, aka CID-ffdde5932042. CVE-2019-19062 Impact A local...

K32562850: jackson-databind vulnerabilities CVE-2019-16943 and CVE-2019-17531

Security Advisory Description CVE-2019-16943 A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the p6spy 3.8.6 jar in t...

K82747025: GraphicsMagick vulnerability CVE-2016-5118

Security Advisory Description The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | pipe character at the start of a filename. CVE-2016-5118 Impact A remote attacker may be able to execute arbitrary code on the...

K6734: Local OpenSSL vulnerabilities VU#547300 and VU#386964, CAN-2006-3738, CAN-2006-2940, CAN-2006-2937, CAN-2006-4343

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

K40540405: Linux kernel vulnerability CVE-2018-10675

Security Advisory Description The dogetmempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service use-after-free or possibly have unspecified other impact via crafted system calls. CVE-2018-10675 Impact A local attacker can cause a...

K09040132: libgcrypt vulnerability CVE-2016-6313

Security Advisory Description The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits...

K26422113: libxml2 vulnerability CVE-2016-1839

Security Advisory Description The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document...

K30340506: Intel Multiple CPU vulnerabilities CVE-2020-8738,CVE-2020-8739,CVE-2020-8740,CVE-2020-8764

Security Advisory Description CVE-2020-8738 Improper conditions check in Intel BIOS platform sample code for some IntelR Processors before may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2020-8739 Use of potentially dangerous function in Intel BIOS...

K08593253: Intel CPU vulnerability CVE-2021-0144

Security Advisory Description Insecure default variable initialization for the Intel BSSA DFT feature may allow a privileged user to potentially enable an escalation of privilege via local access. CVE-2021-0144 Impact There is no impact; F5 products are not affected by this vulnerability. Securit...

K73078449: Moveable Type vulnerability CVE-2021-20837

Security Advisory Description Movable Type 7 r.5002 and earlier Movable Type 7 Series, Movable Type 6.8.2 and earlier Movable Type 6 Series, Movable Type Advanced 7 r.5002 and earlier Movable Type Advanced 7 Series, Movable Type Advanced 6.8.2 and earlier Movable Type Advanced 6 Series, Movable...

K45139744: ImageMagick vulnerabilities CVE-2017-1000476 CVE-2017-11166 CVE-2017-12805 CVE-2017-12806 CVE-2017-18251 CVE-2017-18252 CVE-2017-18254 CVE-2017-18271 CVE-2017-18273 CVE-2018-10804

Security Advisory Description CVE-2017-1000476 ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service. CVE-2017-11166 The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a...

K22232964: Expat XML library vulnerability CVE-2016-4472

Security Advisory Description The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an...

K15547: MIT Kerberos 5 vulnerability CVE-2014-4342

Security Advisory Description MIT Kerberos 5 aka krb5 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service buffer over-read or NULL pointer dereference, and application crash by injecting invalid tokens into a GSSAPI application session. CVE-2014-4342 Impact A...

K16302: OpenSSL vulnerability CVE-2015-0292

Security Advisory Description Integer underflow in the EVPDecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service memory corruption or possibly...

K16704: cURL and libcurl vulnerability CVE-2015-3143

Security Advisory Description cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015. CVE-2015-3143 Impact Remote attackers may be able to reuse NTLM...

K50899356: file vulnerability CVE-2018-10360

Security Advisory Description The docorenote function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted ELF file. CVE-2018-10360 Impact This vulnerability may allow a remote attacker to cause a...

K13719: Samba vulnerability CVE-2012-1182

Security Advisory Description The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code ...

K59298921: OpenSSL vulnerability CVE-2016-2181

Security Advisory Description The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service false-positive packet drops via spoofed DTLS...

K59692558: BIND vulnerability CVE-2016-2088

Security Advisory Description resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service INSIST assertion failure and daemon exit via a malformed packet with more than one cookie option. CVE-2016-2088 Impact There is...