K000137353: BIG-IP Configuration utility unauthenticated remote code execution vulnerability CVE-2023-46747

Security Advisory Description Undisclosed requests may bypass Configuration utility authentication. CVE-2023-46747 Impact This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary...

K000137229: BIND vulnerability CVE-2022-38178

Security Advisory Description By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. CVE-2022-38178 Impact DNS...

K000135479: Overview of F5 vulnerabilities (August 2023)

Security Advisory Description On August 2, 2023, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. Important :...

K000133694: MySQL vulnerabilities CVE-2023-21929, CVE-2023-21976, and CVE-2023-21980

Security Advisory Description CVE-2023-21929 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

K000133447: Linux kernel vulnerability CVE-2022-32250

Security Advisory Description net/netfilter/nftablesapi.c in the Linux kernel through 5.18.1 allows a local user able to create user/net namespaces to escalate privileges to root because an incorrect NFTSTATEFULEXPR check leads to a use-after-free. CVE-2022-32250 Impact For products with None in...

K000132943: OpenSSL vulnerability CVE-2022-4304

Security Advisory Description A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very lar...

K000132686: TLS Triple Handshake Attack vulnerability

Security Advisory Description The original TLS protocol includes a weakness in master secret negotiation, potentially allowing the Triple Handshake Attack that is mitigated by the Extended Master Secret EMS extension defined in RFC 7627. Impact This vulnerability may allow an unauthenticated...

K91245485: RSA-CRT key leak vulnerability CVE-2015-5738

Security Advisory Description The RSA-CRT implementation in the Cavium Software Development Kit SDK 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy PFS, makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra...

K20219314: OpenSSL vulnerability CVE-2015-1794

Security Advisory Description The ssl3getkeyexchange function in ssl/s3clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service segmentation fault via a zero p value in an anonymous Diffie-Hellman DH ServerKeyExchange message. CVE-2015-1794 Impact There is no impac...

K43546166: glibc vulnerability CVE-2017-16997

Security Advisory Description elf/dl-load.c in the GNU C Library aka glibc or libc6 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged setuid or ATSECURE program, which allows local users to gain privileges via a Trojan horse library in the current working director...

K20001553: Libgcrypt vulnerability CVE-2018-0495

Security Advisory Description Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the gcryeccecdsasign function in cipher/ecc-ecdsa.c, aka the Return Of the...

K11932200: glibc vulnerability CVE-2019-1010023

Security Advisory Description GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ld...

K75248350: QEMU vulnerability CVE-2016-1714

Security Advisory Description The 1 fwcfgwrite and 2 fwcfgread functions in hw/nvram/fwcfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAPSYSRAWIO privilege to cause a denial of service out-of-bounds read or write access...

K59448931: BIND vulnerability CVE-2017-3142

Security Advisory Description An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely o...

K4207: Buffer overflow in mod_include - CAN-2004-0940

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K99123750: BIG-IP Stream profile vulnerability CVE-2022-28701

Security Advisory Description When the stream profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.CVE-2022-28701 Impact System performance can degrade until the Traffic Management Microkernel TMM process is either forced to restart ...

K44503763: libcurl vulnerability CVE-2016-8617

Security Advisory Description The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via CURLOPTUSERNAME. CVE-2016-8617 Impact This vulnerability may allow an attacker to overwrite memory behind the...

K92071148: Server component of Oracle MySQL vulnerabilities CVE-2016-8318, CVE-2017-3291, CVE-2017-3312, CVE-2017-3313, and CVE-2017-3320

Security Advisory Description CVE-2016-8318 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Encryption. Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker...

K37283878: Intel I210 network adapter vulnerability CVE-2020-0522

Security Advisory Description Improper initialization in the firmware for the IntelR Ethernet I210 Controller series of network adapters before version 3.30 may allow a privileged user to potentially enable denial of service via local access. CVE-2020-0522 Impact The BIG-IP management network por...

K99254031: NTP vulnerability CVE-2017-6458

Security Advisory Description Multiple buffer overflows in the ctlput functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable. CVE-2017-6458 Impact This vulnerability allows remote authenticated users to have an...

K35340595: Kerberos vulnerability CVE-2016-3120

Security Advisory Description The validateasrequest function in kdcutil.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.13.6 and 1.4.x before 1.14.3, when restrictanonymoustotgt is enabled, uses an incorrect client data structure, which allows remote authenticated users t...

K27575300: Linux kernel vulnerability CVE-2019-17053

Security Advisory Description ieee802154create in net/ieee802154/socket.c in the AFIEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAPNETRAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7. CVE-2019-17053 Impact There is no impact; F...

K2355: Timing attacks on RSA private keys - CAN-2003-0147

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K8425: Linux Kernel Vulnerability - CVE-2008-0600

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K23453330: NTP vulnerability CVE-2016-4957

Security Advisory Description ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service daemon crash via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547. CVE-2016-4957 Impact There is no impact; F5 products are not affected ...

K15955144: Mozilla NSS vulnerability CVE-2015-2730

Security Advisory Description Mozilla Network Security Services NSS before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography ECC multiplications, which makes it easier for...

K10600056: NTP vulnerability CVE-2015-5300

Security Advisory Description It was found that ntpd did not correctly implement the threshold limitation for the '-g' option, which is used to set the time without any restrictions. CVE-2015-5300 Impact A man-in-the-middle attacker able to intercept network time protocol NTP traffic between a...

K23873366: OpenSSL vulnerability CVE-2016-2177

Security Advisory Description OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service integer overflow and application crash or possibly have unspecified other impact by leveraging unexpected mallo...

K81223200: Oracle Java SE vulnerability CVE-2016-3425

Security Advisory Description Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect availability via vectors related to JAXP. CVE-2016-3425 Impact An authenticated attacker can input specially crafted XML th...

K17742627: cURL and libcurl vulnerability CVE-2016-8625

Security Advisory Description curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host. CVE-2016-8625 Impact Incorrect translation of International Doma...

K71231825: Multiple MySQL vulnerabilities

Security Advisory Description CVE-2018-2776 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Group Replication GCS. Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via XCom to...

K14261: OpenSSL OCSP vulnerability CVE-2013-0166

Security Advisory Description OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for Online Certificate Status Protocol OCSP responses, which allow remote attackers to cause a denial-of-service DoS NULL pointer dereference and...

K15732: Linux kernel vulnerability CVE-2013-0311

Security Advisory Description Description The translatedesc function in drivers/vhost/vhost.c in the Linux kernel before 3.7 does not properly handle cross-region descriptors, which allows guest OS users to obtain host OS privileges by leveraging Kernel-base Virtual Machine KVM guest OS privilege...

K15721: GnuTLS vulnerability CVE-2013-1619

Security Advisory Description The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to...

K16385: Multiple MySQL vulnerabilities

Security Advisory Description CVE-2013-5894 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. CVE-2013-5881 Unspecified vulnerability in the MySQL Server...

K3284: Buffer overflows in stub resolver libraries - CAN-2002-0029

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K63675293: NTP vulnerability CVE-2016-1548

Security Advisory Description An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer-dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c wi...

K16983: PCRE library vulnerability CVE-2015-2325

Security Advisory Description PCRE library is prone to a heap overflow vulnerability. Due to insufficient bounds checking inside compilebranch, the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applicatio...

K17254: NTP-keygen vulnerability CVE-2015-3405

Security Advisory Description flaw was found in the way the ntp-keygen utility generated MD5 symmetric keys on big-endian systems. An attacker could possibly use this flaw to guess generated MD5 keys, which could then be used to spoof an NTP client or server. CVE-2015-3405 - pending Impact There...

K61200338: NTP vulnerability CVE-2016-2517

Security Advisory Description NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service prevent subsequent authentication by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey,...

K35981055: glibc vulnerability CVE-2018-11237

Security Advisory Description An AVX-512-optimized implementation of the mempcpy function in the GNU C Library aka glibc or libc6 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in mempcpyavx512novzeroupper. CVE-2018-11237 Impact There is no impact; F5...

K75952001: QEMU vulnerability CVE-2019-15890

Security Advisory Description libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ipreass in ipinput.c. CVE-2019-15890 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently supported...

K04320238: MySQL vulnerabilities CVE-2018-3276, CVE-2018-3277, CVE-2018-3278, CVE-2018-3279, and CVE-2018-3280

Security Advisory Description CVE-2018-3276 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Memcached. Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attack...

K15317: Linux kernel vulnerability CVE-2014-0101

Security Advisory Description The sctpsfdo51Dce function in net/sctp/smstatefuns.c in the Linux kernel through 3.13.6 does not validate certain authenable and authcapable fields before making an sctpsfauthenticate call, which allows remote attackers to cause a denial of service NULL pointer...

K15535113: MySQL vulnerability CVE-2016-5632

Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer. CVE-2016-5632 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...

K15082: OpenSSH vulnerability CVE-2010-4755

Security Advisory Description The 1 remoteglob function in sftp-glob.c and the 2 processput function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service CPU and memory...

K17047: ICMP packet processing vulnerability CVE-2015-5058

Security Advisory Description Memory leak in the virtual server component in F5 Big-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM 11.5.x before 11.5.1 HF10, 11.5.3 before HF1, and 11.6.0 before HF5, BIG-IQ Cloud, Device, and Security 4.4.0 through 4.5.0, and BIG-IQ ADC 4.5....

K13231: PHP vulnerability CVE-2009-2626

Security Advisory Description In PHP 5.3.0 and PHP 5.2.10 and earlier, the zendrestoreinientrycb function in zendini.c allows context-specific attackers to obtain sensitive information memory contents and causes PHP to fail by using the iniset function to declare a variable, and then using the...

K89002224: PHP vulnerability CVE-2016-7127

Security Advisory Description The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service out-of-bounds write or possibly have unspecified other impact by providing...

K48866433: PHP vulnerability CVE-2019-11046

Security Advisory Description In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeri...