K39272405: OpenSSL vulnerability CVE-2016-7052

Security Advisory Description crypto/x509/x509vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service NULL pointer dereference and application crash by triggering a CRL operation. CVE-2016-7052 Impact There is no impact; F5 products are not affected by this vulnerability...

K34450231: TLS 1.3 vulnerability CVE-2019-6659

Security Advisory Description BIG-IP virtual servers with TLS 1.3 enabled may experience a denial-of-service DoS due to undisclosed incoming messages. CVE-2019-6659 Impact BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator Undisclosed...

K01251345: OpenSSL vulnerability CVE-2020-1967

Security Advisory Description Server or client applications that call the SSLcheckchain function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signaturealgorithmscert" TLS extension. The crash occurs if an invalid or...

K13288506: Wget vulnerability CVE-2017-13090

Security Advisory Description The retr.c:fdreadbody function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then...

K59395527: Intel processor vulnerability CVE-2021-33150

Security Advisory Description Hardware allows activation of test or debug logic at runtime for some IntelR Trace Hub instances which may allow an unauthenticated user to potentially enable escalation of privilege via physical access. CVE-2021-33150 Impact There is no impact; F5 products are not...

K12985: BIND vulnerability CVE-2011-1910

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

K16914: OpenSSL vulnerability CVE-2015-1791

Security Advisory Description Race condition in the ssl3getnewsessionticket function in ssl/s3clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service double fre...

K11426315: BIND vulnerability CVE-2021-25214

Security Advisory Description In BIND 9.8.5 - 9.8.8, 9.9.3 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 - 9.17.11 of the BIND 9.17 development branch, when a vulnerable versi...

K62463634: glibc vulnerability CVE-2018-6485

Security Advisory Description An integer overflow in the implementation of the posixmemalign in memalign functions in the GNU C Library aka glibc or libc6 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption...

K19707805: glibc vulnerability CVE-2017-15804

Security Advisory Description The glob function in glob.c in the GNU C Library aka glibc or libc6 before 2.27 contains a buffer overflow during unescaping of user names with the operator. CVE-2017-15804 Impact BIG-IP, BIG-IQ, F5 iWorkflow, Enterprise Manager, LineRate, and ARX There is no impact;...

K02212309: MySQL vulnerabilities CVE-2018-2755, CVE-2018-2758, CVE-2018-2759, CVE-2018-2761, and CVE-2018-2762

Security Advisory Description CVE-2018-2755 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Replication. Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated...

K42051445: BIG-IP Advanced WAF and ASM WebSocket vulnerability CVE-2021-23030

Security Advisory Description When a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. CVE-2021-23030 Impact Traffic is disrupted while the bd process restarts. This vulnerability allows a remote attacker to cause a denial-of-service DoS on the...

K30403302: ImageMagick vulnerabilities CVE-2015-8895 and CVE-2015-8896

Security Advisory Description CVE-2015-8895 Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service application crash via a crafted length value, which triggers a buffer overflow. CVE-2015-8896 Integer truncation issue in coders/pict...

K52833764: OpenSSL vulnerability CVE-2021-23841

Security Advisory Description The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer fie...

K57108702: Apache Tika XML External Entity vulnerability CVE-2016-4434

Security Advisory Description Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity XXE attacks via vectors involving 1 spreadsheets in OOXML files and 2 XMP metadata in PDF and other file formats,...

K42526507: BIG-IP TMUI vulnerability CVE-2021-23041

Security Advisory Description A DOM based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the current logged-in user. CVE-2021-23041 Impact An attacker may exploit this...

K42315210: Linux kernel vulnerability CVE-2011-5327

Security Advisory Description In the Linux kernel before 3.1, an off by one in the drivers/target/loopback/tcmloop.c tcmloopmakenaatpg function could result in at least memory corruption. CVE-2011-5327 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisor...

K16939: Multiple Wireshark vulnerabilities

Security Advisory Description Description CVE-2014-6421 Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service application crash via a crafted packet that leverages split memory ownership between the SDP and RTP...

K38271531: BIG-IP and BIG-IQ SCP vulnerability CVE-2022-26340

Security Advisory Description An authenticated, high-privileged attacker with no bash access may be able to access Certificate and Key files using Secure Copy SCP protocol from a remote system. CVE-2022-26340 Impact This vulnerability may allow an authenticated, high-privileged attacker who has...

K40048447: Linux kernel vulnerability CVE-2017-18202

Security Advisory Description The oomreaptaskmm function in mm/oomkill.c in the Linux kernel before 4.14.4 mishandles gather operations, which allows attackers to cause a denial of service TLB entry leak or use-after-free or possibly have unspecified other impact by triggering a copytouser call...

K67472032: BIG-IP network failover vulnerability CVE-2020-5860

Security Advisory Description In a High Availability HA network failover in Device Service Cluster DSC, the failover service does not require a strong form of authentication and HA network failover traffic is not encrypted by Transport Layer Security TLS. CVE-2020-5860 Impact An attacker may be...

K82205554: Multiple MySQL vulnerabilities

Security Advisory Description CVE-2016-0652 Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to DML." CVE-2016-0656 Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via...

K57536416: Kernel vulnerability CVE-2019-14835

Security Advisory Description A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid...

K49902412: nghttp vulnerability CVE-2018-1000168

Security Advisory Description nghttp2 version = 1.10.0 and nghttp2 = 1.31.1. CVE-2018-1000168 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently supported releases for potential vulnerability,...

K43650115: Linux kernel vulnerability CVE-2016-0723

Security Advisory Description Race condition in the ttyioctl function in drivers/tty/ttyio.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service use-after-free and system crash by making a TIOCGETD ioctl call during...

K75004031: Python vulnerability CVE-2016-1000110

Security Advisory Description The CGIHandler class in Python before 2.7.12 does not protect against the HTTPPROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests. CVE-2016-1000110 Impact There is no impact; F5 products are not affected by this...

K71926235: libxml2 vulnerability CVE-2016-1838

Security Advisory Description The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted...

K15244523: 389-ds-base vulnerability CVE-2021-4091

Security Advisory Description A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash. CVE-2021-4091 Impact There is no impact; F5 products ar...

K42065024: PHP vulnerability CVE-2016-4070

Security Advisory Description DISPUTED Integer overflow in the phprawurlencode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service application crash via a long string to the rawurlencode function. NOTE...

K12487579: Apache vulnerabilities CVE-2018-1282, CVE-2018-1284, CVE-2018-1295, CVE-2018-1308, and CVE-2018-1315

Security Advisory Description CVE-2018-1282 This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation. CVE-2018-1284 In Apache Hive 0.6.0 to 2.3.2,...

K06725231: Wireshark vulnerability CVE-2019-12295

Security Advisory Description In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion. CVE-2019-12295 Impact An attacker can leverage this issue...

K09405555: MySQL vulnerabilities CVE-2017-10155, CVE-2017-10165, CVE-2017-10167, CVE-2017-10227, and CVE-2017-10268

Security Advisory Description CVE-2017-10155 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Pluggable Auth. Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with...

K42059040: Binutils vulnerability CVE-2019-9075

Security Advisory Description An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in bfdarchive64bitslurparmap in archive64.c. CVE-2019-9075 Impact Successful exploitation of this vulnerability could...

K52514501: MySQL vulnerabilities CVE-2019-2596, CVE-2019-2606, CVE-2019-2607, CVE-2019-2614, and CVE-2019-2617

Security Advisory Description CVE-2019-2596 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

K04884013: NGINX Controller vulnerability CVE-2021-23019

Security Advisory Description The NGINX Controller Administrator password may be exposed in the systemd.txt file that is included in the NGINX support package. CVE-2021-23019 Impact The Administrator password is exposed in the NGINX support package. This password leak occurs only when you enabled...

K28280935: Linux kernel vulnerability CVE-2018-18386

Security Advisory Description drivers/tty/ntty.c in the Linux kernel before 4.14.11 allows local attackers who are able to access pseudo terminals to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ. CVE-2018-18386 Impact There is no...

K95065016: glibc vulnerability CVE-2018-11236

Security Advisory Description stdlib/canonicalize.c in the GNU C Library aka glibc or libc6 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and,...

K53197140: BIG-IP iControl REST and tmsh vulnerabilities CVE-2022-26835

Security Advisory Description Directory traversal vulnerabilities exist in undisclosed iControl REST endpoints and TMOS Shell tmsh commands in F5 BIG-IP Guided Configuration, which may allow an authenticated attacker with at least resource administrator role privileges to read arbitrary files...

K41815723: Java SE vulnerability CVE-2017-10078

Security Advisory Description Vulnerability in the Java SE component of Oracle Java SE subcomponent: Scripting. The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java S...

K54212139: Kernel vulnerability CVE-2017-0861

Security Advisory Description Use-after-free vulnerability in the sndpcminfo function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors. CVE-2017-0861 Impact There is no impact; F5 products are not affected by this vulnerability. Security Adviso...

K16117: Multiple libvirt vulnerabilities

Security Advisory Description CVE-2013-4292 libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service memory consumption via a large number of domain migrate parameters in certain RPC calls in 1 daemon/remote.c and 2 remote/remotedriver.c. CVE-2013-4399 The remoteClientFreeFunc...

K75253136: GnuPG vulnerability CVE-2013-4242

Security Advisory Description GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. CVE-2013-4242 Impact A local user may obtain...

K12794: GNU C Library vulnerability CVE-2010-4052

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this Solution have not been evaluated for...

K12793: GNU C Library vulnerability CVE-2010-4051

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

K5278: Apache mod_ssl SSLVerifyClient bypass - CAN-2005-2700

Security Advisory Description Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5...

K15429: Apache Tomcat vulnerability CVE-2014-0119

Security Advisory Description Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to 1 read arbitrary files via a crafted web application that...

K15417: OpenSSL vulnerability CVE-2012-0050

Security Advisory Description Description OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service crash via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix f...

K16714: PHP vulnerabilities CVE-2015-2301 and CVE-2015-2331

Security Advisory Description CVE-2015-2301 Use-after-free vulnerability in the pharrenamearchive function in pharobject.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempt...

K15864: libxml vulnerabilities CVE-2009-2414 and CVE-2009-2416

Security Advisory Description CVE-2009-2414 Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service application crash via a large depth of element declarations in a DTD, related to a...

K84602160: Linux kernel vulnerability CVE-2021-3491

Security Advisory Description The iouring subsystem in the Linux kernel allowed the MAXRWCOUNT limit to be bypassed in the PROVIDEBUFFERS operation, which led to negative values being usedin memrw when reading /proc//mem. This could be used to create a heap overflow leading to arbitrary code...