6413 matches found
K48866433: PHP vulnerability CVE-2019-11046
Security Advisory Description In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeri...
K16506: NTP vulnerability CVE-2015-1799
Security Advisory Description The symmetric-key feature in the receive function in ntpproto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service...
K66171422: BIG-IP APM redirect vulnerability CVE-2018-5548
Security Advisory Description An insecure AES ECB mode is used for origuri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user to build a redirect URI value using different blocks of cipher texts. CVE-2018-5548 Impact An...
K70938105: Expat XML library vulnerability CVE-2016-5300
Security Advisory Description The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete...
K58502649: MySQL vulnerabilities CVE-2018-3123, CVE-2019-2566, CVE-2019-2580, CVE-2019-2581, CVE-2019-2584
Security Advisory Description CVE-2018-3123 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: libmysqld. Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows unauthenticated...
K13288506: Wget vulnerability CVE-2017-13090
Security Advisory Description The retr.c:fdreadbody function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then...
K1648: OpenSSH array overflow - CAN-2002-0083
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K37451543: TMM vulnerability CVE-2021-23007
Security Advisory Description When the Traffic Management Microkernel TMM process handles certain undisclosed traffic, it may start dropping all fragmented IP traffic. CVE-2021-23007 Impact TMM incorrectly determines that the fragment memory limit has been reached and drops all fragments it...
K12985: BIND vulnerability CVE-2011-1910
Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...
K05328500: MySQL vulnerability CVE-2022-21490
Security Advisory Description Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged...
K62463634: glibc vulnerability CVE-2018-6485
Security Advisory Description An integer overflow in the implementation of the posixmemalign in memalign functions in the GNU C Library aka glibc or libc6 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption...
K96670746: NTP vulnerability CVE-2017-6464
Security Advisory Description NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service ntpd crash via a malformed mode configuration directive. CVE-2017-6464 Impact A remote, authenticated attacker may abuse this vulnerability using a crafted message to cau...
K42051445: BIG-IP Advanced WAF and ASM WebSocket vulnerability CVE-2021-23030
Security Advisory Description When a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. CVE-2021-23030 Impact Traffic is disrupted while the bd process restarts. This vulnerability allows a remote attacker to cause a denial-of-service DoS on the...
K11601010: Intel Processor vulnerability CVE-2021-33149
Security Advisory Description Observable behavioral discrepancy in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access. CVE-2021-33149 Impact This vulnerability may allow an authorized user to potentially enable information disclosure...
K30403302: ImageMagick vulnerabilities CVE-2015-8895 and CVE-2015-8896
Security Advisory Description CVE-2015-8895 Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service application crash via a crafted length value, which triggers a buffer overflow. CVE-2015-8896 Integer truncation issue in coders/pict...
K14382: OpenSSH vulnerability CVE-2008-3259
Security Advisory Description OpenSSH before 5.1 sets the SOREUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port by way of a bind to a single IP address, as demonstrated on the HP-UX...
K42526507: BIG-IP TMUI vulnerability CVE-2021-23041
Security Advisory Description A DOM based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the current logged-in user. CVE-2021-23041 Impact An attacker may exploit this...
K42315210: Linux kernel vulnerability CVE-2011-5327
Security Advisory Description In the Linux kernel before 3.1, an off by one in the drivers/target/loopback/tcmloop.c tcmloopmakenaatpg function could result in at least memory corruption. CVE-2011-5327 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisor...
K33484369: Linux kernel vulnerability CVE-2021-20194
Security Advisory Description There is a vulnerability in the linux kernel versions higher than 5.2 if kernel compiled with config params CONFIGBPFSYSCALL=y , CONFIGBPF=y , CONFIGCGROUPS=y , CONFIGCGROUPBPF=y , CONFIGHARDENEDUSERCOPY not set, and BPF hook to getsockopt is registered. As result of...
K67472032: BIG-IP network failover vulnerability CVE-2020-5860
Security Advisory Description In a High Availability HA network failover in Device Service Cluster DSC, the failover service does not require a strong form of authentication and HA network failover traffic is not encrypted by Transport Layer Security TLS. CVE-2020-5860 Impact An attacker may be...
K75934136: Linux kernel vulnerability CVE-2020-36313
Security Advisory Description An issue was discovered in the Linux kernel before 5.7. The KVM subsystem allows out-of-range access to memslots after a deletion, aka CID-0774a964ef56. This affects arch/s390/kvm/kvm-s390.c, include/linux/kvmhost.h, and virt/kvm/kvmmain.c. CVE-2020-36313 Impact Ther...
K57536416: Kernel vulnerability CVE-2019-14835
Security Advisory Description A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid...
K49902412: nghttp vulnerability CVE-2018-1000168
Security Advisory Description nghttp2 version = 1.10.0 and nghttp2 = 1.31.1. CVE-2018-1000168 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently supported releases for potential vulnerability,...
K55335001: Linux kernel vulnerability CVE-2019-15239
Security Advisory Description In the Linux kernel, a certain net/ipv4/tcpoutput.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to ...
K49348053: cURL vulnerability CVE-2017-8818
Security Advisory Description curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service out-of-bounds access and application crash or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library. CVE-2017-881...
K75004031: Python vulnerability CVE-2016-1000110
Security Advisory Description The CGIHandler class in Python before 2.7.12 does not protect against the HTTPPROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests. CVE-2016-1000110 Impact There is no impact; F5 products are not affected by this...
K43650115: Linux kernel vulnerability CVE-2016-0723
Security Advisory Description Race condition in the ttyioctl function in drivers/tty/ttyio.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service use-after-free and system crash by making a TIOCGETD ioctl call during...
K15244523: 389-ds-base vulnerability CVE-2021-4091
Security Advisory Description A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash. CVE-2021-4091 Impact There is no impact; F5 products ar...
K12487579: Apache vulnerabilities CVE-2018-1282, CVE-2018-1284, CVE-2018-1295, CVE-2018-1308, and CVE-2018-1315
Security Advisory Description CVE-2018-1282 This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation. CVE-2018-1284 In Apache Hive 0.6.0 to 2.3.2,...
K42059040: Binutils vulnerability CVE-2019-9075
Security Advisory Description An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in bfdarchive64bitslurparmap in archive64.c. CVE-2019-9075 Impact Successful exploitation of this vulnerability could...
K52514501: MySQL vulnerabilities CVE-2019-2596, CVE-2019-2606, CVE-2019-2607, CVE-2019-2614, and CVE-2019-2617
Security Advisory Description CVE-2019-2596 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...
K41102235: Tomcat vulnerability CVE-2021-43980
Security Advisory Description The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing but extremely hard to trigger concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to...
K04884013: NGINX Controller vulnerability CVE-2021-23019
Security Advisory Description The NGINX Controller Administrator password may be exposed in the systemd.txt file that is included in the NGINX support package. CVE-2021-23019 Impact The Administrator password is exposed in the NGINX support package. This password leak occurs only when you enabled...
K73078449: Moveable Type vulnerability CVE-2021-20837
Security Advisory Description Movable Type 7 r.5002 and earlier Movable Type 7 Series, Movable Type 6.8.2 and earlier Movable Type 6 Series, Movable Type Advanced 7 r.5002 and earlier Movable Type Advanced 7 Series, Movable Type Advanced 6.8.2 and earlier Movable Type Advanced 6 Series, Movable...
K28280935: Linux kernel vulnerability CVE-2018-18386
Security Advisory Description drivers/tty/ntty.c in the Linux kernel before 4.14.11 allows local attackers who are able to access pseudo terminals to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ. CVE-2018-18386 Impact There is no...
K95065016: glibc vulnerability CVE-2018-11236
Security Advisory Description stdlib/canonicalize.c in the GNU C Library aka glibc or libc6 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and,...
K53197140: BIG-IP iControl REST and tmsh vulnerabilities CVE-2022-26835
Security Advisory Description Directory traversal vulnerabilities exist in undisclosed iControl REST endpoints and TMOS Shell tmsh commands in F5 BIG-IP Guided Configuration, which may allow an authenticated attacker with at least resource administrator role privileges to read arbitrary files...
K41815723: Java SE vulnerability CVE-2017-10078
Security Advisory Description Vulnerability in the Java SE component of Oracle Java SE subcomponent: Scripting. The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java S...
K54212139: Kernel vulnerability CVE-2017-0861
Security Advisory Description Use-after-free vulnerability in the sndpcminfo function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors. CVE-2017-0861 Impact There is no impact; F5 products are not affected by this vulnerability. Security Adviso...
K16117: Multiple libvirt vulnerabilities
Security Advisory Description CVE-2013-4292 libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service memory consumption via a large number of domain migrate parameters in certain RPC calls in 1 daemon/remote.c and 2 remote/remotedriver.c. CVE-2013-4399 The remoteClientFreeFunc...
K3631: Stack-based buffer overflow in Apache - CAN-2004-0488
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K75253136: GnuPG vulnerability CVE-2013-4242
Security Advisory Description GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. CVE-2013-4242 Impact A local user may obtain...
K12794: GNU C Library vulnerability CVE-2010-4052
Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this Solution have not been evaluated for...
K12793: GNU C Library vulnerability CVE-2010-4051
Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...
K5278: Apache mod_ssl SSLVerifyClient bypass - CAN-2005-2700
Security Advisory Description Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5...
K34352169: Apache Struts vulnerability CVE-2012-0393
Security Advisory Description The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object. CVE-2012-0393...
K22454130: Linux kernel vulnerability CVE-2020-29534
Security Advisory Description An issue was discovered in the Linux kernel before 5.9.3. iouring takes a non-refcounted reference to the filesstruct of the process that submitted a request, causing execve to incorrectly optimize unsharefd, aka CID-0f2122045b94. CVE-2020-29534 Impact There is no...
K36926027: NGINX Controller vulnerability CVE-2021-23021
Security Advisory Description The agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644. CVE-2021-23021 Impact Local attackers are able to obtain the sensitive data, such as the API key. Security Advisory Status F5 Product Development...
K15429: Apache Tomcat vulnerability CVE-2014-0119
Security Advisory Description Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to 1 read arbitrary files via a crafted web application that...
K59692558: BIND vulnerability CVE-2016-2088
Security Advisory Description resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service INSIST assertion failure and daemon exit via a malformed packet with more than one cookie option. CVE-2016-2088 Impact There is...