6294 matches found
K64412100: PHP vulnerability CVE-2016-4073
Security Advisory Description Multiple integer overflows in the mbflstrcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code via ...
K15566: Kerberos vulnerability CVE-2014-4345
Security Advisory Description Off-by-one error in the krb5encodekrbsecretkey function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 aka krb5 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause...
K86612211: Apache vulnerability CVE-2018-17189
Security Advisory Description In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...
K12876166: Linux kernel vulnerability CVE-2019-12817
Security Advisory Description arch/powerpc/mm/mmucontextbook3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are...
K22052524: cURL and libcurl vulnerability CVE-2018-1000120
Security Advisory Description A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse. CVE-2018-1000120 Impact libcurl does not safely parse FTP URLs when using the CURLOPTFTPFILEMETHOD method. By...
K8425: Linux Kernel Vulnerability - CVE-2008-0600
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K23873366: OpenSSL vulnerability CVE-2016-2177
Security Advisory Description OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service integer overflow and application crash or possibly have unspecified other impact by leveraging unexpected mallo...
K15759349: BIG-IP FTP profile vulnerability CVE-2019-6645
Security Advisory Description FTP traffic passing through a virtual server with both an active FTP profile associated and connection mirroring configured may cause the Traffic Management Microkernel TMM to stop responding, causing the configured high availability HA action to be taken...
K16336: PHP vulnerability CVE-2015-0273
Security Advisory Description Multiple use-after-free vulnerabilities in ext/date/phpdate.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a 1 R or 2 r type specifier in a DateTimeZone data...
K35129173: GNU C Library (glibc) vulnerability CVE-2017-15670
Security Advisory Description The GNU C Library aka glibc or libc6 before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the operator followed by a long string. CVE-2017-15670 Impact...
K17449: Apache Struts 2 vulnerability CVE-2015-5169
Security Advisory Description Cross-site scripting XSS vulnerability in Apache Struts before 2.3.20. CVE-2015-5169 When debug mode is switched on in Apache Struts, under certain conditions, an arbitrary script may be executed in the 'Problem Report' screen. Affected versions are Struts 2.0.0 -...
K11270891: Multiple Intel Linux Wi-Fi Drivers vulnerabilities CVE-2020-12313, CVE-2020-12317, CVE-2020-12319, CVE-2017-13080
Security Advisory Description CVE-2020-12313 Insufficient control flow management in some IntelR PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. CVE-2020-12317 Improper buffer restriction in...
K15317: Linux kernel vulnerability CVE-2014-0101
Security Advisory Description The sctpsfdo51Dce function in net/sctp/smstatefuns.c in the Linux kernel through 3.13.6 does not validate certain authenable and authcapable fields before making an sctpsfauthenticate call, which allows remote attackers to cause a denial of service NULL pointer...
K07702240: BIG-IP Resource Administrator vulnerability CVE-2019-6618
Security Advisory Description Users with the Resource Administrator role can modify sensitive portions of the file system if provided Advanced Shell access, such as editing /etc/passwd. This allows modifications to user objects and is contrary to our definition for the Resource Administrator role...
K21312421: Samba vulnerabilities CVE-2020-25718 and CVE-2021-23192
Security Advisory Description CVE-2020-25718 A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC read-only domain controller. This would allow an RODC to print administrator tickets. CVE-2021-23192 A flaw was found in the way samba implemented...
K54336216: SCP vulnerability CVE-2019-6679
Security Advisory Description The system does not properly enforce the access controls for the scp.whitelist and scp.blacklist files when paths are symbolic links symlinks. This allows authenticated users with Secure Copy SCP protocol access to overwrite certain configuration files that would...
K42899154: TLS Triple Handshake Vulnerability CVE-2015-6112
Security Advisory Description SChannel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 lacks the required extended master-secret binding support to ensure that a server's X.509...
K90233102: MySQL vulnerabilities CVE-2017-10294, CVE-2017-10296, CVE-2017-10311, CVE-2017-10313, and CVE-2017-10314
Security Advisory Description CVE-2017-10294 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with netwo...
K89002224: PHP vulnerability CVE-2016-7127
Security Advisory Description The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service out-of-bounds write or possibly have unspecified other impact by providing...
K19473400: Linux Kernel vulnerability CVE-2018-9516
Security Advisory Description In hiddebugeventsread of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product...
K47429080: Ghostscript vulnerability CVE-2016-7976
Security Advisory Description The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams. CVE-2016-7976 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has...
K66171422: BIG-IP APM redirect vulnerability CVE-2018-5548
Security Advisory Description An insecure AES ECB mode is used for origuri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user to build a redirect URI value using different blocks of cipher texts. CVE-2018-5548 Impact An...
K60104355: Linux kernel vulnerability CVE-2017-5970
Security Advisory Description The ipv4pktinfoprepare function in net/ipv4/ipsockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service system crash via 1 an application that makes crafted system calls or possibly 2 IPv4 traffic with invalid IP options. CVE-2017-597...
K37451543: TMM vulnerability CVE-2021-23007
Security Advisory Description When the Traffic Management Microkernel TMM process handles certain undisclosed traffic, it may start dropping all fragmented IP traffic. CVE-2021-23007 Impact TMM incorrectly determines that the fragment memory limit has been reached and drops all fragments it...
K53729441: MySQL vulnerability CVE-2016-2047
Security Advisory Description The sslverifyservercert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server...
K37830055: GnuTLS vulnerability CVE-2017-7507
Security Advisory Description GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application. CVE-2017-7507 Impact An attacker may be able to exploit this...
K02219239: PCRE vulnerability CVE-2020-14155
Security Advisory Description libpcre in PCRE before 8.44 allows an integer overflow via a large number after a ?C substring. CVE-2020-14155 Impact An attacker may be able cause an integer overflow that negatively impacts applications. Security Advisory Status F5 Product Development has assigned ...
K96670746: NTP vulnerability CVE-2017-6464
Security Advisory Description NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service ntpd crash via a malformed mode configuration directive. CVE-2017-6464 Impact A remote, authenticated attacker may abuse this vulnerability using a crafted message to cau...
K11601010: Intel Processor vulnerability CVE-2021-33149
Security Advisory Description Observable behavioral discrepancy in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access. CVE-2021-33149 Impact This vulnerability may allow an authorized user to potentially enable information disclosure...
K17175: OpenJDK vulnerability CVE-2015-4731
Security Advisory Description Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; Java SE Embedded 7u75; and Java SE Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. CVE-2015-4731 Impact Confidentiality is...
K40977030: glibc vulnerability CVE-2020-6096
Security Advisory Description An exploitable signed comparison vulnerability exists in the ARMv7 memcpy implementation of GNU glibc 2.30.9000. Calling memcpy on ARMv7 targets that utilize the GNU glibc implementation with a negative value for the 'num' parameter results in a signed comparison...
K87355575: glibc vulnerability CVE-2017-12132
Security Advisory Description The DNS stub resolver in the GNU C Library aka glibc or libc6 before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation. CVE-2017-12132 Impact...
K18132488: Appliance mode TMUI authenticated remote command execution vulnerability CVE-2021-22987
Security Advisory Description When running in Appliance mode, the Traffic Management User Interface TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. CVE-2021-22987 Note : For systems not running in Appliance mod...
K94408282: OpenNTPD vulnerability CVE-2016-5117
Security Advisory Description OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid certificate. CVE-2016-5117 Impact There is no impact; F5 products a...
K16835: ICU overflow vulnerabilities CVE-2014-8146 and CVE-2014-8147
Security Advisory Description CVE-2014-8146 The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode ICU before 55.1 does not properly track directionally isolated pieces of text, which allows remot...
K40452417: BIG-IP ASM memory exhaustion vulnerability CVE-2019-6682
Security Advisory Description The BIG-IP ASM system may consume excessive resources when processing certain types of HTTP responses from the origin web server. This vulnerability is only known to affect resource-constrained systems in which the security policy is configured with response-side...
K75934136: Linux kernel vulnerability CVE-2020-36313
Security Advisory Description An issue was discovered in the Linux kernel before 5.7. The KVM subsystem allows out-of-range access to memslots after a deletion, aka CID-0774a964ef56. This affects arch/s390/kvm/kvm-s390.c, include/linux/kvmhost.h, and virt/kvm/kvmmain.c. CVE-2020-36313 Impact Ther...
K55335001: Linux kernel vulnerability CVE-2019-15239
Security Advisory Description In the Linux kernel, a certain net/ipv4/tcpoutput.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to ...
K49348053: cURL vulnerability CVE-2017-8818
Security Advisory Description curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service out-of-bounds access and application crash or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library. CVE-2017-881...
K04224795: Java SE vulnerability CVE-2018-3211
Security Advisory Description Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Serviceability. Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181. Easily exploitable vulnerability allows low privileged attacker with logo...
K41102235: Tomcat vulnerability CVE-2021-43980
Security Advisory Description The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing but extremely hard to trigger concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to...
K24803507: Ghostscript vulnerability CVE-2018-15909
Security Advisory Description In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code. CVE-2018-15909 Impact There is no impact; F5 products a...
K85235351: cURL and libcurl vulnerability CVE-2016-8624
Security Advisory Description curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL...
K23157312: PostgreSQL vulnerability CVE-2020-13692
Security Advisory Description PostgreSQL JDBC Driver aka PgJDBC before 42.2.13 allows XXE. CVE-2020-13692 Impact F5 does not know of any specific F5 attack vectors; however, the threat could theoretically affect system availability and data confidentiality. Security Advisory Status F5 Product...
K17460: OpenLDAP vulnerability CVE-2015-6908
Security Advisory Description The bergetnext function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service reachable assertion and application crash via crafted BER data, as demonstrated by an attack against slapd. CVE-2015-6908 Impact A...
K3631: Stack-based buffer overflow in Apache - CAN-2004-0488
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K61275340: Java vulnerability CVE-2013-5823
Security Advisory Description Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via unknown vectors related to...
K5278: Apache mod_ssl SSLVerifyClient bypass - CAN-2005-2700
Security Advisory Description Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5...
K34352169: Apache Struts vulnerability CVE-2012-0393
Security Advisory Description The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object. CVE-2012-0393...
K15110: PHP Vulnerability CVE-2013-6420
Security Advisory Description The asn1timetotimet function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse 1 notBefore and 2 notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cau...