6294 matches found
K000137188: AMD CPU vulnerability CVE-2021-26401
Security Advisory Description LFENCE/JMP mitigation V2-2 may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs. CVE-2021-26401 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently supporte...
K000133687: MySQL vulnerabilities CVE-2023-21913, CVE-2023-21920, CVE-2023-21945, CVE-2023-21977, and CVE-2023-21982
Security Advisory Description CVE-2023-21913 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protoco...
K44340019: rpcbind use-after-free vulnerability CVE-2015-7236
Security Advisory Description Use-after-free vulnerability in xprtsetcaller in rpcbsvccom.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service daemon crash via crafted packets, involving a PMAPCALLIT code.CVE-2015-7236 Impact There is no impact; F5 products are not...
K49405623: Linux vulnerability CVE-2002-2438
Security Advisory Description TCP firewalls could be circumvented by sending a SYN Packets with other flags like e.g. RST flag set, which was not correctly discarded by the Linux TCP stack after firewalling. CVE-2002-2438 Impact There is no impact; F5 products are not affected by this...
K45616155: Nettle vulnerability CVE-2018-16869
Security Advisory Description A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extrac...
K54229563: Python vulnerability CVE-2010-3492
Security Advisory Description The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier...
K15261: Apache Struts vulnerability CVE-2014-0112
Security Advisory Description ParametersInterceptor in Apache Struts before 2.3.16.2 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. CVE-2014-0112 Impact None. F5 products do...
K04912972: NTP vulnerability CVE-2018-7185
Security Advisory Description The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service disruption by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim...
K02254805: InfiniBand vulnerability in the Linux kernel CVE-2016-4565
Security Advisory Description The InfiniBand aka IB stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service kernel memory write operation or possibly have unspecified other impact via a uAPI interface. CVE-2016-4565...
K00040234: BIND vulnerability CVE-2018-5744
Security Advisory Description A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 - 9.10.8-P1, 9.11.3 - 9.11.5-P1, 9.12.0 - 9.12.3-P1, and versions 9.10.7-S1 - 9.11.5-S3 of BIND 9 Supported Preview Edition...
K63545041: Server component of Oracle MySQL vulnerabilities CVE-2017-3317, CVE-2017-3318, and CVE-2017-3319
Security Advisory Description CVE-2017-3317 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Logging. Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker...
K46123931: cURL and libcurl vulnerability CVE-2016-8619
Security Advisory Description The function readdata in security.c in curl before version 7.51.0 is vulnerable to memory double free. CVE-2016-8619 Impact An attacker may use this vulnerability to exploit the usage of the cURL command with Kerberos authentication on custom BIG-IP monitors and/or t...
K35340595: Kerberos vulnerability CVE-2016-3120
Security Advisory Description The validateasrequest function in kdcutil.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.13.6 and 1.4.x before 1.14.3, when restrictanonymoustotgt is enabled, uses an incorrect client data structure, which allows remote authenticated users t...
K14601: BIND vulnerability CVE-2012-5689
Security Advisory Description ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service assertion failure and named daemon exit via a query...
K22541983: BIG-IP virtual servers with Client SSL and HTTP/2 or SPDY configured vulnerability CVE-2017-6163
Security Advisory Description In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, when a virtual server uses the standard configuration of HTTP/2 or SPDY profile with Client SSL profile, and the client initiates a...
K15956: Linux kernel vulnerability CVE-2014-2568
Security Advisory Description Use-after-free vulnerability in the nfqnlzcopy function in net/netfilter/nfnetlinkqueuecore.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the...
K15874: Samba vulnerability CVE-2013-4475
Security Advisory Description Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfsstreamsdepot or vfsstreamsxattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated...
K2355: Timing attacks on RSA private keys - CAN-2003-0147
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K20145801: Mozilla NSS vulnerability CVE-2016-1979
Security Advisory Description Use-after-free vulnerability in the PK11ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services NSS before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified othe...
K15236: ConfigSync IP Rsync full file system access vulnerability CVE-2014-2927
Security Advisory Description The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require...
K17381: OpenJDK vulnerability CVE-2014-0428
Security Advisory Description Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. CVE-2014-0428 Impact There is no impact; F5 products...
K9528: IPv6 Neighbor Discovery Protocol (NDP) vulnerability CVE-2008-2476 - VU#472363
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K30409575: ISC DHCP vulnerability CVE-2016-2774
Security Advisory Description ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service INSIST assertion failure or request-processing outage by establishing many sessions...
K04972684: PHP vulnerability CVE-2016-3185
Security Advisory Description The makehttpsoaprequest function in ext/soap/phphttp.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service type confusion and...
K16912: BIND vulnerability CVE-2015-4620
Security Advisory Description name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit by constructing...
K17453: Subversion vulnerabilities CVE-2015-0248, CVE-2015-0251, and CVE-2015-3187
Security Advisory Description CVE-2015-0248 The 1 moddavsvn and 2 svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service assertion failure and abort via crafted parameter combinations related to dynamically evaluated revisi...
K1907: mod_ssl and Apache_SSL buffer overflow - CAN-2002-0082
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K12915342: Linux kernel vulnerability CVE-2018-14625
Security Advisory Description A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect and close function may allow an attacker using the AFVSOCK protocol to gather a 4 byte informatio...
K84408873: Infinispan vulnerability CVE-2019-10174
Security Advisory Description A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new,...
K14410: Multiple MySQL vulnerabilities
Security Advisory Description For BIG-IP systems using the MySQL database, the following MySQL vulnerabilities may allow local users to gain knowledge of sensitive information, manipulate certain data, or cause a Denial of Service DoS: CVE-2011-2262 CVE-2012-0075 CVE-2012-0087 CVE-2012-0101...
K15345: GnuTLS vulnerability CVE-2014-3466
Security Advisory Description Buffer overflow in the readserverhello function in lib/gnutlshandshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service memory corruption or possibly execute arbitrary code via a long session id...
K16821: Apache Axis vulnerability CVE-2014-3596
Security Advisory Description The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers v...
K09417637: Samba vulnerability CVE-2015-3223
Security Advisory Description The ldbwildcardcompare function in ldbmatch.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service infini...
K21057235: libpng out-of-bounds read vulnerability CVE-2015-7981
Security Advisory Description The pngconverttorfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds...
K14560101: Wget vulnerability CVE-2019-5953
Security Advisory Description Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service DoS or may execute an arbitrary code via unspecified vectors. CVE-2019-5953 Impact There is no impact; F5 products are not affected by this vulnerability. Security...
K16365: glibc vulnerability CVE-2014-9402
Security Advisory Description The nssdns implementation of getnetbyname in GNU C Library aka glibc before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service infinite loop by sending a positive answer while a network...
K42438635: Linux kernel vulnerability CVE-2019-19072
Security Advisory Description A memory leak in the predicateparse function in kernel/trace/traceeventsfilter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memory consumption, aka CID-96c5c6e6a5b6. CVE-2019-19072 Impact May allow attackers to overflow memory...
K71522481: Java vulnerability CVE-2021-2163
Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition:...
K37301725: Linux kernel vulnerability CVE-2017-18270
Security Advisory Description In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service. CVE-2017-18270 Impact There is no impact; F5 products are not affected by this vulnerability. Security...
K34511555: BIG-IP and BIG-IQ AWS vulnerability CVE-2022-34844
Security Advisory Description When the Data Plane Development Kit DPDK/Elastic Network Adapter ENA driver is used with BIG-IP or BIG-IQ on Amazon Web Services AWS systems, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Successful exploitation relies on conditio...
K93959105: OpenSSL vulnerability CVE-2010-1633
Security Advisory Description RSA verification recovery in the EVPPKEYverifyrecover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requiremen...
K10321239: Intel CPU vulnerability CVE-2019-11157
Security Advisory Description Improper conditions check in voltage settings for some IntelR Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure via local access. CVE-2019-11157 Impact There is no impact; F5 products are not affect...
K23200408: reposync vulnerability CVE-2018-10897
Security Advisory Description A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the...
K39508724: TMM SSL/TLS virtual server vulnerability CVE-2016-6907
Security Advisory Description TMM SSL/TLS virtual server using CBC cipher may be vulnerable to a "Vaudenay timing attack" aka 'Padding oracle attack.' CVE-2016-6907 The BIG-IP system may be vulnerable to a padding oracle attack on the following platforms: The VIPRION B4450 blade and BIG-IP 2000 a...
K17341495: Traffix SDC Configuration utility vulnerability CVE-2022-27880
Security Advisory Description A stored Cross-Site Scripting XSS vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. CVE-2022-27880 Impact An authenticated attacker may...
K58502649: MySQL vulnerabilities CVE-2018-3123, CVE-2019-2566, CVE-2019-2580, CVE-2019-2581, CVE-2019-2584
Security Advisory Description CVE-2018-3123 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: libmysqld. Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows unauthenticated...
K57255643: libssh vulnerability CVE-2016-0739
Security Advisory Description libssh before 0.7.3 improperly truncates ephemeral secrets generated for the 1 diffie-hellman-group1 and 2 diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via...
K1648: OpenSSH array overflow - CAN-2002-0083
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K16396: GnuPG vulnerability CVE-2013-4576
Security Advisory Description GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryptio...
K71021401: Oracle Java SE vulnerability CVE-2018-2796
Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Concurrency. Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows...