SOL11720 - Samba server vulnerability CVE-2010-2063

A buffer overflow in smbd for Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted field in a packet. Information about this advisory is available at the following location:...

SOL10417 - BIG-IP ASM and PSM remote buffer overflow exploit

F5 Product Development tracked this issue as CR126690 and it was fixed in BIG-IP ASM and PSM 9.4.8 and 10.1.0. For information about upgrading, refer to the BIG-IP ASM or PSM release notes. Important: This issue was re-introduced in 9.4.8 HF-1, and then fixed in 9.4.8 HF-2 and later as CR133530...

SOL8918 - Linux kernel vulnerability CVE-2007-3851

A flaw in the DRM driver for Intel graphics cards allows a local user to access any part of the main memory. To access the DRM functionality a user must have access to the X server, which is granted through the graphical login. This also only affects systems with an Intel 965 or later graphic...

SOL8406 - The BIG-IP ASM web management interface cross-site scripting vulnerability CVE-2008-0539

The F5 BIG-IP ASM web management interface contains a cross-site scripting vulnerability in the Security Report function. The vulnerability is within the BIG-IP ASM portion of the Configuration utility and can be accessed successfully only if the browser user is authenticated and the BIG-IP ASM...

SOL3279 - Heap-based buffer overflow in mod_proxy - CAN-2004-0492

Heap-based buffer overflow in proxyutil.c for modproxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service process crash and possibly execute arbitrary code by way of a negative Content-Length HTTP header field, which causes a large amount of data to be copied...

SOL4232 - BIND version 8.4.4 and 8.4.5 vulnerability - CAN-2005-0033

A buffer overflow in the code for recursion and glue fetching in BIND 8.4.4 and 8.4.5 allows remote attackers to cause a denial of service. Information about this advisory is available at the following location: Note: This link takes you to a resource outside of AskF5, and it is possible that the...

K000148895: Intel UEFI firmware vulnerabilities CVE-2023-2235, CVE-2023-23904, and CVE-2023-25546

Security Advisory Description CVE-2023-22351 Out-of-bounds write in UEFI firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2023-23904 NULL pointer dereference in the UEFI firmware for some IntelR Processors may allo...

K000140908: MySQL Server vulnerability CVE-2024-21134

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Connection Handling. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via...

K000140865: Linux kernel vulnerability CVE-2023-45871

Security Advisory Description An issue was discovered in drivers/net/ethernet/intel/igb/igbmain.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU. CVE-2023-45871 Impact An attacker can exploit the vulnerability to access...

K000140863: Busybox vulnerability CVE-2022-48174

Security Advisory Description There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution. CVE-2022-48174 Impact There is no impact; F5 products are not affect...

K000140039: Intel QAT vulnerability CVE-2023-32641

Security Advisory Description Improper input validation in firmware for IntelR QAT before version QAT20.L.1.0.40-00004 may allow escalation of privilege and denial of service via adjacent access. CVE-2023-32641 Impact There is no impact; F5 products are not affected by this vulnerability. Securit...

K000139612: NGINX HTTP/3 QUIC vulnerability CVE-2024-35200

Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate. CVE-2024-35200 Note : This issue affects NGINX systems compiled with the ngxhttpv3module module, where the...

K000139637: Expat vulnerability CVE-2024-28757

Security Advisory Description libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers created via XMLExternalEntityParserCreate. CVE-2024-28757 Impact An attacker may be able to use an XML Entity Expansion attack, consuming all system resources...

K000139140: util-linux vulnerability CVE-2024-28085

Security Advisory Description wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not...

K000137334: F5 Application Visibility and Reporting module and BIG-IP Advanced WAF/ASM vulnerability CVE-2024-23805

Security Advisory Description Undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and th...

K000136903: OpenSSL Diffie-Hellman vulnerability CVE-2023-3446

Security Advisory Description Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHcheck, DHcheckex or EVPPKEYparamcheck to check a DH key or DH parameters may experience long delays. Where the key or parameters tha...

K000135921: Python urllib.parse vulnerability CVE-2023-24329

Security Advisory Description An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. CVE-2023-24329 Impact F5 products do not ship with Python scripts that utilize the affected Python...

K000135852: FasterXML jackson-databind vulnerability CVE-2022-42003

Security Advisory Description In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAPSINGLEVALUEARRAYS feature is enabled. Additional fix version in 2.13.4.1 a...

K000135674: HarfBuzz vulnerability CVE-2023-25193

Security Advisory Description hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger On^2 growth via consecutive marks during the process of looking back for base glyphs when attaching marks. CVE-2023-25193 Impact There is no impact; F5 products are not affected by this...

K000133644: Linux kernel vulnerability CVE-2023-0266

Security Advisory Description A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRVCTLIOCTLELEMREAD|WRITE32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend...

K000132965: Apache vulnerability CVE-2023-27522

Security Advisory Description HTTP Response Smuggling vulnerability in Apache HTTP Server via modproxyuwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client. CVE-2023-27522...

K14051233: Linux kernel vulnerability CVE-2017-13715

Security Advisory Description The skbflowdissect function in net/core/flowdissector.c in the Linux kernel before 4.3 does not ensure that nproto, ipproto, and thoff are initialized, which allows remote attackers to cause a denial of service system crash or possibly execute arbitrary code via a...

K01276005: OpenSSL vulnerability CVE-2016-2182

Security Advisory Description The BNbn2dec function in crypto/bn/bnprint.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service out-of-bounds write and application crash or possibly have unspecified other impact via unknow...

K16940442: Java SE vulnerability CVE-2018-3136

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacke...

K15359: OpenSSL vulnerability CVE-2009-1378

Security Advisory Description Multiple memory leaks in the dtls1processoutofseqmessage function in ssl/d1both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service memory consumption via DTLS records that 1 are duplicates or 2 have sequence numbers muc...

K14930: PHP vulnerability CVE-2011-4718

Security Advisory Description Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID. CVE-2011-4718 Impact None Security Advisory Status To determine if your release is known to be vulnerable, the...

K45452200: Python-Pillow vulnerability CVE-2021-25287

Security Advisory Description An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2kugrayala. CVE-2021-25287 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated th...

K20541896: iControl REST and tmsh vulnerability CVE-2019-6621

Security Advisory Description On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, 11.6.1-11.6.3.4, and 11.5.2-11.5.8 and BIG-IQ 7.0.0-7.1.0.2, 6.0.0-6.1.0, and 5.1.0-5.4.0, an undisclosed iControl REST worker is vulnerable to command injection by an admin/resource admin...

K17517: NTP vulnerability CVE-2015-7701

Security Advisory Description Memory leak in the CRYPTOASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service memory consumption. CVE-2015-7701 Impact An attacker could send packets tontpd that may, after several days of...

K15865: Apache HTTP server vulnerability CVE-2012-4558

Security Advisory Description Multiple cross-site scripting XSS vulnerabilities in the balancerhandler function in the manager interface in modproxybalancer.c in the modproxybalancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject...

K15156: OpenSSH vulnerability CVE-2009-2904

Security Advisory Description A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux RHEL 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files withi...

K15150: cURL and libcurl vulnerability CVE-2013-4545

Security Advisory Description cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification CURLOPTSSLVERIFYHOST when the digital signature verification CURLOPTSSLVERIFYPEER is disabled, which allows man-in-the-middle attackers to spo...

K05770600: Linux libuser vulnerability CVE-2015-3246

Security Advisory Description libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service inconsistent file state by causing an error during the modification. NOTE:...

K51470205: Intel DAL vulnerability CVE-2019-0170

Security Advisory Description Buffer overflow in subsystem in IntelR DAL before version 12.0.35 may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2019-0170 Impact Traffix SDC An attacker with local access to the system can exploit this vulnerability...

K44110411: BIG-IP SIP ALG vulnerability CVE-2022-23025

Security Advisory Description When a SIP ALG profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-23025 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows an unauthenticated remot...

K20038622: Multiple Apache Tomcat vulnerabilities

Security Advisory Description CVE-2013-1976 The 1 tomcat5, 2 tomcat6, and 3 tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a...

K41738501: Mozilla NSS vulnerability CVE-2018-12384

Security Advisory Description When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not...

K23435400: Intel CPU vulnerability CVE-2022-0004

Security Advisory Description Hardware debug modes and processor INIT setting that allow override of locks for some IntelR Processors in IntelR Boot Guard and IntelR TXT may allow an unauthenticated user to potentially enable escalation of privilege via physical access. CVE-2022-0004 Impact There...

K73837233: Intel processors vulnerability CVE-2019-0117

Security Advisory Description Insufficient access control in protected memory subsystem for IntelR SGX for 6th, 7th, 8th, 9th Generation IntelR CoreTM Processor Families; IntelR XeonR Processor E3-1500 v5, v6 Families; IntelR XeonR E-2100 & E-2200 Processor Families with IntelR Processor Graphics...

K23134279: Node.js vulnerability CVE-2016-2216

Security Advisory Description The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters...

K16366: GNU C Library (glibc) vulnerability CVE-2015-1472

Security Advisory Description stdio-common/vfscanf.c has an ADDW macro that tries to determine whether to use malloc or alloca for allocations. But in the malloc case, it only allocates newsize bytes instead of the required newsize sizeof CHART. Thus the allocated buffer gets overrun in the...

K16505: NTP vulnerability CVE-2015-1798

Security Advisory Description The symmetric-key feature in the receive function in ntpproto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC...

K48187630: Multiple grub2 vulnerabilities

Security Advisory Description CVE-2020-14308 In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity...

K15220: iControl vulnerability CVE-2014-2928

Security Advisory Description The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 11.0.0 throu...

K15784: Kerberos vulnerability CVE-2013-1418

Security Advisory Description The setupserverrealm function in main.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted...

K15785: Kerberos vulnerability CVE-2013-6800

Security Advisory Description An unspecified third-party database module for the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.10.x allows remote authenticated users to cause a denial of service NULL pointer dereference and daemon crash via a crafted request, a different vulnerability...

K3279: Heap-based buffer overflow in mod_proxy - CAN-2004-0492

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K15358: OpenSSL vulnerability CVE-2009-0590

Security Advisory Description The ASN1STRINGprintex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service invalid memory access and application crash via vectors that trigger printing of a 1 BMPString or 2 UniversalString with an invalid encoded length...

K17248: OpenSSL vulnerability CVE-2010-0742

Security Advisory Description The Cryptographic Message Syntax CMS implementation in crypto/cms/cmsasn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or...

K08421805: GStreamer vulnerability CVE-2016-9635

Security Advisory Description Heap-based buffer overflow in the flxdecodedeltafli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service application crash by providing a skip count that goes...