6294 matches found
K68942513: Java vulnerability CVE-2013-5780
Security Advisory Description Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via...
K37111863: NodeJS vulnerability CVE-2018-12120
Security Advisory Description Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with node --debug or node debug, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the...
K04327352: Multiple MySQL data manipulation language vulnerabilities
Security Advisory Description CVE-2017-3634 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DML. Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network acces...
K27638900: Apache Struts vulnerability CVE-2017-15707
Security Advisory Description In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload. CVE-2017-15707 Impact There is no impact; F5 products are not affecte...
K01311152: Linux kernel vulnerabilities CVE-2020-36322 and CVE-2021-28950
Security Advisory Description CVE-2020-36322 An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fusedogetattr calls makebadinode in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability w...
K29814751: Intel AMT vulnerabilities CVE-2020-0537, CVE-2020-0538, and CVE-2020-0540
Security Advisory Description CVE-2020-0537 Improper input validation in subsystem for IntelR AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow a privileged user to potentially enable denial of service via network access. CVE-2020-0538 Improper input validation in subsystem fo...
K50112422: Linux kernel vulnerability CVE-2020-11884
Security Advisory Description In the Linux kernel through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enablesacfuaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. ...
K19356280: Cognito Software Moneyworks vulnerability CVE-2017-9615
Security Advisory Description Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file. CVE-2017-9615 Impact There is no impact; F5 products are...
K51197241: ICU vulnerability CVE-2020-10531
Security Advisory Description An issue was discovered in International Components for Unicode ICU for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend function in common/unistr.cpp. CVE-2020-10531 Impact There is no impact; F5...
K16356: BIND vulnerability CVE-2015-1349
Security Advisory Description named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service assertion failure and daemon exit, or daemon crash by triggering a...
K21274200: Linux kernel vulnerability CVE-2017-16914
Security Advisory Description The "stubsendretsubmit" function drivers/usb/usbip/stubtx.c in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service NULL pointer dereference via a specially crafted USB over IP packet. CVE-2017-16914 Impact...
K30110324: Multiple Node.js vulnerabilities
Security Advisory Description CVE-2013-7451 The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag. CVE-2013-7452 The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting XSS filter via a...
K20722197: Samba vulnerability CVE-2017-2619
Security Advisory Description Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition. CVE-2017-2619 Impact There is no impact; F5 products are not affected b...
K90024104: BIG-IP HTTP MRF vulnerability CVE-2022-35272
Security Advisory Description When source-port preserve-strict is configured on an HTTP Message Routing Framework MRF virtual server, undisclosed traffic may cause the Traffic Management Microkernel TMM to produce a core file and the connection to terminate. CVE-2022-35272 Impact Traffic is...
K70191975: Apache Xerces vulnerability CVE-2016-4463
Security Advisory Description Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD. CVE-2016-4463 Impact An attacker requires privileged access to a dynamically generated XML file to exploit one of th...
K10522033: Intel CSME and TXE vulnerability CVE-2019-0098
Security Advisory Description Logic bug vulnerability in subsystem for IntelR CSME before version 12.0.35, IntelR TXE before 3.1.65, 4.0.15 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. CVE-2019-0098 Impact An attacker with physical access to...
K35925420: Intel software vulnerabilities CVE-2020-8754, CVE-2020-8757, CVE-2020-8760, CVE-2020-12356
Security Advisory Description CVE-2020-8754 Out-of-bounds read in subsystem for IntelR AMT, IntelR ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access. CVE-2020-8757 Out-of-bounds re...
K21882212: Intel software vulnerabilities CVE-2020-8750 CVE-2020-12355
Security Advisory Description CVE-2020-8750 Use after free in Kernel Mode Driver for IntelR TXE versions before 3.1.80 and 4.0.30 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2020-12355 Authentication bypass by capture-replay in RPMB protocol...
K49144112: tcpdump vulnerabilities CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937, and CVE-2016-7939
Security Advisory Description CVE-2016-7934 The RTCP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtcpprint. CVE-2016-7935 The RTP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtpprint. CVE-2016-7936 The UDP parser in tcpdump before 4.9.0 has a buffer...
K26738102: BIG-IP APM SSO vulnerability CVE-2016-3687
Security Advisory Description Insufficient validation of the SSOORIGURI parameter occurs when using multi-domain single sign-on SSO. CVE-2016-3687 Impact An attacker may be able to tamper with the URL used to redirect the user in a multi-domain SSO environment by using BIG-IP APM. Systems that do...
K13249530: Apache Kylin vulnerability CVE-2022-24697
Security Advisory Description Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of -- conf= to inject any operating...
K15376: OpenSSL 0.9.8k vulnerability CVE-2009-0789
Security Advisory Description OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service invalid memory access and application crash by placing this structure in the public key of a...
K44305703: NTP vulnerability CVE-2020-11868
Security Advisory Description The ntpd daemon in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid orig...
K01587042: BIG-IP SPDY and HTTP/2 profile vulnerability CVE-2016-7475
Security Advisory Description Under some circumstances, the Traffic Management Microkernel TMM may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles. CVE-2016-7475 Impact In many cases, the pool members will tear down these network connections...
K98776835: Apache Tomcat vulnerability - CVE-2018-8037
Security Advisory Description If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present in the NIO and NI...
K94563344: HTTP/2 ALPN vulnerability CVE-2019-6619
Security Advisory Description The Traffic Management Microkernel TMM may restart when a virtual server has an HTTP/2 profile with Application Layer Protocol Negotiation ALPN enabled and it processes traffic where the ALPN extension size is zero. CVE-2019-6619 Impact BIG-IP The Traffic Management...
K82069123: ISC BIND vulnerability CVE-2018-5736
Security Advisory Description An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by an attacker who is...
K68785753: ImageMagick vulnerability CVE-2015-8898
Security Advisory Description The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted image file. CVE-2015-8898 Impact BIG-IP systems that use a WebAcceleration profile configured wit...
K55543151: BIG-IP TMUI vulnerability CVE-2021-23025
Security Advisory Description An authenticated remote command execution vulnerability exists in the BIG-IP Configuration utility. CVE-2021-23025 Impact This vulnerability may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or...
K25499204: Samba vulnerability CVE-2015-8467
Security Advisory Description The samldbcheckuseraccountcontrolacl function in dsdb/samdb/ldbmodules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote...
K68013105: OpenSSL vulnerability CVE-2022-1343
Security Advisory Description The function OCSPbasicverify verifies the signer certificate on an OCSP response. In the case where the non-default flag OCSPNOCHECKS is used then the response will be positive meaning a successful verification even in the case where the response signing certificate...
K31211252: glibc vulnerability CVE-2014-9761
Security Advisory Description Multiple stack-based buffer overflows in the GNU C Library aka glibc or libc6 before 2.23 allow context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via a long argument to the 1 nan, 2 nanf, or 3 nanl function...
K62602089: Binutils vulnerabilities CVE-2018-20002 and CVE-2018-20657
Security Advisory Description CVE-2018-20002 The bfdgenericreadminisymbols function in syms.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service memory consumption, as demonstrated by...
K01409145: Oracle MySQL vulnerability CVE-2016-0641
Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect confidentiality and availability via vectors related to MyISAM. CVE-2016-0641 Impact This vulnerability may allow local users to affe...
K56061418: glibc vulnerability CVE-2016-6323
Security Advisory Description The makecontext function in the GNU C Library aka glibc or libc6 before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI 32-bit platforms, which might allow context-dependent attackers to cause a denial of service hang, as demonstrated by...
K26462555: BIG-IP ASM and BIG-IQ/Enterprise Manager/F5 iWorkflow device authentication and trust vulnerability CVE-2019-6665
Security Advisory Description An attacker with access to the device communication between the BIG-IP ASM Central Policy Builder and the BIG-IQ/Enterprise Manager/F5 iWorkflow will be able to set up the proxy the same way and intercept the traffic. CVE-2019-6665 Impact BIG-IP ASM / BIG-IQ /...
K70949911: Glib vulnerability CVE-2019-14822
Security Advisory Description A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrok...
K04403302: Apache Struts 1 vulnerability CVE-2016-1182
Security Advisory Description ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting XSS attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899...
K42185012: Java vulnerability CVE-2017-10118
Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JCE. Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticat...
K91171450: BIG-IP engineering hotfix Trusted Platform Module vulnerability CVE-2020-5851
Security Advisory Description On impacted versions and platforms, the Trusted Platform Module TPM system integrity check cannot detect modifications to specific system components. CVE-2020-5851 Impact BIG-IP The Trusted Platform Module TPM on the BIG-IP iSeries platforms i850, i2000, i4000, i5000...
K75042242: QEMU 4.0 vulnerability CVE-2019-12155
Security Advisory Description interfacereleaseresource in hw/display/qxl.c in QEMU 4.0.0 has a NULL pointer dereference. CVE-2019-12155 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently...
K44164245: XSS vulnerability CVE-2013-2618
Security Advisory Description Cross-site scripting XSS vulnerability in editor.php in Network Weathermap before 0.97b allows remote attackers to inject arbitrary web script or HTML via the maptitle parameter. CVE-2013-2618 Impact There is no impact; F5 products are not affected by this...
K50314830: Samba MITM vulnerability CVE-2017-11103
Security Advisory Description Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In krb5extractticket the KDC-REP service name must be obtained from t...
K15314: OpenSSL vulnerability CVE-2011-4577
Security Advisory Description OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service assertion failure via an X.509 certificate containing certificate-extension data associated with 1 IP address blocks or 2 Autonomous...
K33757590: BIG-IP Edge Client for Windows vulnerability CVE-2021-23023
Security Advisory Description A DLL hijacking issue exists in cachecleaner.dll included in the BIG-IP Edge Client Windows Installer. CVE-2021-23023 Impact This vulnerability may be exploited to allow an unprivileged user to use a malicious DLL to gain privilege escalation on the client Windows...
K15901: Apache HTTP server vulnerability CVE-2012-2687
Security Advisory Description Multiple cross-site scripting XSS vulnerabilities in the makevariantlist function in modnegotiation.c in the modnegotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web scri...
K17169: Java vulnerability CVE-2015-2625
Security Advisory Description Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JSSE. CVE-2015-2625 Impact Confidentiality is affected when exploited by...
K39250133: glibc vulnerability CVE-2015-8779
Security Advisory Description Stack-based buffer overflow in the catopen function in the GNU C Library aka glibc or libc6 before 2.23 allows context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via a long catalog name. CVE-2015-8779 Impact ...
K17130: Linux kernel vulnerability CVE-2015-1420
Security Advisory Description Race condition in the handletopath function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handlebytes value of a file handle during...
K9592: bzip2 vulnerability CVE-2008-1372
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...