6401 matches found
K15901: Apache HTTP server vulnerability CVE-2012-2687
Security Advisory Description Multiple cross-site scripting XSS vulnerabilities in the makevariantlist function in modnegotiation.c in the modnegotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web scri...
K15897: Wget vulnerability CVE-2014-4877
Security Advisory Description Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of...
K02433339: Linux kernel vulnerability CVE-2017-15128
Security Advisory Description A flaw was found in the hugetlbmcopyatomicpte function in mm/hugetlb.c in the Linux kernel before 4.13.12. A lack of size check could cause a denial of service BUG. CVE-2017-15128 Impact There is no impact; F5 products are not affected by this vulnerability. Security...
K93504311: TMM vulnerability CVE-2022-34655
Security Advisory Description When an iRule containing the HTTP::payload command is configured on a virtual server, undisclosed traffic can cause Traffic Management Microkernel TMM to terminate. CVE-2022-34655 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a...
K17527: NTP vulnerability CVE-2015-7705
Security Advisory Description The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. CVE-2015-7705 Impact An attacker with the ability to spoof multiple client requests may be able to...
K12567: BIND vulnerability CVE-2010-3614
Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...
K81601350: BIG-IP PEM vulnerability CVE-2017-6144
Security Advisory Description When downloading the Type Allocation Code TAC database file via HTTPS, the server's certificate is not verified. Attackers in a privileged network position may be able to launch a man-in-the-middle attack against these connections. TAC databases are used in BIG-IP PE...
K53442005: BIG-IP VE vulnerability CVE-2022-23030
Security Advisory Description When the BIG-IP Virtual Edition VE uses the ixlv driver which is used in SR-IOV mode and requires Intel X710/XL710/XXV710 family of network adapters on the Hypervisor and TCP Segmentation Offload configuration is enabled, undisclosed requests may cause an increase in...
K23893104: QEMU vulnerability CVE-2017-13672
Security Advisory Description QEMU aka Quick Emulator, when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service out-of-bounds read and QEMU process crash via vectors involving display update. CVE-2017-13672. Impact There is no impact; F...
K93445609: phpMyAdmin vulnerabilities
Security Advisory Description CVE-2016-1927 The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a...
K14734: Apache HTTP server vulnerability CVE-2013-2249
Security Advisory Description modsessiondbd.c in the modsessiondbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors...
SOL15922322 - MySQL vulnerability CVE-2016-8288
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL44340019 - rpcbind use-after-free vulnerability CVE-2015-7236
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL38310742 - Kerberos vulnerability CVE-2015-8629
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL81732330 - Poppler vulnerability CVE-2013-4473
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL57500018 - ISC DHCP 4.x vulnerability CVE-2015-8605
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL59692558 - BIND vulnerability CVE-2016-2088
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL86533083 - BIND vulnerability CVE-2015-8705
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL4602: Overview of the F5 security vulnerability response policy SOL9957: Creating a custom RSS feed to view new and updated documents SOL4918: Overview of the F5...
SOL30673534 - BIND vulnerability CVE-2015-8461
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL17156 - PHP vulnerability CVE-2014-5298
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...
SOL17119 - MySQL vulnerability CVE-2015-2576
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL16990 - zlib 1.2.2 vulnerability CVE-2005-1849
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...
SOL16970 - TLS Finish Message vulnerability
The BIG-IP system does not verify every byte in the Finished message of a TLS handshake...
SOL16781 - Linux kernel vulnerability CVE-2014-3535
include/linux/netdevice.h in the Linux kernel before 2.6.36 incorrectly uses macros for netdevprintk and its related logging implementation, which allows remote attackers to cause a denial of service NULL pointer dereference and system crash by sending invalid packets to a VxLAN interface...
SOL16715 - Multiple LibTIFF vulnerabilities
Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...
SOL16090 - BIG-IP Automatic Update Check and ASM Automatic Signature Update man-in-the-middle vulnerability CVE-2014-9326
The BIG-IP Phone Home and ASM Call Home automatic signature update functionality is susceptible to Man-in-the-Middle type attacks due to improper validation of server SSL certificates. CVE-2014-9326...
SOL16435 - GNU C Library vulnerability CVE-2014-6040
Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...
SOL16118 - libXfont vulnerabilities CVE-2014-0209, CVE-2014-0210 and CVE-2014-0211
Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...
SOL15807 - cURL and libcurl vulnerability CVE-2014-1263
Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. Supplemental...
SOL15729 - Associative array vulnerability CVE-2014-3631
The assocarraygc function in the associative-array implementation in lib/assocarray.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified othe...
SOL15743 - BIND vulnerability CVE-2011-2465
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL15565 - OpenSSL vulnerability CVE-2014-3512
Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To mitigate this...
SOL15439 - Samba vulnerability CVE-2014-0244
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy...
SOL15296 - list.jsp XSS vulnerability CVE-2014-3959
A cross-site scripting XSS vulnerability exists in list.jsp for the BIG-IP and Enterprise Manager Configuration utilities. CVE-2014-3959...
SOL15220 - iControl vulnerability CVE-2014-2928
Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...
SOL15013 - OpenSSH vulnerability CVE-2011-0539
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy...
SOL14154 - SQL injection vulnerability from an authenticated source CVE-2012-3000
Vulnerability Recommended Actions To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column. Acknowledgements F5 would like to acknowledge SEC Consult Vulnerability Lab for bringing this issue to our attention, and for following the...
SOL13838 - XSS vulnerability CVE-2012-2975
Vulnerability Recommended Actions To eliminate this vulnerability, upgrade to a version or hotfix that is listed in the Versions known to be not vulnerable column in the previous table. Acknowledgements F5 would like to acknowledge Roger Wemyss with Dell SecureWorks for his efforts in identifying...
SOL12985 - BIND vulnerability CVE-2011-1910
Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service assertion failure and daemon exit via a negative response containing large RRSIG RRsets...
SOL3279 - Heap-based buffer overflow in mod_proxy - CAN-2004-0492
Heap-based buffer overflow in proxyutil.c for modproxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service process crash and possibly execute arbitrary code by way of a negative Content-Length HTTP header field, which causes a large amount of data to be copied...
SOL6919 - Cross-site scripting vulnerability in my.activation.php3 CVE-2007-3097
A cross-site scripting XSS vulnerability exists in the FirePass my.activation.php3 logon page.The affected FirePass logon URL fails to fully sanitize certain URL arguments before the requested web page content is returned to the browser. It is possible for an attacker to create web pages, emails ...
K000150232: Multiple PHP vulnerabilities
Security Advisory Description CVE-2007-2728 The soap extension in PHP calls phprandr with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcryptcreateiv issue covered by CVE-2007-2727. Note: The PHP team argue that this is not a valid security...
K000148709: Multiple Intel Ethernet Controllers and Adapters vulnerabilities
Security Advisory Description CVE-2024-21806 Improper conditions check in Linux kernel mode driver for some IntelR Ethernet Network Controllers and Adapters E810 Series before version 28.3 may allow an authenticated user to potentially enable denial of service via local access. CVE-2024-21807...
K000148314: MySQL vulnerabilities CVE-2024-21232 and CVE-2024-21212
Security Advisory Description CVE-2024-21232 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Components Services. Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with...
K000148248: less vulnerability CVE-2024-32487
Security Advisory Description less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive...
K000141353: Multiple PHP vulnerabilities
Security Advisory Description CVE-2019-9024 An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpcdecode can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64decodexmlrpc in...
K000141129: Python vulnerability CVE-2024-35195
Security Advisory Description Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of...
K000140865: Linux kernel vulnerability CVE-2023-45871
Security Advisory Description An issue was discovered in drivers/net/ethernet/intel/igb/igbmain.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU. CVE-2023-45871 Impact An attacker can exploit the vulnerability to access...
K000140863: Busybox vulnerability CVE-2022-48174
Security Advisory Description There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution. CVE-2022-48174 Impact There is no impact; F5 products are not affect...
K000140414: Loop DOS UDP vulnerability CVE-2024-2169
Security Advisory Description Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service DOS and/or abuse of resources. CVE-2024-2169 Impact The...