6294 matches found
K000150232: Multiple PHP vulnerabilities
Security Advisory Description CVE-2007-2728 The soap extension in PHP calls phprandr with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcryptcreateiv issue covered by CVE-2007-2727. Note: The PHP team argue that this is not a valid security...
K000148690: Qt vulnerability CVE-2023-32573
Security Advisory Description In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont munitsPerEm initialization is mishandled. CVE-2023-32573 Impact A remote attacker may be able to cause a denial-of-service DoS on the system. Security Advisor...
K000141129: Python vulnerability CVE-2024-35195
Security Advisory Description Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of...
K000140108: NGINX Plus MQTT vulnerability CVE-2024-39792
Security Advisory Description When NGINX Plus is configured to use the MQTT filter module, undisclosed requests can cause an increase in memory resource utilization. CVE-2024-39792 Impact System performance can degrade until the NGINX master and worker processes are either forced to restart or ar...
K000139922: Open vSwitch vulnerabilities CVE-2023-3966 and CVE-2023-5366
Security Advisory Description CVE-2023-3966 A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is...
K000139580: MySQL Server vulnerability CVE-2024-20998
Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...
K000138728: BIG-IP IPsec vulnerability CVE-2024-33608
Security Advisory Description When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. CVE-2024-33608 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote unauthenticated attacker to...
K000139236: Apache Traffic Server HTTP/2 CONTINUATION DoS attack vulnerability CVE-2024-31309
Security Advisory Description HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. CVE-2024-31309 Impact There is no impact; F5 products are not affected by this...
K000139026: NTP vulnerability CVE-2009-3563
Security Advisory Description ntprequest.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service CPU and bandwidth consumption by using MODEPRIVATE to send a spoofed 1 request or 2 response packet that triggers a continuous exchange of MODEPRIVATE error...
K000138977: ncurses vulnerability CVE-2022-29458
Security Advisory Description ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convertstrings in tinfo/readentry.c in the terminfo library. CVE-2022-29458 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Stat...
K000138726: Linux kernel vulnerability CVE-2023-3611
Security Advisory Description An out-of-bounds write vulnerability in the Linux kernel's net/sched: schqfq component can be exploited to achieve local privilege escalation. The qfqchangeagg function in net/sched/schqfq.c allows an out-of-bounds write because lmax is updated according to packet...
K11453402: BIG-IP Cookie encryption security exposure
Security Advisory Description When HTTP Profile Cookie encryption is enabled, duplicate HTTP cookies may be passed on to back-end servers. This issue occurs when the following condition is met: The virtual server has an HTTP Profile with Cookie Encryption enabled. Impact The back-end pool member...
K000137966: Apache Tomcat vulnerability CVE-2023-42794
Security Advisory Description Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a potential denial of service on Window...
K000137875: PostGreSQL vulnerability CVE-2018-1058
Security Advisory Description A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected...
K000136185: BIG-IP Edge Client for macOS vulnerability CVE-2023-43611
Security Advisory Description The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. CVE-2023-43611 Note : This vulnerability is due to an incomplete fix for CVE-2023-38418. Impact An attacker with an ability to run...
K000137186: Linux kernel vulnerability CVE-2022-3564
Security Advisory Description A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2capreassemblesdu of the file net/bluetooth/l2capcore.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply ...
K000137002: systemd vulnerability CVE-2020-13529
Security Advisory Description An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets...
K000134768: Linux kernel vulnerability CVE-2022-4378
Security Advisory Description A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. CVE-2022-4378 Impact A locally...
K000134725: vm2 vulnerability CVE-2023-29017
Security Advisory Description vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Prior to version 3.9.15, vm2 was not properly handling host objects passed to Error.prepareStackTrace in case of unhandled async errors. A threat actor could bypass the sandbox...
K000133759: Python vulnerability CVE-2020-26116
Security Advisory Description http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of...
K000134500: Spring Framework vulnerability CVE-2023-20860
Security Advisory Description Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...
K000133752: OpenSSL vulnerability CVE-2023-1255
Security Advisory Description Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash ...
K52521791: vCMP Cavium Nitrox SSL hardware accelerator vulnerability CVE-2018-5507
Security Advisory Description vCMP guests running on VIPRION 2100, 4200 and 4300 series blades cannot correctly decrypt ciphertext from established SSL sessions with small MTU. CVE-2018-5507 Impact BIG-IP The affected SSL connections are terminated unexpectedly. ARX / BIG-IQ / Enterprise Manager ...
K66871452: PowerDNS vulnerability CVE-2015-5311
Security Advisory Description PowerDNS aka pdns Authoritative Server 3.4.4 before 3.4.7 allows remote attackers to cause a denial of service assertion failure and server crash via crafted query packets. CVE-2015-5311 Impact There is no impact; F5 products are not affected by this vulnerability...
K55001100: glibc vulnerability CVE-2015-5180
Security Advisory Description resquery in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service NULL pointer dereference and process crash. CVE-2015-5180 Impact For this vulnerability, an attacker must have local access to the system and know how to make the glibc...
K15351: OpenSSL DTLS ChangeCipherSpec vulnerability CVE-2009-1386
Security Advisory Description ssl/s3pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a DTLS ChangeCipherSpec packet that occurs before ClientHello. CVE-2009-1386 Impact None Security Advisory Status To determine if...
K41704442: Reflected XSS vulnerability in an undisclosed Configuration utility page CVE-2018-15315
Security Advisory Description A reflected Cross-Site Scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the current logged-in user. CVE-2018-15315 Impact BIG-IP A remote unauthenticated...
K15783: Kerberos vulnerability CVE-2013-1417
Security Advisory Description dotgsreq.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service daemon crash via a TGS-REQ request that triggers an attempted...
K61420264: Linux kernel vulnerability CVE-2015-8830
Security Advisory Description Integer overflow in the aiosetupsinglevector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701...
K23391972: cURL and libcurl vulnerability CVE-2016-8622
Security Advisory Description The URL percent-encoding decode function in libcurl before 7.51.0 is called curleasyunescape. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable...
K89434121: Linux kernel vulnerability CVE-2017-12193
Security Advisory Description The assocarrayinsertintoterminalnode function in lib/assocarray.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service NULL pointer dereference and panic via a crafted application, as demonstrated by the...
K13290208: NSS vulnerability CVE-2020-12403
Security Advisory Description A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 which was not functioning correctly and strictly enforcing tag...
K34041353: Linux kernel vulnerability CVE-2021-38202
Security Advisory Description fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service out-of-bounds read in strlen by sending NFS traffic when the trace event framework is being used for nfsd. CVE-2021-38202 Impact There is no impact; F5 product...
K58502654: Linux kernel vulnerability CVE-2018-20961
Security Advisory Description In the Linux kernel before 4.16.4, a double free vulnerability in the fmidisetalt function of drivers/usb/gadget/function/fmidi.c in the fmidi driver may allow attackers to cause a denial of service or possibly have unspecified other impact. CVE-2018-20961 Impact The...
K41036924: Linux kernel vulnerability CVE-2014-7843
Security Advisory Description The clearuser function in arch/arm64/lib/clearuser.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service system crash by reading one byte beyond a /dev/zero page boundary. CVE-2014-7843 Impact There is no impact; F5...
K14600: BIND vulnerability CVE-2013-3919
Security Advisory Description When resolver.c is configured in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, or 9.6-ESV-R9 before 9.6-ESV-R9-P1, remote attackers may cause a denial-of-service DoS when querying for a record in a malformed zone. CVE-2013-3919 Impact Remote attackers can...
K14432: PHP SOAP wdsl cache file vulnerability CVE-2013-1635
Security Advisory Description PHP does not validate the configuration directive soap.wsdlcachedir before writing SOAP wsdl cache files to the filesystem. Impact An attacker is able to write remote wsdl files to arbitrary locations on an affected system. Security Advisory Status To determine if yo...
K15546: glibc vulnerability CVE-2014-4043
Security Advisory Description Description posixspawnfileactionsaddopen in glibc prior to version 2.20 fails to copy the path argument. The result of not copying is that programs can easily trigger use-after-free bugs, or other situations where the path is mutated. Impact None. No F5 products are...
K17386: vCMP DoS vulnerability CVE-2015-6546
Security Advisory Description An attacker sourcing malicious traffic from a network adjacent to the BIG-IP system may be able to cause a denial-of-service DoS condition on a vCMP host and the vCMP guests running on it. The vulnerability cannot be exploited outside of the local network segment or ...
K84583382: VMware Tools vulnerability CVE-2015-5191
Security Advisory Description VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation. CVE-2015-5191 Impact This vulnerability may allow a...
K17257: D-Bus vulnerability CVE-2014-3639
Security Advisory Description Description The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service incomplete connection consumption and prevention of new connections via a large number of incomple...
K15441: PHP vulnerability CVE-2011-1148
Security Advisory Description Use-after-free vulnerability in the substrreplace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service memory corruption or possibly have unspecified other impact by using the same variable for multiple arguments...
K73455417: obs-service-extract_file package vulnerability CVE-2016-4007
Security Advisory Description Multiple unspecified vulnerabilities in the obs-service-extractfile package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal...
K15903: Multiple PHP vulnerabilities
Security Advisory Description Description CVE-2012-3365 The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the openbasedir protection mechanism via unspecified vectors. CVE-2012-2329 Buffer overflow in the apacherequestheaders function in sapi/cgi/cgimain.c in PHP 5.4...
K15922322: MySQL vulnerability CVE-2016-8288
Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin. CVE-2016-8288 Impact There is no impact; F5 products are not affected by this...
K11091514: MySQL vulnerability CVE-2016-5626
Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS. CVE-2016-5626 Impact There is no impact; F5 products are not affected by this...
K09408132: glibc vulnerability CVE-2011-1659
Security Advisory Description Integer overflow in posix/fnmatch.c in the GNU C Library aka glibc or libc6 2.13 and earlier allows context-dependent attackers to cause a denial of service application crash via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a...
K16320: OpenSSL vulnerability CVE-2015-0289
Security Advisory Description Description The PKCS7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service NULL pointer dereference and...
K24202220: OpenJDK vulnerability CVE-2019-2894
Security Advisory Description Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Security. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker wi...
K12130880: BIG-IP APM client for Linux and macOS vulnerability CVE-2018-15332
Security Advisory Description The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host in a race condition. CVE-2018-15332 Impact A...