6294 matches found
K12055286: Intel CPU vulnerability CVE-2021-33060
Security Advisory Description Out-of-bounds write in the BIOS firmware for some IntelR Processors may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2021-33060 Impact This vulnerability may allow an authenticated local user to potentially enable...
K11509465: Apache mod_http2 vulnerability CVE-2018-1302
Security Advisory Description When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usua...
SOL68785753 - ImageMagick vulnerability CVE-2015-8898
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL47006155 - libTIFF vulnerability CVE-2016-3990
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL52439336 - FreeType vulnerabilities CVE-2014-9746 and CVE-2014-9747
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL06223540 - F5 TCP vulnerability CVE-2015-8240
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL09052213 - glibc vulnerability CVE-2015-8777
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL11785283 - GnuPG vulnerability CVE-2012-6085
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL49580002 - BIG-IP file validation vulnerability CVE-2015-8021
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL17445 - Linux kernel vulnerability CVE-2015-4700
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL17047 - ICMP packet processing vulnerability CVE-2015-5058
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL17115 - Multiple MySQL vulnerabilities
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column...
SOL16879 - Apache Portable Runtime vulnerability CVE-2011-1928
The fnmatch implementation in aprfnmatch.c in the Apache Portable Runtime APR library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service infinite loop via a URI that does not match unspecified types of wildcard patterns, as demonstrated by...
SOL16704 - cURL and libcurl vulnerability CVE-2015-3143
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column...
SOL16506 - NTP vulnerability CVE-2015-1799
Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...
SOL16124 - OpenSSL vulnerability CVE-2015-0206
The SOD process is only vulnerable if the failover.secure db variable is enabled; the db variable is disabled by default. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed...
SOL15970 - GnuTLS 3.x vulnerability CVE-2014-8564
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL15928 - Network Time Protocol vulnerability CVE-2009-1252
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL15911 - Linux kernel vulnerabilities CVE-2014-3182 and CVE-2014-3183
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL15735 - SMB vulnerability CVE-2014-7145
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL15546 - glibc vulnerability CVE-2014-4043
Recommended Action None Supplemental Information CVE-2014-4043 SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL15296 - list.jsp XSS vulnerability CVE-2014-3959
A cross-site scripting XSS vulnerability exists in list.jsp for the BIG-IP and Enterprise Manager Configuration utilities. CVE-2014-3959...
SOL15013 - OpenSSH vulnerability CVE-2011-0539
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy...
SOL14919 - Socat vulnerabilities CVE-2010-2799, CVE-2012-0219, and CVE-2013-3571
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL14154 - SQL injection vulnerability from an authenticated source CVE-2012-3000
Vulnerability Recommended Actions To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column. Acknowledgements F5 would like to acknowledge SEC Consult Vulnerability Lab for bringing this issue to our attention, and for following the...
SOL13838 - XSS vulnerability CVE-2012-2975
Vulnerability Recommended Actions To eliminate this vulnerability, upgrade to a version or hotfix that is listed in the Versions known to be not vulnerable column in the previous table. Acknowledgements F5 would like to acknowledge Roger Wemyss with Dell SecureWorks for his efforts in identifying...
SOL13432 - OpenSSL vulnerability CVE-2010-0433
Recommended action None Supplemental Information CVE-2010-0433 Note: This link will take you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge. SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS...
SOL8420 - ClamAV buffer overflow vulnerabilities - CVE-2007-6335, CVE-2007-6336
The FirePass controller can be configured to provide antivirus scanning of files uploaded through Portal Access. The software used to scan uploaded files is ClamAV open source software, which is enabled by selecting the Enable Standalone Virus Scanner button on the Antivirus tab of the Portal...
SOL5835 - Security Advisory: Possible kernel memory vulnerability in the sendfile() system call - CVE-2005-0708
Vulnerability description The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 can transfer portions of kernel memory if a file is truncated while it is being sent, which could allow remote attackers to obtain sensitive information. Information about this advisory is available a...
SOL6919 - Cross-site scripting vulnerability in my.activation.php3 CVE-2007-3097
A cross-site scripting XSS vulnerability exists in the FirePass my.activation.php3 logon page.The affected FirePass logon URL fails to fully sanitize certain URL arguments before the requested web page content is returned to the browser. It is possible for an attacker to create web pages, emails ...
SOL5534 - Apache mod_proxy message format vulnerability - CAN-2004-0700
Vulnerability description Format string vulnerability in the modproxy hook functions function in sslenginelog.c in modssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled...
SOL4256 - RADIUS integer overflow vulnerability CAN-2005-0108
Was this resource helpful in solving your issue? Yes - this resource was helpful No - this resource was not helpful I don‘t know yet NOTE: Please do not provide personal information. Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:...
K000148691: qt vulnerabilities CVE-2022-25634 and CVE-2020-0570
Security Advisory Description CVE-2022-25634 Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory. CVE-2020-0570 Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable...
K000141501: Intel UEFI vulnerability CVE-2024-21871
Security Advisory Description Improper input validation in UEFI firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2024-21871 Impact There is no impact; F5 products are not affected by this vulnerability. F5 previous...
K000141500: Intel BIOS vulnerability CVE-2024-23599
Security Advisory Description Race condition in Seamless Firmware Updates for some IntelR reference platforms may allow a privileged user to potentially enable denial of service via local access. CVE-2024-23599 Impact Attackers may exploit this vulnerability to enable privilege escalation via loc...
K000141354: Multiple PHP vulnerabilities
Security Advisory Description CVE-2017-7272 PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is...
K000140225: Codemirror vulnerability CVE-2020-7760
Security Advisory Description This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in...
K000135946: BIG-IP PEM vulnerability CVE-2024-23982
Security Advisory Description When a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. This issue affects classification engines using signatures released between 09-08-2022 and 02-16-2023...
K000138114: open-vm-tools vulnerability CVE-2023-34058
Security Advisory Description VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https : //docs . vmware . com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtu...
K000136153: cURL vulnerability CVE-2023-23914
Security Advisory Description A cleartext transmission of sensitive information vulnerability exists in curl. CVE-2023-23914 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently supported release...
K000136079: Redis vulnerability CVE-2022-0543
Security Advisory Description It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a Debian-specific Lua sandbox escape, which could result in remote code execution. CVE-2022-0543 Impact There is no impact; F5 products are not affected by this...
K000135996: Intel RDMA Ethernet Controller vulnerability CVE-2023-25775
Security Advisory Description Improper access control in the IntelR Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access. CVE-2023-25775 Impact There is no impact; F5 products are not...
K000135626: Oracle Java vulnerability CVE-2023-22036
Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Utility. Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10,...
K000135242: Linux kernel vulnerability CVE-2023-1390
Security Advisory Description A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipclinkxmit hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer...
K000134681: Spring Framework vulnerability CVE-2023-20861
Security Advisory Description In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service DoS condition. CVE-2023-20861 Impac...
K000133448: Python urllib3 vulnerability CVE-2019-11324
Security Advisory Description The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct...
K000133673: Bootstrap vulnerability CVE-2016-10735
Security Advisory Description In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041. CVE-2016-10735 Impact An attacker may exploit this vulnerability to perform a cross-site scripting XSS attack...
K000133409: Log4j vulnerability CVE-2023-26464
Security Advisory Description UNSUPPORTED WHEN ASSIGNED When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted ie, deeply nested hashmap or hashtable depending on which logging...
K000132725: FasterXML vulnerability CVE-2022-42004
Security Advisory Description In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for...
K44183007: MySQL vulnerability CVE-2017-3302
Security Advisory Description Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.CVE-2017-3302 Impact There is no impact; F5 products are not affected by this...