6294 matches found
SOL15878 - bzip2 vulnerability CVE-2010-0405
Recommended action BIG-IP and Enterprise Manager If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate...
SOL15797 - Linux kernel vulnerability CVE-2012-4461
Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. Supplemental...
SOL15743 - BIND vulnerability CVE-2011-2465
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL15652 - SASL vulnerability CVE-2009-0688
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL15541 - OpenSSL vulnerability CVE-2014-3509
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL15516 - LZ4 compression vulnerability CVE-2014-4715
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL14600 - BIND vulnerability CVE-2013-3919
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL13605 - FirePass sudo vulnerability - CVE-2012-2053
Recommended action F5 recommends that you upgrade to the latest FirePass hotfix to ensure that you have the latest security updates. Supplemental Information CERT advisory regarding CVE-2012-2053 SOL167: Downloading software and firmware from F5 SOL10322: FirePass hotfix matrix SOL3430: Installin...
SOL10898 - DNSSEC BIND vulnerability - CVE-2009-4022
Vulnerability description and product information: Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, 9.7 beta before 9.7.0b3, and 9.0.x through 9.3.x with DNSSEC validation enabled and checking disabled CD, allows remote attackers to conduct DNS...
SOL8174 - F5 VPN Client for Windows is remotely exploitable through a buffer overflow
A vulnerability exists in the F5 VPN Client for Windows, also called the Standalone Client. The Client can be exploited remotely by a buffer overflow attack on one of the Client's ActiveX control components. A successful attack can result in execution of malicious commands by the remote attacker...
SOL7886 - Remote vulnerability in the mod_jk2 Apache module, VU #771937
A vulnerability exists in the legacy version of the modjk2 Apache module. If successfully exploited, an attacker may be able to run arbitrary code on affected system. Information about this advisory is available at the following location: F5 Product Development tracked this issue as CR83564 and i...
SOL5868 - Buffer overflow vulnerability in cURL - CVE-2005-4077
Because an attacker would require root access to exploit this vulnerability, it is considered to be a minor risk. You can find information about this advisory at the following location: Note: This link takes you to a resource outside of AskF5, and it is possible that the information may be remove...
K000148582: Intel Server Board vulnerabilities CVE-2024-31154, CVE-2024-31158, CVE-2024-39609, CVE-2024-40885, and CVE-2024-41167
Security Advisory Description CVE-2024-31154 Improper input validation in UEFI firmware for some IntelR Server S2600BPBR may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2024-31158 Improper input validation in UEFI firmware in some IntelR Server Boar...
K000148314: MySQL vulnerabilities CVE-2024-21232 and CVE-2024-21212
Security Advisory Description CVE-2024-21232 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Components Services. Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with...
K000148248: less vulnerability CVE-2024-32487
Security Advisory Description less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive...
K000141353: Multiple PHP vulnerabilities
Security Advisory Description CVE-2019-9024 An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpcdecode can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64decodexmlrpc in...
K000141130: Python vulnerability CVE-2024-34064
Security Advisory Description Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If a...
K000141047: Multiple Node.js vulnerabilities
Security Advisory Description CVE-2024-22018 A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API...
K000139880: Intel CPU/BIOS vulnerabilities CVE-2023-28402, CVE-2023-27504, and CVE-2023-28383
Security Advisory Description CVE-2023-28402 Improper input validation in some IntelR BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2023-27504 Improper conditions check in some IntelR BIOS Guard firmware may allow a privileged...
K000139607: MySQL Server vulnerabilities CVE-2024-21013 and CVE-2024-21062
Security Advisory Description CVE-2024-21013 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network acces...
K000138957: Libxml2 vulnerability CVE-2023-39615
Security Advisory Description Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. NOTE: the vendor's position is that...
K000137595: BIG-IP AFM signature matching vulnerability CVE-2024-21771
Security Advisory Description For unspecified traffic patterns, BIG-IP AFM IPS engine may spend an excessive amount of time matching the traffic against signatures, resulting in Traffic Management Microkernel TMM restarting and traffic disruption. CVE-2024-21771 Impact When attackers exploit this...
K000138517: Python-Pillow vulnerability CVE-2023-44271
Security Advisory Description An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an...
K000138461: MIT Kerberos 5 vulnerability CVE-2023-39975
Security Advisory Description kdc/dotgsreq.c in MIT Kerberos 5 aka krb5 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another. CVE-2023-39975 Impact There is no impact...
K000137365: BIG-IP Configuration utility authenticated SQL injection vulnerability CVE-2023-46748
Security Advisory Description An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility. CVE-2023-46748 Impact This vulnerability may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP...
K000137202: Intel BIOS vulnerability CVE-2022-38083
Security Advisory Description Improper initialization in the BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable information disclosure via local access CVE-2022-38083. Impact There is no impact; F5 products are not affected by this vulnerability. F5...
K29141800: Multi-blade VIPRION Configuration utility session cookie vulnerability CVE-2023-40537
Security Advisory Description An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform. CVE-2023-40537 Impact A remote unauthenticated attacker may be able to reuse, for a limited time, an...
K000135880: glibc vulnerability CVE-2023-25139
Security Advisory Description sprintf in the GNU C Library glibc 2.37 has a buffer overflow out-of-bounds write in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded,...
K000135718: OpenJDK vulnerabilities CVE-2023-22006, CVE-2023-22043, and CVE-2023-22045
Security Advisory Description CVE-2023-22006 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise...
K000135439: libtar vulnerabilities CVE-2021-33643, CVE-2021-33644, CVE-2021-33645, CVE-2021-33646
Security Advisory Description CVE-2021-33643 An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulonglink, causing an out-of-bounds read. CVE-2021-33644 An attacker who submits a crafted tar file with size in...
K000134748: Kubernetes vulnerabilities CVE-2019-1002100, CVE-2019-11254, CVE-2017-1002101, and CVE-2017-1002102
Security Advisory Description CVE-2019-1002100 In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" e.g. kubectl patch --type json or "Content-Type:...
K000134602: Node.js vulnerabilities CVE-2023-23918 and CVE-2023-23920
Security Advisory Description CVE-2023-23918 A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it possible to bypass the experimental Permissions https: //nodejs. org/api/permissions.html feature in Node.js and access non authorized modules by...
K000134496: Jettison vulnerability CVE-2022-45685
Security Advisory Description A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service DoS via crafted JSON data. CVE-2022-45685 Impact System performance degradation can occur until the process is forced to restart. This vulnerability allows an attacker to cause a...
K000133251: Overview of F5 vulnerabilities (May 2023)
Security Advisory Description On May 3, 2023, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associated...
K000133633: Intel BIOS firmware vulnerability CVE-2022-32231
Security Advisory Description Improper initialization in the BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2022-32231 Impact This vulnerability may allow a privileged user to potentially enable escalation o...
K000133224: Apache Tomcat vulnerability CVE-2022-42252
Security Advisory Description If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false the default for 8.5.x only, Tomcat did not reject a request containing an invalid...
K000133077: Java SE vulnerability CVE-2019-2697
Security Advisory Description Vulnerability in the Java SE component of Oracle Java SE subcomponent: 2D. Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...
K000133052: Apache Commons FileUpload vulnerability CVE-2023-24998
Security Advisory Description Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new...
K000132856: TPM 2.0 vulnerabilities CVE-2023-1017 and CVE-2023-1018
Security Advisory Description Two buffer overflow vulnerabilities were discovered in the Trusted Platform Module TPM 2.0 reference library specification, currently at Level 00, Revision 01.59 November 2019. An attacker who has access to a TPM-command interface can send maliciously-crafted command...
K42204713: Multiple MySQL vulnerabilities
Security Advisory Description CVE-2016-3424 Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer. CVE-2016-3440 Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote...
K94010578: tcpdump vulnerabilities CVE-2016-7940, CVE-2016-7973, CVE-2016-7974, CVE-2016-7983, and CVE-2016-7984
Security Advisory Description CVE-2016-7940 The STP parser in tcpdump before 4.9.0 has a buffer overflow in print-stp.c, multiple functions. CVE-2016-7973 The AppleTalk parser in tcpdump before 4.9.0 has a buffer overflow in print-atalk.c, multiple functions. CVE-2016-7974 The IP parser in tcpdum...
K17227: BIND vulnerability CVE-2015-5986
Security Advisory Description An incorrect boundary check in openpgpkey61.c can cause named to terminate due to a REQUIRE assertion failure. This defect can be deliberately exploited by an attacker who can provide a maliciously constructed response in answer to a query. CVE-2015-5986 Impact A...
K61420264: Linux kernel vulnerability CVE-2015-8830
Security Advisory Description Integer overflow in the aiosetupsinglevector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701...
K87502622: iControl REST vulnerability CVE-2021-22978
Security Advisory Description Undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of BIG-IP if the victim user is granted the admin role. CVE-2021-22978 Impact An attacker may exploit this vulnerability using a crafted URL to a...
K23489380: Java vulnerability CVE-2017-10135
Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JCE. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows...
K82038789: big3d vulnerability CVE-2018-5540
Security Advisory Description The big3d process does not irrevocably minimize group privileges at startup. CVE-2018-5540 Impact There is not a known attack vector, but if the big3d process is compromised, it is possible for it to regain the group privileges it was launched with. Security Advisory...
K69511801: Samba vulnerability CVE-2019-10197
Security Advisory Description A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and...
K35155453: Multiple LibTIFF vulnerabilities
Security Advisory Description CVE-2015-8683 The putcontig8bitCIELab function in tifgetimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service out-of-bounds read via a packed TIFF image. CVE-2015-8665 tifgetimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of...
K13290208: NSS vulnerability CVE-2020-12403
Security Advisory Description A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 which was not functioning correctly and strictly enforcing tag...
K14703097: BIG-IP AFM vulnerability CVE-2019-6672
Security Advisory Description When bad-actor detection is configured on a wildcard virtual server on platforms with hardware-based sPVA, the performance of the BIG-IP AFM system is degraded. CVE-2019-6672 Impact The affected BIG-IP AFM system's CPU usage increases and may cause the legitimate...