6396 matches found
K000139491: VMware EAP vulnerabilities CVE-2024-22245 and CVE-2024-22250
Security Advisory Description CVE-2024-22245 Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in EAP could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting a...
K000139405: MySQL vulnerability CVE-2023-21950
Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...
K000138957: Libxml2 vulnerability CVE-2023-39615
Security Advisory Description Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. NOTE: the vendor's position is that...
K11453402: BIG-IP Cookie encryption security exposure
Security Advisory Description When HTTP Profile Cookie encryption is enabled, duplicate HTTP cookies may be passed on to back-end servers. This issue occurs when the following condition is met: The virtual server has an HTTP Profile with Cookie Encryption enabled. Impact The back-end pool member...
K000137365: BIG-IP Configuration utility authenticated SQL injection vulnerability CVE-2023-46748
Security Advisory Description An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility. CVE-2023-46748 Impact This vulnerability may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP...
K29141800: Multi-blade VIPRION Configuration utility session cookie vulnerability CVE-2023-40537
Security Advisory Description An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform. CVE-2023-40537 Impact A remote unauthenticated attacker may be able to reuse, for a limited time, an...
K000136907: BIG-IP APM Clients TunnelCrack vulnerability CVE-2023-43124
Security Advisory Description BIG-IP APM clients may send IP traffic outside of the VPN tunnel. CVE-2023-43124 Impact If a client machine connects to a malicious adjacent network device, such as a router or Wi-Fi hotspot, an attacker may be able to trick the client into sending IP traffic outside...
K000137002: systemd vulnerability CVE-2020-13529
Security Advisory Description An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets...
K000135446: Linux kernel vulnerability CVE-2023-3269
Security Advisory Description A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas VMAs is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kerne...
K000134681: Spring Framework vulnerability CVE-2023-20861
Security Advisory Description In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service DoS condition. CVE-2023-20861 Impac...
K000134496: Jettison vulnerability CVE-2022-45685
Security Advisory Description A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service DoS via crafted JSON data. CVE-2022-45685 Impact System performance degradation can occur until the process is forced to restart. This vulnerability allows an attacker to cause a...
K000133759: Python vulnerability CVE-2020-26116
Security Advisory Description http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of...
K000133251: Overview of F5 vulnerabilities (May 2023)
Security Advisory Description On May 3, 2023, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associated...
K000133409: Log4j vulnerability CVE-2023-26464
Security Advisory Description UNSUPPORTED WHEN ASSIGNED When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted ie, deeply nested hashmap or hashtable depending on which logging...
K14118520: MySQL vulnerabilities CVE-2019-2752, CVE-2019-2755, CVE-2019-2757, CVE-2019-2758, and CVE-2019-2774
Security Advisory Description CVE-2019-2752 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Options. Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...
K4809: tcpdump vulnerabilities CAN-2005-1278, CAN-2005-1279, and CAN-2005-1280
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K59197053: BIG-IP TLS 1.3 iRule vulnerability CVE-2022-34651
Security Advisory Description When an LTM Client or Server SSL profile with TLS 1.3 enabled is configured on a virtual server, along with an iRule that calls HTTP::respond, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-34651 Impact Traffic is disrupt...
K05123525: ConfigSync vulnerability CVE-2019-6649
Security Advisory Description F5 BIG-IP and Enterprise Manager may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings. CVE-2019-6649 Impact The vulnerability is only present when the system is configured for high availability ...
K17227: BIND vulnerability CVE-2015-5986
Security Advisory Description An incorrect boundary check in openpgpkey61.c can cause named to terminate due to a REQUIRE assertion failure. This defect can be deliberately exploited by an attacker who can provide a maliciously constructed response in answer to a query. CVE-2015-5986 Impact A...
K41900062: Linux kernel vulnerability CVE-2017-15127
Security Advisory Description A flaw was found in the hugetlbmcopyatomicpte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VMSHARED hugetlbfs mapping could trigger a local denial of service BUG. CVE-2017-15127 Impact There is no impact; F5 product...
K47234311: Intel SPS vulnerability CVE-2019-0089
Security Advisory Description Improper data sanitization vulnerability in subsystem in IntelR SPS before versions SPSE504.00.04.381.0, SPSE304.01.04.054.0, SPSSoC-A04.00.04.181.0, and SPSSoC-X04.00.04.086.0 may allow a privileged user to potentially enable escalation of privilege via local access...
K20038622: Multiple Apache Tomcat vulnerabilities
Security Advisory Description CVE-2013-1976 The 1 tomcat5, 2 tomcat6, and 3 tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a...
K23489380: Java vulnerability CVE-2017-10135
Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JCE. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows...
K25893729: Apache Dubbo vulnerability CVE-2021-25641
Security Advisory Description Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on. But for Dubbo versions before 2.7.8 or 2.6.9, an attacker can choose which serialization id the Provider will use by tampering with the byte preamb...
K34527393: LibTIFF vulnerabilities CVE-2016-9533, CVE-2016-9534, and CVE-2016-9535
Security Advisory Description CVE-2016-9533 tifpixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka "PixarLog horizontalDifference heap-buffer-overflow." CVE-2016-9534 tifwrite.c in libtiff 4.0.6 has an issue in the error code...
K35155453: Multiple LibTIFF vulnerabilities
Security Advisory Description CVE-2015-8683 The putcontig8bitCIELab function in tifgetimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service out-of-bounds read via a packed TIFF image. CVE-2015-8665 tifgetimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of...
K13290208: NSS vulnerability CVE-2020-12403
Security Advisory Description A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 which was not functioning correctly and strictly enforcing tag...
K54358814: Apache mod_remoteip vulnerability CVE-2020-11985
Security Advisory Description IP address spoofing when proxying using modremoteip and modrewrite For configurations using proxying with modremoteip and certain modrewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server...
K45644893: Martian address filtering vulnerability CVE-2019-6654
Security Advisory Description The BIG-IP system fails to perform martian address filtering as defined in RFC 1812, section 5.3.7 for control plane tasks on the management interface. This may allow attackers on an adjacent system to force the BIG-IP system into processing packets with spoofed sour...
K41036924: Linux kernel vulnerability CVE-2014-7843
Security Advisory Description The clearuser function in arch/arm64/lib/clearuser.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service system crash by reading one byte beyond a /dev/zero page boundary. CVE-2014-7843 Impact There is no impact; F5...
K15881: Libpng vulnerability CVE-2011-3048
Security Advisory Description The pngsettext2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service crash or execute arbitrary code via a crafted text chunk in a PNG image file,...
K15807: cURL and libcurl vulnerability CVE-2014-1263
Security Advisory Description curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.50...
K15546: glibc vulnerability CVE-2014-4043
Security Advisory Description Description posixspawnfileactionsaddopen in glibc prior to version 2.20 fails to copy the path argument. The result of not copying is that programs can easily trigger use-after-free bugs, or other situations where the path is mutated. Impact None. No F5 products are...
K2617: Reverse name resolution vulnerability in SSH - CVE-2003-0386
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...
K74571223: Apache Struts vulnerability CVE-2016-8738
Security Advisory Description In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. CVE-2016-87...
K3568: DNS denial of service vulnerability - CAN-2004-0789
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K4351: BIND 9.3.0 denial of service vulnerability CAN-2005-0034
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K14434: OpenSSH vulnerability CVE-2006-5794
Security Advisory Description Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker authentication verification, which might allow attackers to bypass authentication. As of 2006-11-08, it is believed that this issue is only exploitable by leveragin...
K8924: Linux kernel vulnerability CVE-2007-3843
Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...
K17257: D-Bus vulnerability CVE-2014-3639
Security Advisory Description Description The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service incomplete connection consumption and prevention of new connections via a large number of incomple...
K12998: OpenSSL vulnerability CVE-2011-1945
Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...
K94105604: Linux kernel vulnerability CVE-2015-7872
Security Advisory Description The keygcunusedkeys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service OOPS via crafted keyctl commands. CVE-2015-7872 Impact A local user may be able to cause a denial-of-service DoS attack on the system ...
K30502720: Apache Tomcat vulnerability CVE-2021-41079
Security Advisory Description Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop...
K5725: pam_ldap password policy control vulnerability CAN-2005-2641
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K16320: OpenSSL vulnerability CVE-2015-0289
Security Advisory Description Description The PKCS7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service NULL pointer dereference and...
K17475: Linux kernel vulnerability CVE-2015-5707
Security Advisory Description Integer overflow in the sgstartreq function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iovcount value in a write request. CVE-2015-5707...
K24202220: OpenJDK vulnerability CVE-2019-2894
Security Advisory Description Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Security. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker wi...
K15552: MIT Kerberos 5 vulnerability CVE-2014-4341
Security Advisory Description MIT Kerberos 5 aka krb5 before 1.12.2 allows remote attackers to cause a denial of service buffer over-read and application crash by injecting invalid tokens into a GSSAPI application session. CVE-2014-4341 Impact A remote attacker may be able to cause a denial of...
K12650: PHP vulnerability CVE-2010-4645
Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...
K16946: Boost memory allocator vulnerability CVE-2012-2677
Security Advisory Description Integer overflow in the orderedmalloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large memory chunk size value, which causes less memory to ...