6396 matches found
K000132690: BIND vulnerability CVE-2022-3488
Security Advisory Description Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND to exit with an assertion failure. 'Broken' in this context is anything that would cause the resolver to...
K44183007: MySQL vulnerability CVE-2017-3302
Security Advisory Description Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.CVE-2017-3302 Impact There is no impact; F5 products are not affected by this...
K13314257: slpd vulnerability CVE-2017-17833
Security Advisory Description OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability. CVE-2017-17833 Impact There is no impact; F5 products are not affected by this...
K42204713: Multiple MySQL vulnerabilities
Security Advisory Description CVE-2016-3424 Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer. CVE-2016-3440 Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote...
K20087443: BIG-IP APM VPN vulnerability CVE-2017-6129
Security Advisory Description In F5 BIG-IP APM software version 13.0.0 and 12.1.2, in some circumstances, APM tunneled VPN flows can cause a VPN/PPP connflow to be prematurely freed or cause TMM to stop responding with a "flow not in use" assertion. An attacker may be able to disrupt traffic or...
K69422435: BIG-IQ HA vulnerability CVE-2020-5870
Security Advisory Description BIG-IQ high availability HA synchronization mechanisms do not use any form of authentication for connecting to the peer. CVE-2020-5870 Impact An attacker on an adjacent network may be able to establish a connection to the BIG-IQ HA synchronization with no...
K44501040: BIND vulnerability CVE-2022-2906
Security Advisory Description An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service. CVE-2022-2906 Impact There is ...
K17227: BIND vulnerability CVE-2015-5986
Security Advisory Description An incorrect boundary check in openpgpkey61.c can cause named to terminate due to a REQUIRE assertion failure. This defect can be deliberately exploited by an attacker who can provide a maliciously constructed response in answer to a query. CVE-2015-5986 Impact A...
K41900062: Linux kernel vulnerability CVE-2017-15127
Security Advisory Description A flaw was found in the hugetlbmcopyatomicpte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VMSHARED hugetlbfs mapping could trigger a local denial of service BUG. CVE-2017-15127 Impact There is no impact; F5 product...
K16480: Multiple unzip vulnerabilities CVE-2014-8139, CVE-2014-8140, and CVE-2014-8141
Security Advisory Description CVE-2014-8139 A buffer overflow flaw was found in the way unzip computed the CRC32 checksum of certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option. CVE-2014-8140 An integer...
K42465020: BIG-IP URL classification vulnerability CVE-2019-6610
Security Advisory Description The BIG-IP system is vulnerable to a denial-of-service DoS attack when performing URL classification. CVE-2019-6610 Impact A remote attacker may be able to disrupt services by causing the Traffic Management Microkernel TMM to restart. There is no exposure in the...
K87502622: iControl REST vulnerability CVE-2021-22978
Security Advisory Description Undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of BIG-IP if the victim user is granted the admin role. CVE-2021-22978 Impact An attacker may exploit this vulnerability using a crafted URL to a...
K18570111: BIG-IP ASM and Advanced WAF WebSocket vulnerability CVE-2021-23010
Security Advisory Description When the BIG-IP ASM/Advanced WAF system processes WebSocket requests with JSON payloads using the default JSON content profile in the ASM security policy, the BIG-IP ASM bd process may produce a core file. CVE-2021-23010 Impact When this vulnerability is exploited, t...
K16708: cURL and libcurl vulnerabilities CVE-2015-3144 and CVE-2015-3145
Security Advisory Description CVE-2015-3144 The fixhostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service out-of-bounds read or write and crash or possibly have other unspecified impact via a...
K23489380: Java vulnerability CVE-2017-10135
Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JCE. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows...
K82038789: big3d vulnerability CVE-2018-5540
Security Advisory Description The big3d process does not irrevocably minimize group privileges at startup. CVE-2018-5540 Impact There is not a known attack vector, but if the big3d process is compromised, it is possible for it to regain the group privileges it was launched with. Security Advisory...
K69511801: Samba vulnerability CVE-2019-10197
Security Advisory Description A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and...
K03442392: BIG-IP ASM and Advanced WAF vulnerability CVE-2022-26890
Security Advisory Description When ASM or Advanced WAF, as well as APM, are configured on a virtual server, the ASM policy is configured with Session Awareness, and the "Use APM Username and Session ID" option is enabled, undisclosed requests can cause the bd process to terminate. CVE-2022-26890...
K04460334: libxml2 2.9.10 vulnerability CVE-2020-7595
Security Advisory Description xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. CVE-2020-7595 Impact An attacker could exploit this vulnerability to cause the application to enter into an infinite loop resulting in a denial of servic...
K06747393: TMM vulnerability CVE-2019-6677
Security Advisory Description Under certain conditions, when using custom TCP congestion control settings in a TCP profile, TMM stops processing traffic when processed by an iRule. CVE-2019-6677 Impact The Traffic Management Microkernel TMM may generate a core file and restart, causing a traffic...
K52697522: libarchive vulnerability CVE-2016-8689
Security Advisory Description The readHeader function in archivereadsupportformat7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service out-of-bounds read via multiple EmptyStream attributes in a header in a 7zip archive. CVE-2016-8689 Impact For BIG-IP and VIPRION...
K16344: Apache Tomcat vulnerability CVE-2014-0227
Security Advisory Description ava/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct...
K16393: NTP vulnerability CVE-2014-9751
Security Advisory Description Some kernels do not offer protection for ::1 source addresses on IPv6 interfaces. Since NTP's access control mechanism is based on source address and localhost addresses generally have no restrictions, an attacker may be able to send malicious control and configurati...
K40496533: PHP vulnerability CVE-2016-3132
Security Advisory Description Double free vulnerability in the SplDoublyLinkedList::offsetSet function in ext/spl/spldllist.c in PHP 7.x before 7.0.6 allows remote attackers to execute arbitrary code via a crafted index. CVE-2016-3132 Impact There is no impact; F5 products are not affected by thi...
K15549: Rsync vulnerability CVE-2007-6199
Security Advisory Description rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy. CVE-2007-6199 Impact An...
K13605: FirePass sudo vulnerability - CVE-2012-2053
Security Advisory Description Description F5 has identified a possible sudo vulnerability for FirePass. FirePass does not require a password to execute sudo commands with elevated permissions. FirePass is designed to function as a closed-box appliance with no user-level access to the underlying...
K16444: Apache vulnerability CVE-2015-0899
Security Advisory Description The Validator in Apache Struts 1.1 and later contains a function to efficiently define rules for input validation across multiple pages during screen transitions. This function contains a vulnerability where input validation may be bypassed. When the Apache Struts 1...
K15322: PHP vulnerability CVE-2014-0185
Security Advisory Description sapi/fpm/fpm/fpmunix.c in the FastCGI Process Manager FPM in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client. CVE-2014-0185 Impact None. No F5 products are...
K3082: Multiple vulnerabilities in OpenSSL - CAN-2004-0081, CAN-2004-0079, CAN-2004-0112
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K2593: Buffer overflow in zlib - CAN-2003-0107
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K41556648: CPU vulnerability CVE-2019-0184
Security Advisory Description Insufficient access control in protected memory subsystem for IntelR TXT for 6th, 7th, 8th and 9th Generation IntelR CoreTM Processor Families; IntelR XeonR Processor E3-1500 v5 and v6 Families; IntelR XeonR E-2100 and E-2200 Processor Families with IntelR Processor...
K4351: BIND 9.3.0 denial of service vulnerability CAN-2005-0034
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K12998: OpenSSL vulnerability CVE-2011-1945
Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...
K15439022: glibc vulnerability CVE-2016-3075
Security Advisory Description A stack overflow vulnerability unbounded allocation in nssdnsgetnetbynamer function was found. CVE-2016-3075 Impact BIG-IP, BIG-IQ, and Enterprise Manager While the specified functionality is included with BIG-IP, BIG-IQ, and Enterprise Manager, these products are no...
K16351: Multiple Linux kernel vulnerabilities CVE-2009-0834, CVE-2009-0835, and CVE-2009-0859
Security Advisory Description CVE-2009-0834 The auditsyscallentry function in the Linux kernel 2.6.28.7 and earlier on the x8664 platform does not properly handle 1 a 32-bit process making a 64-bit syscall or 2 a 64-bit process making a 32-bit syscall, which allows local users to bypass certain...
K17475: Linux kernel vulnerability CVE-2015-5707
Security Advisory Description Integer overflow in the sgstartreq function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iovcount value in a write request. CVE-2015-5707...
K03551138: MySQL vulnerabilities CVE-2018-2817, CVE-2018-2818, CVE-2018-2819, CVE-2018-2839, and CVE-2018-2846
Security Advisory Description CVE-2018-2817 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DDL. Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with...
K15787: BIND vulnerability CVE-2010-0382
Security Advisory Description ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified...
K23284054: The BIG-IP SMTPS virtual server may fail to properly restrict I/O buffering, allowing attackers to insert commands into encrypted SMTP sessions
Security Advisory Description This issue occurs the following condition is met: A virtual server is configured with a Client SSL profile and an SMTPS profile that has the STARTTLS Activation Mode setting enabled Allow or Require for processing SMTPS traffic. Impact When system receives these SMTP...
K17251: Apache vulnerability CVE-2015-3183
Security Advisory Description The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values...
K13598: OpenSSL vulnerability CVE-2012-0884
Security Advisory Description The implementation of Cryptographic Message Syntax CMS and PKCS 7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data using a Million Message Attack M...
K25552364: GNU C Library vulnerability CVE-2015-8985
Security Advisory Description The popfailstack function in the GNU C Library aka glibc or libc6 allows context-dependent attackers to cause a denial of service assertion failure and application crash via vectors related to extended regular expression processing. CVE-2015-8985 Impact This...
K16940: Multiple Wireshark vulnerabilities
Security Advisory Description CVE-2014-6423 The tvbrawtextadd function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service infinite loop via an empty line./ CVE-2014-6425 The 1...
K65292036: Linux kernel vulnerability CVE-2019-15791
Security Advisory Description In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfsbtrfsioctlfdreplace installs an fd referencing a file from the lower filesystem without taking an additional reference to that file. After the btrfs ioctl...
K66782293: TMM vulnerability CVE-2021-23039
Security Advisory Description When IPSec is configured on a BIG-IP system, undisclosed requests from an authorized remote IPSec peer, which already has a negotiated Security Association, can cause the Traffic Management Microkernel TMM to terminate. CVE-2021-23039 Impact Traffic is disrupted whil...
K10520421: Spring Security OAuth vulnerability CVE-2018-1260
Security Advisory Description Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the...
K90412202: libarchive vulnerability CVE-2015-8932
Security Advisory Description The compressbidderinit function in archivereadsupportfiltercompress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service crash via a crafted tar file, which triggers an invalid left shift. CVE-2015-8932 Impact This functionality is expose...
K30201296: SOCKS proxy vulnerability CVE-2017-0303
Security Advisory Description In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections handled by a Virtual Server with an associated SOCKS profile may not be...
K12671141: Linux kernel vulnerability CVE-2019-8956
Security Advisory Description In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctpsendmsg" function net/sctp/socket.c when handling SCTPSENDALL flag can be exploited to corrupt memory. CVE-2019-8956 Impact There is no impact; F5 products are not affected by...
K54606234: Linux kernel vulnerability CVE-2016-10150
Security Advisory Description Use-after-free vulnerability in the kvmioctlcreatedevice function in virt/kvm/kvmmain.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service host OS crash or possibly gain privileges via crafted ioctl calls on the /dev/kvm device...