6294 matches found
SOL16870 - logrotate vulnerability CVE-2011-1154
Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...
SOL16882 - OpenLDAP vulnerability CVE-2013-4449
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy...
SOL16831 - BSD regex library vulnerability CVE-2015-2305
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...
SOL16819 - Linux kernel vulnerability CVE-2015-3331
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...
SOL16718 - libTIFF vulnerability CVE-2010-2596
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...
SOL16090 - BIG-IP Automatic Update Check and ASM Automatic Signature Update man-in-the-middle vulnerability CVE-2014-9326
The BIG-IP Phone Home and ASM Call Home automatic signature update functionality is susceptible to Man-in-the-Middle type attacks due to improper validation of server SSL certificates. CVE-2014-9326...
SOL16416 - GNU C library strxfrm/strcoll overflow vulnerabilities
Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...
SOL16108 - BIND vulnerability CVE-2014-8680
Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...
SOL15552 - MIT Kerberos 5 vulnerability CVE-2014-4341
Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To...
SOL15348 - OpenSSL DTLS Buffer vulnerability CVE-2009-1387
Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...
SOL15341 - BIG-IP ASM Virtual Edition may run out of memory under certain DoS conditions
Vulnerability Recommended Actions To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column in the previous table. To mitigate this vulnerability, you can perform one or more of the following procedures, depending on the traffic...
SOL15310 - Data Manager SQL Injection Remote Code Execution vulnerability CVE-2014-2949
Vulnerability Recommended Actions To mitigate this vulnerability, you can stop the Data Manager Service when not in use. To do so, perform the following procedure: Impact of action: Performing the following procedure should not have a negative impact on your system. 1. Log in as admin to Data...
SOL8923 - Linux kernel vulnerability CVE-2007-2875
A flaw in the cpuset support allows a local user to obtain sensitive information from kernel memory. Information about this advisory is available at the following location:...
SOL4447 - cURL buffer overflow vulnerability - CAN-2005-0490
Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by 1 the Curlinputntlm functio...
SOL1907 - mod_ssl and Apache_SSL buffer overflow - CAN-2002-0082
Information about this vulnerability can be found at the following location:...
K000148830: Linux kernel vulnerabilities CVE-2024-41090 and CVE-2024-41091
Security Advisory Description CVE-2024-41090 In the Linux kernel, the following vulnerability has been resolved: tap: add missing verification for short frame The cited commit missed to check against the validity of the frame length in the tapgetuserxdp path, which could cause a corrupted skb to ...
K000140111: BIG-IP Next Central Manager vulnerability CVE-2024-39809
Security Advisory Description The BIG-IP Next Central Manager user session refresh token does not expire when a user logs out. CVE-2024-39809 Impact An attacker with access to obtain a user's session cookies can continue to use that session to access BIG-IP Next Central Manager and systems manage...
K000138477: BIG-IP MPTCP vulnerability CVE-2024-41164
Security Advisory Description When a TCP profile with Multipath TCP enabled MPTCP is configured on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel TMM to terminate. CVE-2024-41164 Impact Traffic is disrupted...
K000140414: Loop DOS UDP vulnerability CVE-2024-2169
Security Advisory Description Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service DOS and/or abuse of resources. CVE-2024-2169 Impact The...
K000140251: Python vulnerabilities CVE-2022-48564 and CVE-2022-48566
Security Advisory Description CVE-2022-48564 readints in plistlib . py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. CVE-2022-48566 An issue was discovered in comparedigest in...
K000139901: PyYAML vulnerability CVE-2017-18342
Security Advisory Description In PyYAML before 5.1, the yaml.load API could execute arbitrary code if used with untrusted data. The load function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function. CVE-2017-18342 Impact A...
K000139680: MySQL2 vulnerability CVE-2024-21508
Security Advisory Description Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution RCE via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values. CVE-2024-21508 Impact There is no impact; F5 products are not affecte...
K000139678: MySQL Server vulnerability CVE-2024-21055
Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromis...
K000139606: MySQL Server vulnerabiliity CVE-2024-21047
Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...
K000132430: The BIG-IP system may fail to block HTTP Request Smuggling attacks
Security Advisory Description The BIG-IP system may fail to block non-RFC-compliant HTTP requests to the pool member, which may lead to an HTTP Request Smuggling attack. This issue occurs when all of the following conditions are met: A virtual server is associated with an HTTP profile. The BIG-IP...
K000139491: VMware EAP vulnerabilities CVE-2024-22245 and CVE-2024-22250
Security Advisory Description CVE-2024-22245 Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in EAP could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting a...
K000138931: Intel CPU vulnerability CVE-2023-32666
Security Advisory Description On-chip debug and test interface with improper access control in some 4th Generation IntelR XeonR Processors when using IntelR SGX or IntelR TDX may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2023-32666 Impact There is...
K000138704: Multiple MySQL vulnerabilities
Security Advisory Description CVE-2024-20964 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with...
K000137522: BIG-IP iControl REST vulnerability CVE-2024-22093
Security Advisory Description When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. A successful exploit can allow the attacker to cross a security boundary. CVE-2024-22093 Impact This...
K000135873: BIG-IP Websockets vulnerability CVE-2024-21849
Security Advisory Description When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM process to terminate. CVE-2024-21849 Impact Traffic is disrupted while the TMM process restarts...
K000137940: Multiple Oracle MySQL vulnerabilities
Security Advisory Description CVE-2023-22015 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.7.42 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access...
K000137887: Oracle GraalVM vulnerability CVE-2023-22091
Security Advisory Description Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Compiler. Supported versions that are affected are Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7 and 22.3.3...
K000137187: GlibC vulnerability CVE-2023-4911
Security Advisory Description A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when launching binaries with...
K000136153: cURL vulnerability CVE-2023-23914
Security Advisory Description A cleartext transmission of sensitive information vulnerability exists in curl. CVE-2023-23914 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently supported release...
K000135312: BIND vulnerability CVE-2023-2828
Security Advisory Description Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the max-cache-size statement i...
K000135252: BIND vulnerability CVE-2023-2829
Security Advisory Description A named instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache RFC 8198 option synth-from-dnssec enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9...
K000134636: Java vulnerabilities CVE-2018-2942 and CVE-2018-2938
Security Advisory Description CVE-2018-2942 Vulnerability in the Java SE component of Oracle Java SE subcomponent: Windows DLL. Supported versions that are affected are Java SE: 7u181 and 8u172. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
K000133494: Node.js vulnerability CVE-2022-43548
Security Advisory Description A OS Command Injection vulnerability exists in Node.js versions 14.21.1, 16.18.1, 18.12.1, 19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests...
K000133058: device-mapper-multipath vulnerability CVE-2022-41973
Security Advisory Description multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to...
K000132933: Linux kernel vulnerability CVE-2022-1729
Security Advisory Description A race condition was found the Linux kernel in perfeventopen which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. CVE-2022-1729...
K000132690: BIND vulnerability CVE-2022-3488
Security Advisory Description Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND to exit with an assertion failure. 'Broken' in this context is anything that would cause the resolver to...
K44183007: MySQL vulnerability CVE-2017-3302
Security Advisory Description Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.CVE-2017-3302 Impact There is no impact; F5 products are not affected by this...
K14118520: MySQL vulnerabilities CVE-2019-2752, CVE-2019-2755, CVE-2019-2757, CVE-2019-2758, and CVE-2019-2774
Security Advisory Description CVE-2019-2752 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Options. Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...
K13314257: slpd vulnerability CVE-2017-17833
Security Advisory Description OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability. CVE-2017-17833 Impact There is no impact; F5 products are not affected by this...
K4809: tcpdump vulnerabilities CAN-2005-1278, CAN-2005-1279, and CAN-2005-1280
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K05123525: ConfigSync vulnerability CVE-2019-6649
Security Advisory Description F5 BIG-IP and Enterprise Manager may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings. CVE-2019-6649 Impact The vulnerability is only present when the system is configured for high availability ...
K20087443: BIG-IP APM VPN vulnerability CVE-2017-6129
Security Advisory Description In F5 BIG-IP APM software version 13.0.0 and 12.1.2, in some circumstances, APM tunneled VPN flows can cause a VPN/PPP connflow to be prematurely freed or cause TMM to stop responding with a "flow not in use" assertion. An attacker may be able to disrupt traffic or...
K41900062: Linux kernel vulnerability CVE-2017-15127
Security Advisory Description A flaw was found in the hugetlbmcopyatomicpte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VMSHARED hugetlbfs mapping could trigger a local denial of service BUG. CVE-2017-15127 Impact There is no impact; F5 product...
K16480: Multiple unzip vulnerabilities CVE-2014-8139, CVE-2014-8140, and CVE-2014-8141
Security Advisory Description CVE-2014-8139 A buffer overflow flaw was found in the way unzip computed the CRC32 checksum of certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option. CVE-2014-8140 An integer...
K42465020: BIG-IP URL classification vulnerability CVE-2019-6610
Security Advisory Description The BIG-IP system is vulnerable to a denial-of-service DoS attack when performing URL classification. CVE-2019-6610 Impact A remote attacker may be able to disrupt services by causing the Traffic Management Microkernel TMM to restart. There is no exposure in the...