6396 matches found
K000135718: OpenJDK vulnerabilities CVE-2023-22006, CVE-2023-22043, and CVE-2023-22045
Security Advisory Description CVE-2023-22006 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise...
K000135439: libtar vulnerabilities CVE-2021-33643, CVE-2021-33644, CVE-2021-33645, CVE-2021-33646
Security Advisory Description CVE-2021-33643 An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulonglink, causing an out-of-bounds read. CVE-2021-33644 An attacker who submits a crafted tar file with size in...
K000135446: Linux kernel vulnerability CVE-2023-3269
Security Advisory Description A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas VMAs is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kerne...
K000135312: BIND vulnerability CVE-2023-2828
Security Advisory Description Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the max-cache-size statement i...
K000132726: BIG-IP Configuration utility XSS vulnerability CVE-2023-27378
Security Advisory Description Multiple reflected cross-site scripting XSS vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility that allow an attacker to run JavaScript in the context of the currently logged-in user. CVE-2023-27378 Impact An attacker may exploit this...
K000133692: OpenSLP vulnerability CVE-2023-29552
Security Advisory Description The Service Location Protocol SLP, RFC 2608 allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor. CVE-2023-295...
K000133494: Node.js vulnerability CVE-2022-43548
Security Advisory Description A OS Command Injection vulnerability exists in Node.js versions 14.21.1, 16.18.1, 18.12.1, 19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests...
K000133077: Java SE vulnerability CVE-2019-2697
Security Advisory Description Vulnerability in the Java SE component of Oracle Java SE subcomponent: 2D. Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...
K98394530: Intel CPU vulnerability CVE-2019-14598
Security Advisory Description Improper Authentication in subsystem in IntelR CSME versions 12.0 through 12.0.48 IOT only: 12.0.56, versions 13.0 through 13.0.20, versions 14.0 through 14.0.10 may allow a privileged user to potentially enable escalation of privilege, denial of service or informati...
K22113131: BIG-IP TMM Ram Cache vulnerability CVE-2020-5861
Security Advisory Description The TMM process may produce a core file in some cases when Ram Cache incorrectly optimizes stored data resulting in memory errors. RAM Cache is a BIG-IP feature used to accelerate HTTP traffic and can be enabled in a Web Acceleration profile. CVE-2020-5861 Impact The...
K98528405: BIG-IP BIND vulnerability CVE-2018-5740
Security Advisory Description A flaw in the "deny-answer-aliases" feature can cause an INSIST assertion failure in named. CVE-2018-5740 Impact A flaw in a rarely used BIND feature can cause an assertion failure in named. As a result, the bind process restarts. Security Advisory Status F5 Product...
K54200228: BIG-IP iRules vulnerability CVE-2020-5877
Security Advisory Description Malformed input to the DATAGRAM::tcp iRules command within a FLOWINIT event may lead to a denial of service. CVE-2020-5877 Impact Remote attackers may be able to perform a denial-of-service DoS attack on the BIG-IP system. Security Advisory Status F5 Product...
K35815741: Intel CSME and TXE vulnerability CVE-2019-0086
Security Advisory Description Insufficient access control vulnerability in Dynamic Application Loader software for IntelR CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and IntelR TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local...
K06024431: BIG-IQ vulnerability CVE-2021-23024
Security Advisory Description The BIG-IQ Configuration utility has an authenticated remote command execution vulnerability in undisclosed pages. CVE-2021-23024 Impact This vulnerability allows an authenticated admin user or a user account assigned with an administrator role and no shell access to...
K23489380: Java vulnerability CVE-2017-10135
Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JCE. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows...
K61918302: ceph-isci-cli vulnerability CVE-2018-14649
Security Advisory Description It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attacker...
K31925518: BIG-IP APM access logs vulnerability CVE-2016-1497
Security Advisory Description A vulnerability in the BIG-IP Configuration utility can be used by an unauthorized BIG-IP administrative user to gain unauthorized access to the Access Policy Manager APM access logs. This vulnerability requires valid user account credentials and access to the...
K14693346: TMM vulnerability CVE-2021-22977
Security Advisory Description Cooperation between malicious HTTP client code and a malicious server may cause TMM to restart and generate a core file. CVE-2021-22977 Impact When attackers exploit this vulnerability, the Traffic Management Microkernel TMM restarts, and then the BIG-IP system...
K45444778: Intel SSD vulnerabilities CVE-2018-12166 and CVE-2018-12167
Security Advisory Description CVE-2018-12166 Insufficient write protection in firmware for IntelR OptaneTM SSD DC P4800X before version E2010435 may allow a privileged user to potentially enable a denial of service via local access. CVE-2018-12167 Firmware update routine in bootloader for IntelR...
K25061316: BIND vulnerability CVE-2016-9778
Security Advisory Description An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacker if it was...
K22183127: Vim vulnerability CVE-2016-1248
Security Advisory Description vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened. CVE-2016-1248 Impact A local attacker may abuse...
K16393: NTP vulnerability CVE-2014-9751
Security Advisory Description Some kernels do not offer protection for ::1 source addresses on IPv6 interfaces. Since NTP's access control mechanism is based on source address and localhost addresses generally have no restrictions, an attacker may be able to send malicious control and configurati...
K38941195: BIG-IP Resource Administrator vulnerability CVE-2019-6617
Security Advisory Description On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, a user with the Resource Administrator role is able to overwrite sensitive low-level files such as /etc/passwd using SFTP to modify user permissions, without Advanced Shell...
K60250153: Linux kernel vulnerability CVE-2017-1000112
Security Advisory Description Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSGMORE ipappenddata calls ipufoappenddata to append. However in between two send calls, the append path can be switched from UFO to non-UFO one, which lead...
K40496533: PHP vulnerability CVE-2016-3132
Security Advisory Description Double free vulnerability in the SplDoublyLinkedList::offsetSet function in ext/spl/spldllist.c in PHP 7.x before 7.0.6 allows remote attackers to execute arbitrary code via a crafted index. CVE-2016-3132 Impact There is no impact; F5 products are not affected by thi...
K38456756: Kernel vulnerability CVE-2018-18445
Security Advisory Description In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjustscalarminmaxvals in kernel/bpf/verifier.c mishandles 32-bit right shifts...
K84591451: Intel AMT vulnerabilities CVE-2019-0092, CVE-2019-0094, CVE-2019-0097, and CVE-2019-0096
Security Advisory Description CVE-2019-0092 Insufficient input validation vulnerability in subsystem for IntelR AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. CVE-2019-0094 Insufficient...
K52013062: Ansible Engine vulnerability CVE-2020-14365
Security Advisory Description A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disablegpgcheck is set to False, which is the...
K16444: Apache vulnerability CVE-2015-0899
Security Advisory Description The Validator in Apache Struts 1.1 and later contains a function to efficiently define rules for input validation across multiple pages during screen transitions. This function contains a vulnerability where input validation may be bypassed. When the Apache Struts 1...
K2593: Buffer overflow in zlib - CAN-2003-0107
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K16831: BSD regex library vulnerability CVE-2015-2305
Security Advisory Description Description Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library aka rxspencer alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via ...
K8917: Linux kernel vulnerability CVE-2007-1217
Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...
K07051153: TMUI vulnerability CVE-2020-5905
Security Advisory Description In the BIG-IP Configuration utility Network WCCP page, the system does not sanitize all user-provided data before displaying the page. CVE-2020-5905 Impact Authenticated administrative users with access to this page in the Configuration utility may inject code onto t...
K17317: Apache HTTP server vulnerability CVE-2015-0253
Security Advisory Description The readrequestline function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service NULL pointer dereference and process crash by sending a request that lacks...
K21426934: Multiple elfutils vulnerabilities
Security Advisory Description CVE-2018-16062 dwarfgetaranges in dwarfgetaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted file. CVE-2018-16402 libelf/elfend.c in elfutils 0.173 allows remote attackers to...
K15724: OpenSSL vulnerability CVE-2014-3568
Security Advisory Description OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23clnt.c and s23srvr.c. CVE-2014-3568...
K4447: cURL buffer overflow vulnerability CAN-2005-0490
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K16341: Linux kernel Controller Area Network (CAN) vulnerability CVE-2010-2959
Security Advisory Description Integer overflow in net/can/bcm.c in the Controller Area Network CAN implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of...
K17475: Linux kernel vulnerability CVE-2015-5707
Security Advisory Description Integer overflow in the sgstartreq function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iovcount value in a write request. CVE-2015-5707...
K03551138: MySQL vulnerabilities CVE-2018-2817, CVE-2018-2818, CVE-2018-2819, CVE-2018-2839, and CVE-2018-2846
Security Advisory Description CVE-2018-2817 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DDL. Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with...
K34701020: BIND vulnerability CVE-2017-3139
Security Advisory Description A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. CVE-2017-3139 Impact There is no impact; F5 products ar...
K30523121: BIG-IP TMM vulnerability CVE-2021-23034
Security Advisory Description When a DNS profile using a DNS cache resolver is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM process to terminate. CVE-2021-23034 Impact Traffic is disrupted while the TMM process restarts. This vulnerability...
K15652: SASL vulnerability CVE-2009-0688
Security Advisory Description Description Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service application crash via strings that are used as input to the saslencode64 function in lib/saslutil.c...
K15541: OpenSSL vulnerability CVE-2014-3509
Security Advisory Description Race condition in the sslparseserverhellotlsext function in t1lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service memory overwrite and client...
K2888: DNS cache poisoning vulnerability CVE-2003-0914
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, see K4602: Overview of the F5...
K15723: OpenSSL vulnerability CVE-2014-3567
Security Advisory Description Description Memory leak in the tlsdecryptticket function in t1lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service memory consumption via a crafted session ticket that triggers an...
K45263486: NGINX Controller vulnerability CVE-2021-23020
Security Advisory Description The NAAS API keys are generated using an insecure pseudo-random string and hashing algorithm, which may lead to predictable keys. CVE-2021-23020 Impact Local attackers are able to potentially generate a valid user key. Security Advisory Status F5 Product Development...
K17445: Linux kernel vulnerability CVE-2015-4700
Security Advisory Description The bpfintjitcompile function in arch/x86/net/bpfjitcomp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service system crash by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT...
K53590702: BIG-IP engineering hotfix TMM vulnerability CVE-2020-5852
Security Advisory Description Undisclosed traffic patterns received may cause a disruption of service to the Traffic Management Microkernel TMM. This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts...
K45816067: bzip2 vulnerability CVE-2016-3189
Security Advisory Description Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service crash via a crafted bzip2 file, related to block ends set to before the start of the block. CVE-2016-3189 Impact There is no impact; F5 products are not...