K54470776: MySQL vulnerabilities CVE-2019-2585, CVE-2019-2587, CVE-2019-2589, CVE-2019-2592, and CVE-2019-2593

Security Advisory Description CVE-2019-2585 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

K10674: Netscape reuse cipher change bug - Qualsys QID 38284

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

K92800352: NTP vulnerability CVE-2016-4953

Security Advisory Description ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service ephemeral-association demobilization by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. CVE-2016-4953 Impact There is no impact; F5 products...

K16108: BIND vulnerability CVE-2014-8680

Security Advisory Description The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service assertion failure and named exit via vectors related to 1 the lack of GeoIP databases for both IPv4 and IPv6, or 2 IPv6 support with certain options...

K14468: Client-side component flaw CVE-2013-0150

Security Advisory Description A flaw in a BIG-IP APM or FirePass client-side F5-signed component may allow a third party to install files on the client machine. Impact Affected components may allow third party code execution on the affected client. There is no impact to the BIG-IP or FirePass hos...

K8331: OpenSSL FIPS Object Module 1.1 vulnerability - CVE-2007-5502

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K16878: PAM vulnerabilities CVE-2011-3148 and CVE-2011-3149

Security Advisory Description Description CVE-2011-3148 Stack-based buffer overflow in the assembleline function in modules/pamenv/pamenv.c in Linux-PAM aka pam before 1.1.5 allows local users to cause a denial of service crash and possibly execute arbitrary code via a long string of white spaces...

K15852: Linux kernel vulnerability CVE-2014-3122

Security Advisory Description Description The trytounmapcluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service system crash by triggering a memory-usage pattern that requires...

K74363721: NTP vulnerability CVE-2015-7975

Security Advisory Description The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service application crash. CVE-2015-7975 Impact A remote attacker could potentially use this flaw to...

K23876153: BIG-IP APM Edge Client logging vulnerability CVE-2019-6656

Security Advisory Description BIG-IP APM Edge Client logs the full BIG-IP APM session ID in the log files. CVE-2019-6656 Impact This vulnerability may allow unauthorized disclosure of the BIG-IP APM session ID and expose sensitive information to the user of the client device. Security Advisory...

K15513: LZ4 vulnerability CVE-2014-4611

Security Advisory Description Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4uncompress function in lib/lz4/lz4decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial ...

K16355: Multiple MySQL vulnerabilities

Security Advisory Description CVE-2015-0382 Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381. CVE-2015-0381...

K17172: OpenJDK vulnerability CVE-2015-2638

Security Advisory Description Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. CVE-2015-2638 Impact Confidentiality ...

K15983: Linux kernel vulnerability CVE-2013-7263

Security Advisory Description The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a 1 recvfrom, 2 recvmmsg, or 3 recvmsg system cal...

K01471335: BIND vulnerability CVE-2016-2848

Security Advisory Description ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remote attackers to cause a denial of service assertion failure and daemon exit via malformed options data in an OPT resource record. CVE-2016-2848 Impact A remote attacker may be able to cause a...

K71489519: Wireshark vulnerability CVE-2015-4652

Security Advisory Description epan/dissectors/packet-gsmadtap.c in the GSM DTAP dissector in Wireshark 1.12.x before 1.12.6 does not properly validate digit characters, which allows remote attackers to cause a denial of service application crash via a crafted packet, related to the deemergnumlist...

K86533083: BIND vulnerability CVE-2015-8705

Security Advisory Description buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit, or daemon crash or possibly have unspecified other impact via 1 OPT data or 2 an ECS...

K12156: PHP xmlrpc vulnerability - CVE-2010-0397

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

K76964818: BIG-IP Edge Client for Windows vulnerability CVE-2023-22358

Security Advisory Description A DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. CVE-2023-22358 Impact An attacker may exploit this vulnerability to use malicious Dynamic Link Libraries DLL to gain privilege escalation on the client Windows system. The installer loa...

K000130546: Gzip vulnerability CVE-2022-1271

Security Advisory Description An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs d...

K19784568: TMM vulnerability CVE-2016-5023

Security Advisory Description Virtual servers in F5 BIG-IP systems 11.2.1 HF11 through HF15, 11.4.1 HF4 through HF10, 11.5.3 through 11.5.4, 11.6.0 HF5 through HF7, and 12.0.0, when configured with a TCP profile, allow remote attackers to cause a denial of service Traffic Management Microkernel...

K68151373: IP Intelligence Feed List TMUI vulnerability CVE-2019-6636

Security Advisory Description On BIG-IP AFM, ASM 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a stored cross-site scripting vulnerability in AFM feed list. In the worst case, an attacker can store a CSRF which results in code execution as the admin user. Th...

SOL28410870 - LibTIFF vulnerability CVE-2015-8668

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

SOL13364192 - samba vulnerability CVE-2016-2119

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

SOL04054286 - Linux kernel TCP vulnerability CVE-2016-2070

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL15439022 - glibc vulnerability CVE-2016-3075

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL19157044 - libtirpc vulnerability CVE-2013-1950

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL17517 - NTP vulnerability CVE-2015-7701

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL17443 - Perl vulnerability CVE-2007-5116

Recommended Action If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are currently...

SOL17386 - vCMP DoS vulnerability CVE-2015-6546

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading the vCMP host to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than...

SOL17331 - PCRE library vulnerability CVE-2015-5073

Recommended Action If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are currently...

SOL16900 - Multiple FreeType vulnerabilities

1The FreeType package exists on the BIG-IP system but is not used in a way that exposes this vulnerability. Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed...

SOL16686 - Point-to-Point Protocol (PPP) vulnerability CVE-2015-3310

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

SOL16383 - Linux RPM vulnerability CVE-2013-6435

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

SOL16366 - GNU C Library (glibc) vulnerability CVE-2015-1472

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

SOL16356 - BIND vulnerability CVE-2015-1349

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...

SOL15783 - Kerberos vulnerability CVE-2013-1417

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

SOL15478 - PHP vulnerability CVE-2012-2386

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

SOL15389 - OpenSSL vulnerability CVE-2011-4576

Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To mitigate this...

SOL15355 - OpenSSL DTLS Buffer vulnerability CVE-2009-1379

Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. Supplemental...

SOL15220 - iControl vulnerability CVE-2014-2928

Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...

SOL12953 - A Cross-Site Scripting (XSS) vulnerability exists in the BIG-IP ASM Web Scraping feature

To determine if the BIG-IP ASM configuration contains any vulnerable security policies, check whether the policies configured on the system have the Web Scraping feature set to Block. To do so, open the Configuration utility and navigate to Application Security Policy List policyname Blocking...

SOL8700 - Remote web service buffer overflow vulnerability

F5 has determined that a buffer overflow vulnerability exists in FirePass web services that provide User access, which could allow a remote attacker to gain privileged access to the FirePass controller. Web services providing User access can be identified by the U in the Services column on the...

SOL7983 - ClamAV NULL dereference vulnerability - CVE-2007-4510

The FirePass controller can be configured to provide anti-virus scanning of files uploaded through Portal Access through the ClamAV open source software. Scanning is configured on the Antivirus tab of the Portal Access Content Inspection page, through the Enable Standalone virus Scanner option...

SOL1877 - OpenSSH Remote Challenge Vulnerability - CAN-2001-1279

Information about this advisory can be found at the following location:...

SOL6535 - Denial of service vulnerability in GnuPG - CVE-2006-3082

F5 Product Development tracked this issue as CR66994, CR66995, and CR66996 and it was fixed in BIG-IP 9.1.3, 9.3.0, and 9.4.0. For information about upgrading, refer to the BIG-IP LTM, ASM, GTM, Link Controller, or WebAccelerator release notes. F5 Product Development tracked this issue and it was...

K000148709: Multiple Intel Ethernet Controllers and Adapters vulnerabilities

Security Advisory Description CVE-2024-21806 Improper conditions check in Linux kernel mode driver for some IntelR Ethernet Network Controllers and Adapters E810 Series before version 28.3 may allow an authenticated user to potentially enable denial of service via local access. CVE-2024-21807...

K000140954: libarchive vulnerability CVE-2022-36227

Security Advisory Description In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third...

K000140433: MySQL vulnerability CVE-2024-21176

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Thread Pooling. Supported versions that are affected are 8.4.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to...

K000139794: Mozilla NSS vulnerability CVE-2023-5388

Security Advisory Description NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. CVE-2023-5388 Impact An...