6395 matches found
K26311635: Wget vulnerability CVE-2017-6508
Security Advisory Description CRLF injection vulnerability in the urlparse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL. CVE-2017-6508 Impact A remote attacker may be able to inject arbitrary...
K21595932: Samba vulnerability CVE-2018-1057
Security Advisory Description On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service...
K75269595: QEMU vulnerability CVE-2015-5166
Security Advisory Description Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice. CVE-2015-5166 Impact There is no impact; F5 products are not...
K71891773: BIG-IP APM VPN vulnerability CVE-2021-23002
Security Advisory Description The session ID is visible in the arguments of the f5vpn.exe command when VPN is launched from the browser on a Windows system. Addressing this issue requires both the client and server fixes. CVE-2021-23002 Impact An attacker with privileges to view the command line ...
K55539088: Intel SSD vulnerabilities CVE-2020-0584, CVE-2020-12309, CVE-2020-12310, CVE-2020-12311
Security Advisory Description CVE-2020-0584 Buffer overflow in firmware for IntelR SSD DC P4800X and P4801X Series, IntelR OptaneTM SSD 900P and 905P Series may allow an unauthenticated user to potentially enable a denial of service via local access. CVE-2020-12309 Insufficiently protected...
K37890841: BIG-IP APM logging disclosure vulnerability CVE-2019-19150
Security Advisory Description The BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled. CVE-2019-19150 Impact The BIG-IP APM system logs the client-session-id in the log files and is available to authenticated...
K69662152: Grep vulnerability CVE-2012-5667
Security Advisory Description Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow. CVE-2012-5667 Impact This vulnerability allows unauthorized...
K16101409: BIG-IP AFM vulnerability CVE-2022-23028
Security Advisory Description When global AFM SYN cookie protection TCP Half Open flood vector is activated in the AFM Device Dos or DOS profile, certain types of TCP connections will fail. CVE-2022-23028 Impact This vulnerability allows a remote attacker to cause a denial-of-service DoS on the...
K61095244: Intel software vulnerabilities CVE-2020-8705, CVE-2020-8744, CVE-2020-8745, CVE-2020-8756
Security Advisory Description CVE-2020-8705 Insecure default initialization of resource in IntelR Boot Guard in IntelR CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, IntelR TXE versions before 3.1.80 and 4.0.30, IntelR SPS versions before...
K89509323: REST Framework vulnerability CVE-2019-6651
Security Advisory Description The BIG-IP/BIG-IQ Configuration utility login page may not follow best security practices when handling a malicious request. CVE-2019-6651 Impact The Configuration utility login page returns an inconsistent HTTP response when processing modified requests which may...
K55922302: XSS in F5 WebSafe Dashboard vulnerability CVE-2016-5236
Security Advisory Description Cross-Site-Scripting XSS vulnerabilities in F5 WebSafe Dashboard allow privileged authenticated users to inject arbitrary web script or HTML when creating a new user, account or signature. CVE-2016-5236 Impact An attacker with a privileged account may be able to inje...
K32460441: OpenSSL vulnerabilities CVE-2016-7053 and CVE-2016-7054
Security Advisory Description CVE-2016-7053 In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the...
K73122539: Java vulnerability CVE-2018-2790
Security Advisory Description Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacke...
K96924184: BIG-IP HTTP profile vulnerability CVE-2022-23022
Security Advisory Description When an HTTP profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-23022 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote, unauthenticated...
K41774512: Intel CPU vulnerabilities CVE-2020-0528, CVE-2020-0529
Security Advisory Description CVE-2020-0528 Improper buffer restrictions in BIOS firmware for 7th, 8th, 9th and 10th Generation IntelR CoreTM Processor families may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access. CVE-2020-0529...
K81732330: Poppler vulnerability CVE-2013-4473
Security Advisory Description Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a source filename. CVE-2013-4473 Impact There is no impact; F5...
K86162657: Intel Linux Bluetooth Drivers vulnerabilities CVE-2020-12321, CVE-2020-12322
Security Advisory Description CVE-2020-12321 Improper buffer restriction in some IntelR Wireless BluetoothR products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. CVE-2020-12322 Improper input validation in some IntelR...
K11818407: REST Framework vulnerability CVE-2019-6602
Security Advisory Description The Configuration utility login page may not follow best security practices when handling a malicious request. CVE-2019-6602 Impact BIG-IP The Configuration utility login page returns an inconsistent HTTP response when processing modified requests; this may provide...
K42793451: MySQL vulnerabilities CVE-2019-2634, CVE-2019-2635, CVE-2019-2636, CVE-2019-2644, and CVE-2019-2681
Security Advisory Description CVE-2019-2634 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Replication. Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure...
K14386: BIND vulnerability CVE-2013-2266
Security Advisory Description libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service memory consumption via a crafted regular expression, as demonstrated by a...
K38016814: PHP and libgd vulnerabilities CVE-2016-5116, CVE-2016-6128, CVE-2016-6132, and CVE-2016-6214
Security Advisory Description CVE-2016-5116 gdxbm.c in the GD Graphics Library aka libgd before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service stack-based buffer...
K43540241: MySQL vulnerabilities CVE-2019-2620, CVE-2019-2623, CVE-2019-2624, CVE-2019-2625, and CVE-2019-2626
Security Advisory Description CVE-2019-2620 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges. Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via...
K17327: GnuTLS RSA PKCS signature vulnerability CVE-2015-0282
Security Advisory Description GnuTLS before 3.1.0 does not verify that the RSA PKCS 1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors. CVE-2015-0282 Impact This vulnerability may allow remot...
K16576941: ISC BIND vulnerability CVE-2018-5737
Security Advisory Description A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching...
K97002210: NGINX Controller vulnerability CVE-2021-23018
Security Advisory Description Intra-cluster communication does not use TLS. The services within the NGINX Controller namespace are using cleartext protocols inside the cluster. CVE-2021-23018 Impact Attackers with access to cluster may have the ability to read and modify the data being sent betwe...
K14969: BIG-IP Edge and FirePass client information leakage vulnerability CVE-2013-6024
Security Advisory Description The Edge Client components in F5 BIG-IP APM, BIG-IP Edge Gateway, and FirePass allow attackers to obtain sensitive information from process memory via unspecified vectors. CVE-2013-6024 Impact An attacker with sufficient local privileges on a client machine running...
K51473743: MySQL Server C API vulnerability CVE-2017-3650
Security Advisory Description Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: C API. Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...
K06635145: BIG-IP Edge Client session ID vulnerability
Security Advisory Description BIG-IP Edge Client exposes the current session ID as part of the request URI when sending Keep-Alive' requests over an SSL channel. This approach can lead to exploit vulnerabilities in man-in-the-middle MITM SSL terminating proxies, which log the complete URI in thei...
K25353544: libidn vulnerability CVE-2016-6263
Security Advisory Description The stringpreputf8nfkcnormalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service out-of-bounds read and crash via crafted UTF-8 data. CVE-2016-6263 Impact This vulnerability may allow attackers to cause a...
K14614344: libxml2 vulnerability CVE-2016-1840
Security Advisory Description Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of...
K55625065: MySQL vulnerability CVE-2016-5624
Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML. CVE-2016-5624 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5...
K15479471: Mozilla NSS vulnerability CVE-2016-2834
Security Advisory Description Mozilla Network Security Services NSS before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service memory corruption and application crash or possibly have unspecified other impact via unknown vectors. CVE-2016-2834 Impact...
K52950150: CUPS vulnerability CVE-2014-9679
Security Advisory Description Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow. CVE-2014-9679 Impact There is no impact; F5...
K23675185: Apache Qpid vulnerabilities CVE-2016-3094 and CVE-2016-4432
Security Advisory Description CVE-2016-3094 PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service broker termination via a crafted authentication attempt, which triggers an uncaught...
K10630493: Apache Tomcat vulnerability CVE-2018-8020
Security Advisory Description Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists multiple entries of certificate statuses. Subsequently, revoked client certificates may not be properly identified, allowing...
K08613310: BIND vulnerability CVE-2017-3145
Security Advisory Description BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. CVE-2017-3145 Impact BIG-IP A remote attacker can use this flaw to make...
K48220300: libxml2 vulnerability CVE-2016-1836
Security Advisory Description Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML...
K63427774: Multiple Oracle Java SE vulnerabilities
Security Advisory Description CVE-2016-5542 Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to Libraries. CVE-2016-5554 Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and...
K10092301: BIND vulnerability CVE-2019-6471
Security Advisory Description A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 - 9.11.7, 9.12.0 - 9.12.4-P1, 9.14.0 - 9.14.2. Also all releases of the BIND 9.13 developmen...
K42378447: IPsec IKEv1 vulnerability CVE-2018-5389
Security Advisory Description The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1...
K16383: Linux RPM vulnerability CVE-2013-6435
Security Advisory Description Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d...
K51392553: libpixman vulnerability CVE-2013-1591
Security Advisory Description Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fastcompositescaledbilinear functi...
K16852653: TMM vulnerability CVE-2022-32455
Security Advisory Description When a BIG-IP LTM Client SSL profile is configured on a virtual server to perform client certificate authentication with session tickets enabled, undisclosed requests cause the Traffic Management Microkernel TMM to terminate. CVE-2022-32455 Impact Traffic is disrupte...
K14574: PHP vulnerability CVE-2012-1172
Security Advisory Description PHP has been cited with the following vulnerability, which may be locally exploitable on some F5 products: The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid open square bracket characters in name values, which makes it...
K30552262: GhostScript vulnerabilities CVE-2013-5653, CVE-2016-7977, CVE-2016-7979, and CVE-2016-8602
Security Advisory Description CVE-2013-5653 The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file. CVE-2016-7977 Ghostscript before 9.21 might allow remote attackers to bypass the SAFER...
K23203045: BIG-IP Advanced WAF and ASM REST API vulnerability CVE-2021-23014
Security Advisory Description BIG-IP Advanced WAF and ASM are missing authorization checks for file uploads to a specific directory within the REST API, which might allow authenticated users with guest privileges to upload files. CVE-2021-23014 Impact If an attacker has network access to the BIG-...
K15493: OpenSSH vulnerability CVE-2006-5229
Security Advisory Description OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid one...
K10674: Netscape reuse cipher change bug - Qualsys QID 38284
Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...
K92800352: NTP vulnerability CVE-2016-4953
Security Advisory Description ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service ephemeral-association demobilization by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. CVE-2016-4953 Impact There is no impact; F5 products...
K33820305: runc vulnerability CVE-2021-30465
Security Advisory Description runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack th...