6395 matches found
K000132680: systemd vulnerability CVE-2022-2526
Security Advisory Description A use-after-free vulnerability was found in systemd. This issue occurs due to the onstreamio function and dnsstreamcomplete function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks...
K000130546: Gzip vulnerability CVE-2022-1271
Security Advisory Description An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs d...
K000130512: SQLite vulnerability CVE-2022-35737
Security Advisory Description SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. CVE-2022-35737 Impact An authenticated remote attacker can exploit this vulnerability by sending a specially crafted...
SOL26430555 - MySQL vulnerability CVE-2016-5625
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL03534020 - PHP vulnerability CVE-2016-5767
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL71489519 - Wireshark vulnerability CVE-2015-4652
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL31925518 - BIG-IP APM access logs vulnerability CVE-2016-1497
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL45816067 - bzip2 vulnerability CVE-2016-3189
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL04054286 - Linux kernel TCP vulnerability CVE-2016-2070
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL23432135 - Apache Struts 2 vulnerability CVE-2016-3093
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL51758043 - MySQL vulnerability CVE-2016-0639
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL23675185 - Apache Qpid vulnerabilities CVE-2016-3094 and CVE-2016-4432
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL92800352 - NTP vulnerability CVE-2016-4953
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL15439022 - glibc vulnerability CVE-2016-3075
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL21632201 - Linux kernel vulnerability CVE-2011-5321
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL17517 - NTP vulnerability CVE-2015-7701
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL17331 - PCRE library vulnerability CVE-2015-5073
Recommended Action If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are currently...
SOL17238 - Node.js vulnerability CVE-2015-5380
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL16876 - Mount (seunshare_mount) vulnerability CVE-2011-1101
CVE-2011-1101 The seunsharemount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux RHEL 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the...
SOL16686 - Point-to-Point Protocol (PPP) vulnerability CVE-2015-3310
Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...
SOL16010 - GNU C Library (glibc) vulnerability CVE-2014-7817
These versions of BIG-IP, BIG-IQ, and Enterprise Manager have a vulnerable version of glibc code. However, the risk level for this vulnerability is considered LOW because F5 product development has verified that the vulnerable code is NOT used in a way that would make an exploit possible. These...
SOL15958 - Ghostscript BaseFont vulnerability CVE-2008-6679
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL15797 - Linux kernel vulnerability CVE-2012-4461
Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. Supplemental...
SOL15478 - PHP vulnerability CVE-2012-2386
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL15389 - OpenSSL vulnerability CVE-2011-4576
Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To mitigate this...
SOL15358 - OpenSSL vulnerability CVE-2009-0590
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL13233 - TMM vulnerability CVE-2013-6016
Vulnerability Recommended Actions To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column in the previous table. Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS...
SOL7983 - ClamAV NULL dereference vulnerability - CVE-2007-4510
The FirePass controller can be configured to provide anti-virus scanning of files uploaded through Portal Access through the ClamAV open source software. Scanning is configured on the Antivirus tab of the Portal Access Content Inspection page, through the Enable Standalone virus Scanner option...
SOL1877 - OpenSSH Remote Challenge Vulnerability - CAN-2001-1279
Information about this advisory can be found at the following location:...
K000150987: PostgreSQL pgAdmin vulnerabilities CVE-2025-2945 and CVE-2025-2946
Security Advisory Description CVE-2025-2945 Remote Code Execution security vulnerability in pgAdmin 4 Query Tool and Cloud Deployment modules. The vulnerability is associated with the 2 POST endpoints; /sqleditor/querytool/download, where the querycommited parameter and /cloud/deploy endpoint,...
K000149072: PostgreSQL vulnerabilities CVE-2015-5288, CVE-2015-3165, CVE-2014-8161, and CVE-2014-2669
Security Advisory Description CVE-2015-5288 The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service server crash or read arbitrary server memory via a...
K000148689: Qt vulnerability CVE-2023-32762
Security Advisory Description An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security HSTS header, allowing unencrypted connections to be established, even when explicitly prohibited by the...
K000148378: Kerberos vulnerability CVE-2024-26461
Security Advisory Description Kerberos 5 aka krb5 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. CVE-2024-26461 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the...
K000140787: Gunicorn vulnerability CVE-2024-1135
Security Advisory Description Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This iss...
K000139876: Linux kernel vulnerability CVE-2021-46955
Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4 packets running openvswitch on kernels built with KASAN, it's possible to see the following splat while testing fragmentation of IPv4 packets:...
K000139700: Linux kernel usbmon vulnerability CVE-2022-43750
Security Advisory Description drivers/usb/mon/monbin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory. CVE-2022-43750 Impact This vulnerability may allow an attacker with local access to gain improper privilege...
K000139685: Python vulnerability CVE-2023-40217
Security Advisory Description An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP servers that use TLS client authentication. If a TLS server-side socket is created, receives data into the...
K000139667: MySQL vulnerability CVE-2024-21056
Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQ...
K000139654: Intel oneAPI vulnerabilities CVE-2023-24592 and CVE-2023-27383
Security Advisory Description CVE-2023-24592 Path traversal in the some IntelR oneAPI Toolkits and Component software before version 2023.1 may allow authenticated user to potentially enable escalation of privilege via local access. CVE-2023-27383 Protection mechanism failure in some IntelR oneAP...
K000139043: Apache Struts vulnerabilities CVE-2016-4430, CVE-2016-4431, and CVE-2016-4433
Security Advisory Description CVE-2016-4430 Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery CSRF attacks via unspecified vectors. CVE-2016-4431 Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers ...
K000138177: OpenSSL vulnerability CVE-2023-5363
Security Advisory Description Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in...
K000137940: Multiple Oracle MySQL vulnerabilities
Security Advisory Description CVE-2023-22015 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.7.42 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access...
K000137791: Linux kernel vulnerability CVE-2023-35788
Security Advisory Description An issue was discovered in flsetgeneveopt in net/sched/clsflower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCAFLOWERKEYENCOPTSGENEVE packets. This may result in denial of service or privilege escalation...
K26910459: BIG-IP iControl REST vulnerability CVE-2023-42768
Security Advisory Description When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST, the BIG-IP non-admin user can still access the iContro...
K000136011: Apache Tomcat Open Redirect vulnerability CVE-2023-41080
Security Advisory Description URL Redirection to Untrusted Site 'Open Redirect' vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.9...
K000135353: Apache Commons Collection serialized object injection vulnerability CVE-2017-15708
Security Advisory Description In Apache Synapse, by default no authentication is required for Java Remote Method Invocation RMI. So Apache Synapse 3.0.1 or all previous releases 3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1 allows remote code execution attacks that can be performed by injecting speciall...
K000135312: BIND vulnerability CVE-2023-2828
Security Advisory Description Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the max-cache-size statement i...
K000135001: Python URLlib3 vulnerability CVE-2019-11236
Security Advisory Description In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. CVE-2019-11236 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development...
K000134680: JSON Smart vulnerability CVE-2021-31684
Security Advisory Description A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service DOS via a crafted web request. CVE-2021-31684 Impact There is no impact; F5 products are not affected by this...
K000134636: Java vulnerabilities CVE-2018-2942 and CVE-2018-2938
Security Advisory Description CVE-2018-2942 Vulnerability in the Java SE component of Oracle Java SE subcomponent: Windows DLL. Supported versions that are affected are Java SE: 7u181 and 8u172. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...