K34441555: BIG-IP TMM vulnerability CVE-2021-23000

Security Advisory Description If the tmm.http.rfc.enforcement BigDB key is enabled in a BIG-IP system, or the Bad host header value is checked in the AFM HTTP security profile associated with a virtual server, in rare instances, a specific sequence of malicious requests may cause TMM to restart...

K82356391: Intel CPU vulnerability CVE-2020-0591

Security Advisory Description Improper buffer restrictions in BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2020-0591 Impact There is no impact; F5 products are not affected by this vulnerability. F5...

K48572812: XSS vulnerability in F5 WebSafe Dashboard CVE-2016-5235

Security Advisory Description A Cross Site Scripting XSS vulnerability in F5 WebSafe Dashboard allows an unauthenticated user to inject HTML via a crafted alert. CVE-2016-5235 Impact The F5 WebSafe Dashboard may allow modification by unauthorized users. Security Advisory Status F5 Product...

K43254923: Apache Ranger vulnerability CVE-2016-2174

Security Advisory Description SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime. CVE-2016-2174 Impact There is no impact;...

K46264120: BIND vulnerability CVE-2016-1285

Security Advisory Description named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service assertion failure and daemon exit via a malformed packet to the rndc aka control channel interface, related to alist.c and sexpr.c. CVE-2016-1285...

K06288381: NTP vulnerabilities CVE-2015-7977 and CVE-2015-7978

Security Advisory Description CVE-2015-7977 ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service NULL pointer dereference via a ntpdc reslist command. CVE-2015-7978 NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a...

K15133: BIND vulnerability CVE-2014-0591

Security Advisory Description The queryfindclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service INSIST assertion failure and daemon exit via a crafte...

K000132680: systemd vulnerability CVE-2022-2526

Security Advisory Description A use-after-free vulnerability was found in systemd. This issue occurs due to the onstreamio function and dnsstreamcomplete function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks...

K000130512: SQLite vulnerability CVE-2022-35737

Security Advisory Description SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. CVE-2022-35737 Impact An authenticated remote attacker can exploit this vulnerability by sending a specially crafted...

SOL26430555 - MySQL vulnerability CVE-2016-5625

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

SOL06430416 - Zend Framework vulnerability CVE-2015-7695

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

SOL19784568 - TMM vulnerability CVE-2016-5023

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL31925518 - BIG-IP APM access logs vulnerability CVE-2016-1497

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL45816067 - bzip2 vulnerability CVE-2016-3189

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

SOL05125306 - glibc vulnerability CVE-2016-1234

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL87669052 - Multiple Wireshark (tshark) vulnerabilities

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL81223200 - Oracle Java SE vulnerability CVE-2016-3425

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL73455417 - obs-service-extract_file package vulnerability CVE-2016-4007

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

SOL34250741 - BIND vulnerability CVE-2015-8000

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL17529 - NTP vulnerability CVE-2015-7703

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL17331 - PCRE library vulnerability CVE-2015-5073

Recommended Action If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are currently...

SOL17174 - OpenJDK vulnerability CVE-2015-4733

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...

SOL17112 - ikiwiki cross-site scripting via openid_identifier vulnerability CVE-2015-2793

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...

SOL16945 - Mailx vulnerabilities CVE-2004-2771 and CVE-2014-7844

CVE-2014-7844 The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell meta characters in an email address. CVE-2004-2771 A flaw was found in the way mailx handled the parsing of email addresses...

SOL16830 - Linux vulnerability CVE-2014-8171

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...

SOL16337 - OpenSSL vulnerability CVE-2009-5146

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...

SOL16120 - OpenSSL vulnerability CVE-2014-3570

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...

SOL16010 - GNU C Library (glibc) vulnerability CVE-2014-7817

These versions of BIG-IP, BIG-IQ, and Enterprise Manager have a vulnerable version of glibc code. However, the risk level for this vulnerability is considered LOW because F5 product development has verified that the vulnerable code is NOT used in a way that would make an exploit possible. These...

SOL15689 - Fine Free file vulnerabilites CVE-2014-1943 and CVE-2014-2270

Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy...

SOL15358 - OpenSSL vulnerability CVE-2009-0590

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

SOL15351 - OpenSSL DTLS ChangeCipherSpec vulnerability CVE-2009-1386

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

SOL15314 - OpenSSL vulnerability CVE-2011-4577

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To...

SOL15180 - OpenSSL vulnerability CVE-2013-4353

Recommended action You can eliminate this vulnerability by running a version listed in the Versions known to be not vulnerable column. If the column does not list a version that is newer than the version you are running, then no upgrade candidate currently exists. To mitigate this vulnerability,...

K10905 : NTP vulnerability - CVE-2009-3563

Security Advisory Description Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...

SOL13463 - FirePass SQL injection vulnerability - CVE-2012-1777

Recommended action To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column in the previous table. F5 strongly recommends installing FirePass HF-377712-1 to address this vulnerability. Supplemental Information CERT advisory regarding...

SOL13233 - TMM vulnerability CVE-2013-6016

Vulnerability Recommended Actions To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column in the previous table. Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS...

SOL5716 - Authentication bypass in PAM LDAP module - CAN-2005-2641

Vulnerability description: Vulnerability in pamldap before 180 does not properly handle a new password policy control, which could allow attackers to gain privileges. Information about this advisory is available at the following locations: US-CERT Vulnerability Note VU778916 pamldap authenticatio...

SOL2104 - Buffer read overflow in DNS resolver libraries - CAN-2002-1146

Information about this vulnerability can be found at the following location: Note: This link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge...

K000148689: Qt vulnerability CVE-2023-32762

Security Advisory Description An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security HSTS header, allowing unencrypted connections to be established, even when explicitly prohibited by the...

K000140787: Gunicorn vulnerability CVE-2024-1135

Security Advisory Description Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This iss...

K000140696: Qt vulnerability CVE-2023-51714

Security Advisory Description An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. CVE-2023-51714 Impact There is no...

K000140303: Apache Tomcat vulnerability CVE-2024-34750

Security Advisory Description Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams...

K000139876: Linux kernel vulnerability CVE-2021-46955

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4 packets running openvswitch on kernels built with KASAN, it's possible to see the following splat while testing fragmentation of IPv4 packets:...

K000139700: Linux kernel usbmon vulnerability CVE-2022-43750

Security Advisory Description drivers/usb/mon/monbin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory. CVE-2022-43750 Impact This vulnerability may allow an attacker with local access to gain improper privilege...

K000139667: MySQL vulnerability CVE-2024-21056

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQ...

K000139608: MySQL Server vulnerability CVE-2024-21087

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access...

K000138894: BIG-IP Configuration utility XSS vulnerability CVE-2024-33604

Security Advisory Description A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. CVE-2024-33604 Impact An attacker may exploit this...

K000139533: MySQL vulnerability CVE-2024-21090

Security Advisory Description Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/Python. Supported versions that are affected are 8.3.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to...

K000134516: BIG-IP SSL Client Certificate LDAP and CRLDP Authentication profiles vulnerability CVE-2024-23979

Security Advisory Description When an SSL Client Certificate LDAP or Certificate Revocation List Distribution Point CRLDP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. CVE-2024-23979 Impact System performance can...

K000137791: Linux kernel vulnerability CVE-2023-35788

Security Advisory Description An issue was discovered in flsetgeneveopt in net/sched/clsflower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCAFLOWERKEYENCOPTSGENEVE packets. This may result in denial of service or privilege escalation...