6395 matches found
K16323: OpenSSL vulnerability CVE-2015-0209
Security Advisory Description Use-after-free vulnerability in the d2iECPrivateKey function in crypto/ec/ecasn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service memory corruption and application...
K16318: OpenSSL vulnerability CVE-2015-0287
Security Advisory Description The ASN1itemexd2i function in crypto/asn1/tasndec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service invalid wri...
K17172: OpenJDK vulnerability CVE-2015-2638
Security Advisory Description Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. CVE-2015-2638 Impact Confidentiality ...
K16715: Multiple LibTIFF vulnerabilities
Security Advisory Description CVE-2013-1960 Heap-based buffer overflow in the t2pprocessjpegstrip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted TIFF image file. CVE-2013-1961 Stack-bas...
K09052213: glibc vulnerability CVE-2015-8777
Security Advisory Description The processenvvars function in elf/rtld.c in the GNU C Library aka glibc or libc6 before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LDPOINTERGUARD environment variable. CVE-2015-8777 Impact This vulnerability may...
K01471335: BIND vulnerability CVE-2016-2848
Security Advisory Description ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remote attackers to cause a denial of service assertion failure and daemon exit via malformed options data in an OPT resource record. CVE-2016-2848 Impact A remote attacker may be able to cause a...
K82356391: Intel CPU vulnerability CVE-2020-0591
Security Advisory Description Improper buffer restrictions in BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2020-0591 Impact There is no impact; F5 products are not affected by this vulnerability. F5...
K06288381: NTP vulnerabilities CVE-2015-7977 and CVE-2015-7978
Security Advisory Description CVE-2015-7977 ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service NULL pointer dereference via a ntpdc reslist command. CVE-2015-7978 NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a...
K48042976: BIG-IP SSL vulnerability CVE-2016-4545
Security Advisory Description On virtual servers with Secure Sockets Layer SSL profiles enabled, an SSL alert sent during the handshake may produce unnecessary logging and resource consumption on a BIG-IP system that is running 11.5.4 FINAL, possibly causing the Traffic Management Microkernel TMM...
K12156: PHP xmlrpc vulnerability - CVE-2010-0397
Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...
SOL31542650 - PHP and libGD vulnerability CVE-2016-7568
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL58243048 - Considerations for transferring files from F5 devices
Vulnerability Description The BIG-IP system uses Secure Vault, a secure SSL-encrypted storage system, to securely store sensitive data such as SSL key passphrases, users, and administrator and services passwords. However, files transferred from an F5 device may contain sensitive information such ...
SOL19784568 - TMM vulnerability CVE-2016-5023
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL05125306 - glibc vulnerability CVE-2016-1234
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL13511366 - PCRE vulnerability CVE-2014-9769
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL17529 - NTP vulnerability CVE-2015-7703
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL17112 - ikiwiki cross-site scripting via openid_identifier vulnerability CVE-2015-2793
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...
SOL16945 - Mailx vulnerabilities CVE-2004-2771 and CVE-2014-7844
CVE-2014-7844 The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell meta characters in an email address. CVE-2004-2771 A flaw was found in the way mailx handled the parsing of email addresses...
SOL16900 - Multiple FreeType vulnerabilities
1The FreeType package exists on the BIG-IP system but is not used in a way that exposes this vulnerability. Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed...
SOL16830 - Linux vulnerability CVE-2014-8171
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...
SOL16416 - GNU C library strxfrm/strcoll overflow vulnerabilities
Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...
SOL16383 - Linux RPM vulnerability CVE-2013-6435
Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...
SOL16366 - GNU C Library (glibc) vulnerability CVE-2015-1472
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL16356 - BIND vulnerability CVE-2015-1349
Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...
SOL16108 - BIND vulnerability CVE-2014-8680
Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...
SOL15783 - Kerberos vulnerability CVE-2013-1417
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL15689 - Fine Free file vulnerabilites CVE-2014-1943 and CVE-2014-2270
Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy...
SOL15314 - OpenSSL vulnerability CVE-2011-4577
Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To...
K10905 : NTP vulnerability - CVE-2009-3563
Security Advisory Description Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...
SOL13463 - FirePass SQL injection vulnerability - CVE-2012-1777
Recommended action To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column in the previous table. F5 strongly recommends installing FirePass HF-377712-1 to address this vulnerability. Supplemental Information CERT advisory regarding...
SOL5716 - Authentication bypass in PAM LDAP module - CAN-2005-2641
Vulnerability description: Vulnerability in pamldap before 180 does not properly handle a new password policy control, which could allow attackers to gain privileges. Information about this advisory is available at the following locations: US-CERT Vulnerability Note VU778916 pamldap authenticatio...
SOL2104 - Buffer read overflow in DNS resolver libraries - CAN-2002-1146
Information about this vulnerability can be found at the following location: Note: This link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge...
SOL4944 - SSL decryption vulnerabilities - CR47778, CR48873, CR53987, CR54002
Workaround If upgrading is not an immediate option, you can prevent exploitation of these vulnerabilities temporarily by disabling NATIVE ciphers on any clientssl or serverssl profiles that require or request authentication. To do so, add :!NATIVE to the profiles' ciphers option available in the...
K000159034: BIG-IP HTTP/2 vulnerability CVE-2026-42409
Security Advisory Description When an HTTP/2 profile and an iRule containing the HTTP::redirect or HTTP::respond command are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM process to terminate. CVE-2026-42409 Impact Traffic is disrupted while...
K000149959: NGINX Unit vulnerability CVE-2025-1695
Security Advisory Description When NGINX Unit with the Java Language Module is in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. CVE-2025-1695 Impact System performance can degrade due to high CPU utilization. This vulnerability allows a...
K000148931: Linux kernel vulnerability CVE-2024-26923
Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: afunix: Fix garbage collector racing against connect Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that...
K000148687: qt vulnerabilities CVE-2018-21035, CVE-2015-1290, CVE-2013-0254, and CVE-2023-43114
Security Advisory Description CVE-2018-21035 In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service memory consumption. CVE-2015-1290 The Google V8...
K000148479: Linux kernel vulnerability CVE-2023-52881
Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent This patch is based on a detailed report and ideas from Yepeng Pan and Christian Rossow. ACK seq validation is currently following RFC 5961 5.2 guideline...
K000148436: Linux kernel vulnerabilities CVE-2020-36558, CVE-2023-2002, CVE-2023-4622, and CVE-2023-4623
Security Advisory Description CVE-2020-36558 A race condition in the Linux kernel before 5.5.7 involving VTRESIZEX could lead to a NULL pointer dereference and general protection fault. CVE-2023-2002 A vulnerability was found in the HCI sockets implementation due to a missing capability check in...
K000141463: Angular JS vulnerabilities CVE-2019-10768 and CVE-2023-26116
Security Advisory Description CVE-2019-10768 In AngularJS before 1.7.9 the function merge could be tricked into adding or modifying properties of Object.prototype using a proto payload. CVE-2023-26116 Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Servi...
K000141253: Python vulnerability CVE-2024-22195
Security Advisory Description Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja...
K000141194: urllib3 vulnerability CVE-2018-25091
Security Advisory Description urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow for credentials in the authorization header to be exposed to unintended hosts or...
K000140732: BIND vulnerability CVE-2024-1737
Security Advisory Description Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname of any RTYPE can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects...
K000140303: Apache Tomcat vulnerability CVE-2024-34750
Security Advisory Description Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams...
K000140250: Expat vulnerability CVE-2023-52426
Security Advisory Description libexpat through 2.5.0 allows recursive XML Entity Expansion if XMLDTD is undefined at compile time. CVE-2023-52426 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the...
K000140042: libldap vulnerability CVE-2020-15719
Security Advisory Description libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName SAN. This is fixed in, for example, openldap-2.4.46-10.el8 i...
K000139794: Mozilla NSS vulnerability CVE-2023-5388
Security Advisory Description NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. CVE-2023-5388 Impact An...
K000139692: Websense vulnerabilities CVE-2006-2035 and CVE-2010-5144
Security Advisory Description CVE-2006-2035 Websense, when configured to permit access to the dynamic content category, allows local users to bypass intended blocking of the Uncategorized category by appending a "/?" sequence to a URL. CVE-2010-5144 The ISAPI Filter plug-in in Websense Enterprise...
K000139608: MySQL Server vulnerability CVE-2024-21087
Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access...
K000139577: Node.js vulnerability CVE-2024-21890
Security Advisory Description The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/.pub will ignore pub and give access to everything after .ssh/. This misleading...