6392 matches found
K000135507: Java vulnerabilities CVE-2020-14781
Security Advisory Description ​​​​​​Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JNDI. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker...
K000135330: Multiple Nucleus TCP/IP stack vulnerabilities
Security Advisory Description CVE-2021-31889 A vulnerability has been identified in APOGEE MBC PPC BACnet All versions, APOGEE MBC PPC P2 Ethernet All versions, APOGEE MEC PPC BACnet All versions, APOGEE MEC PPC P2 Ethernet All versions, APOGEE PXC Compact BACnet All versions = V2.3 and = V2.3 an...
K000135001: Python URLlib3 vulnerability CVE-2019-11236
Security Advisory Description In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. CVE-2019-11236 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development...
K000134793: OpenJDK vulnerability CVE-2018-2952
Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Concurrency. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit...
K000134744: Intel BIOS vulnerability CVE-2022-38087
Security Advisory Description Exposure of resource to wrong sphere in BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable information disclosure via local access. CVE-2022-38087 Impact A privileged user may be able to enable information disclosure via local...
K000134735: Intel BIOS vulnerability CVE-2022-33894
Security Advisory Description Improper input validation in the BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2022-33894 Impact There is no impact; F5 products are not affected by this vulnerability. Securit...
K000134670: Linux kernel vulnerability CVE-2022-2964
Security Advisory Description A flaw was found in the Linux kernel's driver for the ASIX AX88179178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes. CVE-2022-2964 Impact There is no impact; F5 products are not...
K000133616: Node.js vulnerability CVE-2023-23919
Security Advisory Description A cryptographic vulnerability exists in Node.js 19.2.0, 18.14.1, 16.19.1, 14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that...
K96003129: Intel CPU vulnerability CVE-2020-24489
Security Advisory Description Incomplete cleanup in some IntelR VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2020-24489 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5...
K29280193: BIG-IP Configuration utility vulnerability CVE-2019-6597
Security Advisory Description When authenticated administrative users run commands in the Traffic Management User Interface TMUI, also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. CVE-2019-6597 Impact BIG-IP and Enterprise Manager This...
K49440608: TMOS vulnerability CVE-2018-5509
Security Advisory Description When a specifically configured virtual server receives traffic of an undisclosed nature, the Traffic Management Microkernel TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration that exposes this issue is n...
K55129614: tcpdump vulnerabilities CVE-2016-7975, CVE-2016-7986, and CVE-2017-5341
Security Advisory Description CVE-2016-7975 The TCP parser in tcpdump before 4.9.0 has a buffer overflow in print-tcp.c:tcpprint. CVE-2016-7986 The GeoNetworking parser in tcpdump before 4.9.0 has a buffer overflow in print-geonet.c, multiple functions. CVE-2017-5341 The OTV parser in tcpdump...
K13053402: TMM vulnerability CVE-2016-7468
Security Advisory Description An unauthenticated remote attacker may be able to disrupt services on F5 BIG-IP 11.4.1 - 11.5.4 devices with maliciously crafted network traffic. This vulnerability affects virtual servers associated with TCP profiles when the BIG-IP system's tm.tcpprogressive db...
K30446705: GnuTLS vulnerability CVE-2020-13777
Security Advisory Description GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3. The earliest affected version is 3.6.4 2018-09-24 because of an error in a 2018-09-18 commit. Until t...
K14712: The BIG-IP APM access policy logout page may be vulnerable to XSS cookie tampering CVE-2013-5976
Security Advisory Description Description The BIG-IP APM access policy logout page may be vulnerable to cross-site scripting XSS. Impact XSS protection in the BIG-IP APM access policy logout page may be insufficient. Security Advisory Status F5 Product Development tracked this vulnerability as ID...
K54562183: BIG-IP PEM vulnerability CVE-2018-5503
Security Advisory Description TMM may restart when processing a specifically crafted page through a virtual server with an associated PEM policy that has content insertion as an action. CVE-2018-5503 Impact An attacker may be able to cause a remote denial of service DoS. Security Advisory Status ...
K15155: OpenSSH vulnerability CVE-2007-3102
Security Advisory Description Unspecified vulnerability in the linuxauditrecordevent function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. CVE-2007-3102 Impact None. F5 products...
K65397301: iRules RESOLVER::summarize memory leak vulnerability CVE-2021-23049
Security Advisory Description When the iRules RESOLVER::summarize command is used on a virtual server, undisclosed requests can cause an increase in Traffic Management Microkernel TMM memory utilization resulting in an out-of-memory condition and a denial-of-service DoS. CVE-2021-23049 Impact...
K58935003: F5 Container Connector vulnerability CVE-2018-5543
Security Advisory Description The F5 BIG-IP Controller for Kubernetes k8s-bigip-crtl passes BIG-IP username and password as command line parameters, which may lead to disclosure of the credentials used by the container. CVE-2018-5543 Impact F5 BIG-IP Controller for Kubernetes This vulnerability...
K88474783: BIG-IP DoS profile vulnerability CVE-2020-5879
Security Advisory Description Under certain configurations, the BIG-IP system sends data plane traffic to back-end servers unencrypted, even when a Server SSL profile is applied. CVE-2020-5879 Impact The affected system sends some requests to the back-end server without encryption, possibly leaki...
K80945213: BIG-IP ASM and F5 Advanced WAF attack signature check failure security exposure
Security Advisory Description A BIG-IP ASM and F5 Advanced Web Application Firewall Advanced WAF attack signature check may fail to detect and block certain GET requests when cross-site request forgery CSRF protection is enabled. Impact Attackers may be able to bypass BIG-IP ASM and Advanced WAF...
K17119: MySQL vulnerability CVE-2015-2576
Security Advisory Description Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to Installation. CVE-2015-2576 Impact There is no impact; F5 products are not...
K13434228: Apache Struts vulnerability CVE-2012-0392
Security Advisory Description The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method...
K19916307: glibc vulnerability CVE-2015-1473
Security Advisory Description The ADDW macro in stdio-common/vfscanf.c in the GNU C Library aka glibc or libc6 before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of...
K12936322: BIG-IP restjavad vulnerability CVE-2020-5912
Security Advisory Description The restjavad process dump command does not follow current best coding practices and may overwrite arbitrary files. CVE-2020-5912 Impact A locally authenticated attacker may exploit this vulnerability by overwriting arbitrary files on the file system. Security Adviso...
K03512441: ImageMagick vulnerability CVE-2019-13136
Security Advisory Description ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c. CVE-2019-13136 Impact BIG-IP AAM, Edge Gateway, WebAccelerator This issue affects BIG-IP systems only when WAM or AAM is provisioned. If exploited...
K01993501: Linux kernel vulnerability CVE-2016-10906
Security Advisory Description An issue was discovered in drivers/net/ethernet/arc/emacmain.c in the Linux kernel before 4.5. A use-after-free is caused by a race condition between the functions arcemactx and arcemactxclean. CVE-2016-10906 Impact There is no impact; F5 products are not affected by...
K18491258: Cluster component of Oracle MySQL vulnerabilities CVE-2016-5541, CVE-2017-3321, CVE-2017-3322, and CVE-2017-3323
Security Advisory Description CVE-2016-5541 Vulnerability in the MySQL Cluster component of Oracle MySQL subcomponent: Cluster: NDBAPI. Supported versions that are affected are 7.2.26 and earlier, 7.3.14 and earlier and 7.4.12 and earlier. Difficult to exploit vulnerability allows unauthenticated...
K03814795: Linux kernel vulnerability CVE-2019-16089
Security Advisory Description An issue was discovered in the Linux kernel through 5.2.13. nbdgenlstatus in drivers/block/nbd.c does not check the nlaneststartnoflag return value. CVE-2019-16089. Impact This vulnerability may allow a local user to perform a denial-of-service DoS attack. Security...
K61643620: BIG-IP TMUI XSS vulnerability CVE-2021-23038
Security Advisory Description A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. CVE-2021-23038 Impact An authenticated attacker may exploit...
K23720587: Apache Solr vulnerability CVE-2019-12409
Security Advisory Description The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLEREMOTEJMXOPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX...
K67190282: MySQL X plugin vulnerabilities CVE-2017-3637 and CVE-2017-3646
Security Advisory Description CVE-2017-3637 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: X Plugin. Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols...
K31833420: Multiple Oracle Java SE vulnerabilities
Security Advisory Description CVE-2022-21305 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and...
K48209417: PostgreSQL vulnerabilities CVE-2018-10915 and CVE-2018-10925
Security Advisory Description CVE-2018-10915 A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrust...
K25033460: TMM vulnerability CVE-2017-6133
Security Advisory Description In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, undisclosed HTTP requests may cause a denial of service. CVE-2017-6133 Impact The Traffic Management Microkernel TMM generates a core...
K16781: Linux kernel vulnerability CVE-2014-3535
Security Advisory Description Description include/linux/netdevice.h in the Linux kernel before 2.6.36 incorrectly uses macros for netdevprintk and its related logging implementation, which allows remote attackers to cause a denial of service NULL pointer dereference and system crash by sending...
K17171: OpenJDK vulnerability CVE-2015-2628
Security Advisory Description Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. CVE-2015-2628 Impact Confidentiality, integrity, and...
K15931: Unbound vulnerability CVE-2014-8602
Security Advisory Description iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service memory and CPU consumption via a large or infinite number of referrals. CVE-2014-8602 Impact An attacker with a properly...
K17335: GnuTLS vulnerability CVE-2015-6251
Security Advisory Description Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName DN entry in a certificate. CVE-2015-6251 Impact This vulnerability allows disruption of service. Security Adviso...
K2591: Linux kernel vulnerabilities CAN-2003-0244 and CAN-2003-0246
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K77508618: Multiple Oracle MySQL vulnerabilities
Security Advisory Description CVE-2016-0502 Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. CVE-2016-0505 Unspecified vulnerability in Oracle MySQL 5.5.46 and...
K8920: Linux kernel vulnerability CVE-2007-2876
Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...
K16875: file vulnerability CVE-2012-1571
Security Advisory Description file before 5.11 and libmagic allow remote attackers to cause a denial of service crash via a crafted Composite Document File CDF file that triggers 1 an out-of-bounds read or 2 an invalid pointer dereference. CVE-2012-1571 Impact An attacker could cause a...
K24444495: Linux kernel vulnerability CVE-2016-10764
Security Advisory Description In the Linux kernel before 4.9.6, there is an off by one in the drivers/mtd/spi-nor/cadence-quadspi.c cqspisetupflash function. There are CQSPIMAXCHIPSELECT elements in the -fpdata array so the "" should be "=" instead. CVE-2016-10764 Impact There is no impact; F5...
K11785283: GnuPG vulnerability CVE-2012-6085
Security Advisory Description The readblock function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service application crash via a crafted length field of an OpenPGP...
K14154: SQL injection vulnerability from an authenticated source CVE-2012-3000
Security Advisory Description An SQL injection vulnerability exists in a BIG-IP component. This local vulnerability may allow an authenticated attacker to download arbitrary files from the file system. Impact An attacker may be able to exploit the vulnerability and retrieve arbitrary files or...
K3369: TCP reassembly queue vulnerability CAN-2004-0171
Security Advisory Description Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5...
K16398: Python vulnerability CVE-2006-4980
Security Advisory Description Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts. CVE-2006-4980 Impact...
K73761475: MySQL Memcached vulnerability CVE-2017-3633
Security Advisory Description Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Memcached. Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
K17444: libXfont vulnerabilities CVE-2015-1802, CVE-2015-1803, and CVE-2015-1804
Security Advisory Description CVE-2015-1802 The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service out-of-bounds write and crash or possibly execute arbitrary code via a 1 negative or ...