6294 matches found
K16852653: TMM vulnerability CVE-2022-32455
Security Advisory Description When a BIG-IP LTM Client SSL profile is configured on a virtual server to perform client certificate authentication with session tickets enabled, undisclosed requests cause the Traffic Management Microkernel TMM to terminate. CVE-2022-32455 Impact Traffic is disrupte...
K92140924: F5 management sshd vulnerability CVE-2017-6128
Security Advisory Description An undisclosed traffic pattern received on an F5 management interface may cause the Secure Shell Daemon sshd to stop responding, resulting in a Denial-of-Service DoS. CVE-2017-6128 Impact An attacker may be able to cause a denial-of-service DoS attack against the ssh...
K66851119: F5 TMUI XSS vulnerability CVE-2021-22994
Security Advisory Description Undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role. This vulnerability is due to an incomplete fix for CVE-2020-5948. CVE-2021-22994 Impa...
K6634: pam_ldap vulnerability - CVE-2005-2641
Security Advisory Description Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...
K15748: BIND vulnerability CVE-2010-0290
Security Advisory Description Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled CD, allows remote attackers to conduct DNS cache poisoning attacks by...
K15958: Ghostscript BaseFont vulnerability CVE-2008-6679
Security Advisory Description Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and possibly other versions, allows remote attackers to cause a denial of service ps2pdf crash and possibly execute arbitrary code via a crafted Postscript file. CVE-2008-6679 Impact None. No F5...
K17174: OpenJDK vulnerability CVE-2015-4733
Security Advisory Description Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. CVE-2015-4733 Impact Confidentiality is affected when...
K16715: Multiple LibTIFF vulnerabilities
Security Advisory Description CVE-2013-1960 Heap-based buffer overflow in the t2pprocessjpegstrip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted TIFF image file. CVE-2013-1961 Stack-bas...
K04327111: Linux kernel vulnerability CVE-2019-3896
Security Advisory Description A double-free can happen in idrremoveall in lib/idr.c in the Linux kernel 2.6 branch. An unprivileged local attacker can use this flaw for a privilege escalation or for a system crash and a denial of service DoS. CVE-2019-3896 Impact Traffix SDC An attacker may cause...
K91090139: BIND vulnerability CVE-2020-8624
Security Advisory Description In BIND 9.9.12 - 9.9.13, 9.10.7 - 9.10.8, 9.11.3 - 9.11.21, 9.12.1 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.9.12-S1 - 9.9.13-S1, 9.11.3-S1 - 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset o...
K48042976: BIG-IP SSL vulnerability CVE-2016-4545
Security Advisory Description On virtual servers with Secure Sockets Layer SSL profiles enabled, an SSL alert sent during the handshake may produce unnecessary logging and resource consumption on a BIG-IP system that is running 11.5.4 FINAL, possibly causing the Traffic Management Microkernel TMM...
SOL47605350 - MySQL vulnerability CVE-2016-5631
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL62477129 - MySQL vulnerability CVE-2016-5584
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL31542650 - PHP and libGD vulnerability CVE-2016-7568
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL58243048 - Considerations for transferring files from F5 devices
Vulnerability Description The BIG-IP system uses Secure Vault, a secure SSL-encrypted storage system, to securely store sensitive data such as SSL key passphrases, users, and administrator and services passwords. However, files transferred from an F5 device may contain sensitive information such ...
SOL02026963 - LibTIFF vulnerability CVE-2016-3632
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL52950150 - CUPS vulnerability CVE-2014-9679
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL05125306 - glibc vulnerability CVE-2016-1234
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL92800352 - NTP vulnerability CVE-2016-4953
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL35424631 - OpenSSH vulnerability CVE-2016-1907
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL13511366 - PCRE vulnerability CVE-2014-9769
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SOL17267 - XSS vulnerability in Apache CVE-2002-0840
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...
SOL17257 - D-Bus vulnerability CVE-2014-3639
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...
SOL17155 - TMM vulnerability CVE-2015-4638
Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...
SOL17238 - Node.js vulnerability CVE-2015-5380
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL16939 - Multiple Wireshark vulnerabilities
CVE-2014-6421 Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service application crash via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors. CVE-2014-6422 The SDP dissector ...
SOL16876 - Mount (seunshare_mount) vulnerability CVE-2011-1101
CVE-2011-1101 The seunsharemount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux RHEL 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the...
SOL16366 - GNU C Library (glibc) vulnerability CVE-2015-1472
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL15958 - Ghostscript BaseFont vulnerability CVE-2008-6679
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL15131 - BIND vulnerability CVE-2010-0218
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy...
SOL4369 - Configuration utility login vulnerability - CR45786
BIG-IP 9.0.2 through 9.0.4 cache login credentials for the Configuration utility. Once a user is logged in, the cache does not check the password entered for additional sessions under that user name. As a result, it is possible to gain access to the BIG-IP Configuration utility without a password...
K000150987: PostgreSQL pgAdmin vulnerabilities CVE-2025-2945 and CVE-2025-2946
Security Advisory Description CVE-2025-2945 Remote Code Execution security vulnerability in pgAdmin 4 Query Tool and Cloud Deployment modules. The vulnerability is associated with the 2 POST endpoints; /sqleditor/querytool/download, where the querycommited parameter and /cloud/deploy endpoint,...
K000149068: Multiple PostGreSQL vulnerabilities
Security Advisory Description CVE-2017-7485 In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle...
K000148931: Linux kernel vulnerability CVE-2024-26923
Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: afunix: Fix garbage collector racing against connect Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that...
K000148479: Linux kernel vulnerability CVE-2023-52881
Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent This patch is based on a detailed report and ideas from Yepeng Pan and Christian Rossow. ACK seq validation is currently following RFC 5961 5.2 guideline...
K000141503: Intel UEFI vulnerability CVE-2023-42772
Security Advisory Description Untrusted pointer dereference in UEFI firmware for some IntelR reference processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2023-42772 Impact There is no impact; F5 products are not affected by this vulnerabilit...
K000141046: Python PyPA vulnerability CVE-2022-40897
Security Advisory Description Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service ReDoS in packageindex.py. CVE-2022-40897 Impact...
K000140250: Expat vulnerability CVE-2023-52426
Security Advisory Description libexpat through 2.5.0 allows recursive XML Entity Expansion if XMLDTD is undefined at compile time. CVE-2023-52426 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the...
K000140042: libldap vulnerability CVE-2020-15719
Security Advisory Description libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName SAN. This is fixed in, for example, openldap-2.4.46-10.el8 i...
K000139917: Libxml2 vulnerability CVE-2022-40303
Security Advisory Description An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading ...
K000139685: Python vulnerability CVE-2023-40217
Security Advisory Description An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP servers that use TLS client authentication. If a TLS server-side socket is created, receives data into the...
K000139667: MySQL vulnerability CVE-2024-21056
Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQ...
K000138898: BIG-IP Advanced WAF/ASM, BIG-IP Next WAF, and NGINX App Protect WAF attack signature check failure
Security Advisory Description BIG-IP Advanced WAF/ASM, BIG-IP Next WAF, or NGINX App Protect WAF may fail to match an attack signature. This issue occurs when all of the following conditions are met: The affected security policy has a large number of attack signatures enabled for example, all or...
K000139340: Apache Tomcat vulnerability CVE-2024-22029
Security Advisory Description A flaw was found in the Tomcat package of OpenSUSE and derived distributions. This issue occurs due to incorrect permissions and a race condition in the %post section of the Tomcat RPM package, resulting in local privilege escalation when the Tomcat package is...
K000137270: BIG-IP Advanced WAF and BIG-IP ASM vulnerability CVE-2024-21789
Security Advisory Description When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. CVE-2024-21789 Impact System performance can degrade until the bd process is either forced to restart or is...
K98606833: BIG-IP and BIG-IQ scp vulnerability CVE-2024-21782
Security Advisory Description BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy scp utility but do not have access to Advanced Shell bash can execute arbitrary commands with a specially crafted command string. This vulnerability is due to an...
K000137416: BIG-IP Advanced WAF and BIG-IP ASM vulnerability CVE-2024-23308
Security Advisory Description When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based...
K000137734: MariaDB/MySQL vulnerability CVE-2023-22084
Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...
K000137201: Intel BIOS vulnerability CVE-2022-37343
Security Advisory Description Improper access control in the BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2022-37343 Impact This vulnerability may allow a privileged user to potentially enable escalation o...
K26910459: BIG-IP iControl REST vulnerability CVE-2023-42768
Security Advisory Description When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST, the BIG-IP non-admin user can still access the iContro...