6392 matches found
K36361684: Apache Thrift vulnerability CVE-2018-1320
Security Advisory Description Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled i...
K15172: BIND vulnerability CVE-2010-3762
Security Advisory Description Description ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, which allows remote attackers to cause a denial of service daemon crash via a DNS query...
K15482: Linux kernel vulnerability CVE-2014-4943
Security Advisory Description The PPPoL2TP feature in net/l2tp/l2tpppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. CVE-2014-4943 Impact None. No F5 products are affected by this...
K11220361: LibTIFF vulnerability CVE-2015-1547
Security Advisory Description The NeXTDecode function in tifnext.c in LibTIFF allows remote attackers to cause a denial of service uninitialized memory access via a crafted TIFF image, as demonstrated by libtiff5.tif. CVE-2015-1547 Impact This vulnerability allows a remote attacker to cause a...
K05314769: BIG-IP Advanced WAF and ASM WebSocket vulnerability CVE-2021-23033
Security Advisory Description When a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. CVE-2021-23033 Impact Traffic is disrupted while the bd process restarts. This vulnerability allows a remote attacker to cause a denial-of-service DoS on the...
K95120415: NGINX Controller AVRD vulnerability CVE-2020-5895
Security Advisory Description AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault SIGSEGV by writing malformed messages to the...
K35065045: Linux kernel vulnerability CVE-2019-10124
Security Advisory Description REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. CVE-2019-10124 Impact There is no impact; F5 products are not affected by this...
K06014092: E2fsprogs vulnerabilities CVE-2019-5094 and CVE-2019-5188
Security Advisory Description CVE-2019-5094 An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to...
K31404801: F5 BIG-IP TMM vulnerability CVE-2017-6169
Security Advisory Description In versions 13.0.0, 12.0.0-12.1.3, or 11.6.0-11.6.2, an F5 BIG-IP virtual server using the URL categorization feature may cause the Traffic Management Microkernel TMM to produce a core file when it receives malformed URLs during categorization. CVE-2017-6169. Impact ...
K52420610: Advanced WAF and BIG-IP ASM TMUI vulnerability CVE-2021-23029
Security Advisory Description Insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery SSRF attacks through F5 Advanced Web Application Firewall WAF and the BIG-IP ASM Configuration utility. CVE-2021-23029 Impact An attacker with...
K94941221: TMM SCTP vulnerability CVE-2021-23045
Security Advisory Description When an SCTP profile with multiple paths is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2021-23045 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a remo...
K58192514: NSS vulnerability CVE-2017-7805
Security Advisory Description During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new...
K13275: PHP vulnerability CVE-2009-3293
Security Advisory Description Unspecified vulnerability in the imagecolortransparent function in PHP prior to version 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index." CVE-2009-3293 Impact None Security Advisory Status F5 Product Development...
K33151296: SNMP vulnerability CVE-2007-5846
Security Advisory Description The SNMP agent snmpagent.c in net-snmp before 5.4.1 allows remote attackers to cause a denial of service CPU and memory consumption via a GETBULK request with a large max-repeaters value. CVE-2007-5846 Impact An attacker may be able to cause a CPU and memory...
K26244025: BIG-IP HTTP compression profile vulnerability CVE-2020-5933
Security Advisory Description When a BIG-IP system that has a virtual server configured with an HTTP compression profile processes compressed HTTP message payloads that require deflation, a Slowloris-style attack can trigger an out-of-memory condition on the BIG-IP system. CVE-2020-5933 Impact Th...
K81192137: sosreport vulnerability CVE-2015-7529
Security Advisory Description sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date...
K63558580: BIG-IP crypto driver vulnerability CVE-2020-5872
Security Advisory Description When processing TLS traffic with hardware cryptographic acceleration enabled on platforms with Intel QAT hardware, the Traffic Management Microkernel TMM may stop responding and cause a failover event. CVE-2020-5872 Impact Hardware cryptographic acceleration fails an...
K23001529: SSL Intercept iApp and SSL Orchestrator Server-Side Request Forgery vulnerability CVE-2017-6130
Security Advisory Description F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery SSRF attack when deployed using the Dynamic Domain Bypass DDB feature feature plus SNAT Auto Map option for egress traffic. CVE-2017-6130 Impact A remote...
K11758085: OpenSSL vulnerability CVE-2016-6305
Security Advisory Description The ssl3readbytes function in record/reclayers3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service infinite loop by triggering a zero-length record in an SSLpeek call. CVE-2016-6305 Impact There is no impact; F5 products are not...
K13255123: glibc vulnerability CVE-2017-18269
Security Advisory Description An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library aka glibc or libc6 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of t...
K13351036: DPDK vulnerabilities CVE-2020-10722 and CVE-2020-10723
Security Advisory Description CVE-2020-10722 A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhostusersetlogbase could result in a smaller memory map than requested, possibly allowing memory corruption. CVE-2020-10723 A memory corruption issu...
K30314331: glibc vulnerability CVE-2017-15671
Security Advisory Description The glob function in glob.c in the GNU C Library aka glibc or libc6 before 2.27, when invoked with GLOBTILDE, could skip freeing allocated memory when processing the operator with a long user name, potentially leading to a denial of service memory leak. CVE-2017-1567...
K32702281: Oracle MySQL vulnerabilities CVE-2018-2782, CVE-2018-2784, CVE-2018-2786, and CVE-2018-2787
Security Advisory Description CVE-2018-2782 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via...
K16728: iCall privilege escalation vulnerability CVE-2015-3628
Security Advisory Description An authenticated user, with Resource Administrator role permissions, is able to use iCall scripts and associated handlers to create and modify user account properties. CVE-2015-3628 Impact An authenticated user with limited access Resource Administration may be able ...
K54130510: TMM DIAMETER vulnerability CVE-2018-5522
Security Advisory Description When processing DIAMETER transactions with carefully crafted attribute-value pairs, TMM may restart. CVE-2018-5522 Impact This vulnerability allows for a remote unauthorized disruption of service by way of an unspecified DIAMETER packet. Security Advisory Status F5...
K20902096: Linux kernel vulnerability CVE-2016-6786
Security Advisory Description kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 30955111. CVE-2016-6786 Impact This...
K46603852: Intel CPU vulnerability CVE-2017-5691
Security Advisory Description Incorrect check in Intel processors from 6th and 7th Generation Intel Core Processor Families, Intel Xeon E3-1500M v5 and v6 Product Families, and Intel Xeon E3-1200 v5 and v6 Product Families allows compromised system firmware to impact SGX security via incorrect...
K32049025: BIND vulnerability CVE-2016-6170
Security Advisory Description ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service secondary DNS server crash via a large AXFR response, and possibly allows IXFR servers to cause a denial of service IXFR client...
K13432: OpenSSL vulnerability CVE-2010-0433
Security Advisory Description In the ksslkeytabisavailable function in ssl/kssl.c in OpenSSL before 0.9.8n., when Kerberos is enabled, but Kerberos configuration files cannot be opened, the function does not check a certain return value, which allows remote attackers to cause a Denial of Service...
K56499646: Linux kernel vulnerability CVE-2021-3501
Security Advisory Description A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this...
K43121447: BIG-IP Client SSL vulnerability CVE-2018-5502
Security Advisory Description Attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate. This vulnerability affects virtual servers associated with Client SSL profile which enables the use of client certificate authentication. Client certificate...
K07721343: Linux kernel vulnerability CVE-2018-10901
Security Advisory Description A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the...
K41301038: QEMU vulnerability CVE-2020-25084
Security Advisory Description QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usbpacketmap return value is not checked. CVE-2020-25084 Impact A local attacker may cause a denial-of-service DoS or execute arbitrary code on platforms that support Virtual Clustered Multiprocessing...
K23372179: Linux kernel vulnerability CVE-2018-6412
Security Advisory Description In the function sbusfbioctlhelper in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAPSPARC and FBIOGETCMAPSPARC commands. CVE-2018-6412 Impact There is no impact; F5...
K80533167: BIND vulnerability CVE-2017-3135
Security Advisory Description Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 - 9.9.9-S7,...
K06554372: Linux kernel vulnerability CVE-2019-19059
Security Advisory Description Multiple memory leaks in the iwlpciectxtinfogen3init function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service memory consumption by triggering iwlpcieinitfwsec or...
K05087544: Linux kernel vulnerability CVE-2018-1000028
Security Advisory Description Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+ contains a Incorrect Access Control vulnerability in NFS server nfsd that can result in remote users reading or writing files they should not be able to via NFS. This attack appear...
K08476614: BIG-IP Client SSL profile vulnerability CVE-2022-23015
Security Advisory Description When a Client SSL profile is configured on a virtual server with Client Certificate Authentication set to request/require and Session Ticket enabled and configured, processing SSL traffic can cause an increase in memory resource utilization. CVE-2022-23015 Impact...
K87895241: Apache Tomcat vulnerability CVE-2021-30639
Security Advisory Description A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between...
K24923910: LibTIFF vulnerability CVE-2016-3632
Security Advisory Description The TIFFVGetField function in tifdirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service out-of-bounds write or execute arbitrary code via a crafted TIFF image. CVE-2016-3632 Impact An attacker can use specially-crafted TIFF files ...
K23412152: libidn vulnerability CVE-2016-6261
Security Advisory Description The idnatoascii4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service out-of-bounds read and crash via 64 bytes of input. CVE-2016-6261 Impact This vulnerability may allow attackers to cause a denial of service...
K07112184: HHVM vulnerability CVE-2016-1000109
Security Advisory Description HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI...
K60130614: Linux kernel vulnerability CVE-2019-19069
Security Advisory Description A memory leak in the fastrpcdmabufattach function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service memory consumption by triggering dmagetsgtable failures, aka CID-fc739a058d99. CVE-2019-19069 Impact An attacker...
K45062506: Siemens Ethernet card DoS vulnerabilities CVE-2018-11451 and CVE-2018-11452
Security Advisory Description CVE-2018-11451 A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module All versions V4.33, Firmware variant PROFINET IO for EN100 Ethernet module All versions, Firmware variant Modbus TCP for EN100 Ethernet module All versions,...
K13523672: Linux kernel vulnerability CVE-2019-12454
Security Advisory Description DISPUTED An issue was discovered in wcd9335codecenabledec in sound/soc/codecs/wcd9335.c in the Linux kernel through 5.1.5. It uses kstrndup instead of kmemdupnul, which allows attackers to have an unspecified impact via unknown vectors. NOTE: The vendor disputes this...
K19634255: TMM vulnerability CVE-2018-5535
Security Advisory Description On F5 BIG-IP, specifically crafted HTTP responses, when processed by a Virtual Server with an associated QoE profile that has Video enabled, may cause TMM to incorrectly buffer response data causing the TMM to restart resulting in a Denial of Service. CVE-2018-5535...
K17321122: Nss compat ossl vulnerability CVE-2015-3278
Security Advisory Description The cipherstring parsing code in nsscompatossl while in multi-keyword mode does not match the expected set of ciphers for a given cipher combination, which allows attackers to have unspecified impact via unknown vectors. CVE-2015-3278 Impact There is no impact; F5...
K73337338: Linux kernel vulnerability CVE-2017-16648
Security Advisory Description The dvbfrontendfree function in drivers/media/dvb-core/dvbfrontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service use-after-free and system crash or possibly have unspecified other impact via a crafted USB device. NOTE: the...
K64552448: SSL forward proxy vulnerability CVE-2018-5534
Security Advisory Description Under certain conditions on F5 BIG-IP 13.1.0-13.1.0.5, 13.0.0, 12.1.0-12.1.3.1, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic. CVE-2018-5534 Impact This vulnerability may allow a remote attacker to cause the Traffic...
K33846344: Cloud-init vulnerabilities CVE-2020-8631 and CVE-2020-8632
Security Advisory Description CVE-2020-8631 cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because randstr in cloudinit/util.py calls the random.choice function. CVE-2020-8632 In cloud-init through 19.4,...