6392 matches found
K14712: The BIG-IP APM access policy logout page may be vulnerable to XSS cookie tampering CVE-2013-5976
Security Advisory Description Description The BIG-IP APM access policy logout page may be vulnerable to cross-site scripting XSS. Impact XSS protection in the BIG-IP APM access policy logout page may be insufficient. Security Advisory Status F5 Product Development tracked this vulnerability as ID...
K59145983: Intel CSME and SPS vulnerability CVE-2019-0090
Security Advisory Description Insufficient access control vulnerability in subsystem for IntelR CSME before version 12.0.35, IntelR SPS before version SPSE305.00.04.027.0 may allow unauthenticated user to potentially enable escalation of privilege via physical access. CVE-2019-0090 Impact Traffix...
K40625021: BIG-IP APM portal access vulnerability CVE-2018-15310
Security Advisory Description A vulnerability in BIG-IP APM portal access discloses the BIG-IP software version in rewritten pages. CVE-2018-15310 Impact The BIG-IP version may be exposed to users with valid BIG-IP APM portal access sessions. Security Advisory Status F5 Product Development has...
K05052081: NodeJS vulnerability CVE-2015-8854
Security Advisory Description The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service CPU consumption via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," aka a "regular expression denial of service ReDoS." CVE-2015-885...
K16352404: BIG-IQ DCD vulnerability CVE-2021-22996
Security Advisory Description When set up for auto failover, a BIG-IQ Data Collection Device DCD cluster member that receives an undisclosed message may cause the corosync process to abort. This behavior may lead to a denial-of-service DoS and impact the stability of a BIG-IQ high availability HA...
K15310332: BIG-IP APM open redirect vulnerability CVE-2020-27729
Security Advisory Description An undisclosed link on the BIG-IP APM virtual server allows a malicious user to build an open redirect URI. CVE-2020-27729 Impact An attacker can create a URL with a specially crafted value and trick BIG-IP APM users into visiting the link. Victims may be redirected ...
K77215791: Linux kernel vulnerability CVE-2017-7277
Security Advisory Description The TCP stack in the Linux kernel through 4.10.6 mishandles the SCMTIMESTAMPINGOPTSTATS feature, which allows local users to obtain sensitive information from the kernels internal socket data structures or cause a denial of service out-of-bounds read via crafted syst...
K02138183: BIND vulnerability CVE-2016-9147
Security Advisory Description named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service assertion failure and daemon exit via a response containing an inconsistency among the DNSSEC-related RRsets. CVE-2016-9147 Impact When the BIND...
K16781: Linux kernel vulnerability CVE-2014-3535
Security Advisory Description Description include/linux/netdevice.h in the Linux kernel before 2.6.36 incorrectly uses macros for netdevprintk and its related logging implementation, which allows remote attackers to cause a denial of service NULL pointer dereference and system crash by sending...
K15939: pl_tree.php XSS vulnerability CVE-2014-9342
Security Advisory Description Cross-site scripting XSS vulnerability in the tree view pltree.php feature in Application Security Manager ASM in F5 BIG-IP 11.3.0 allows remote attackers to inject arbitrary web script or HTML by accessing a crafted URL during automatic policy generation...
K15931: Unbound vulnerability CVE-2014-8602
Security Advisory Description iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service memory and CPU consumption via a large or infinite number of referrals. CVE-2014-8602 Impact An attacker with a properly...
K45611803: TMM vulnerability CVE-2018-5530
Security Advisory Description F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.1 virtual servers with HTTP/2 profiles enabled are vulnerable to "HPACK Bomb". CVE-2018-5530 Impact HPACK bombs are designed to consume an abnormal amount of memory resources on a target system, which can...
K77508618: Multiple Oracle MySQL vulnerabilities
Security Advisory Description CVE-2016-0502 Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. CVE-2016-0505 Unspecified vulnerability in Oracle MySQL 5.5.46 and...
K17563: Apache Struts vulnerability CVE-2015-2992
Security Advisory Description Arbitrary script can be executed when JSP files are exposed to be accessed directly. Affected versions are Struts 2.0.0 - 2.3.16.3. CVE-2015-2992 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...
K8920: Linux kernel vulnerability CVE-2007-2876
Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...
K06223540: F5 TCP vulnerability CVE-2015-8240
Security Advisory Description The Traffic Management Microkernel TMM in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and BIG-IP PEM before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.0 HF6 and BIG-IP PSM before 11.4.1 HF10 does not properly handle TCP options,...
K14154: SQL injection vulnerability from an authenticated source CVE-2012-3000
Security Advisory Description An SQL injection vulnerability exists in a BIG-IP component. This local vulnerability may allow an authenticated attacker to download arbitrary files from the file system. Impact An attacker may be able to exploit the vulnerability and retrieve arbitrary files or...
K15928: Network Time Protocol vulnerability CVE-2009-1252
Security Advisory Description Stack-based buffer overflow in the cryptorecv function in ntpcrypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field...
K5794: Security Advisory: Perl integer sign error in format string processing - CVE-2005-3962
Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about F5 Networks' security policy regarding evaluating older and unsupported versions of F5 Networks products, refer to K4602:...
K15343: OpenSSL vulnerability CVE-2014-0221
Security Advisory Description The dtls1getmessagefragment function in d1both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service recursion and client crash via a DTLS hello message in an invalid DTLS handshake. CVE-2014-02...
K17057: QEMU vulnerabilities CVE-2015-3214, CVE-2015-5154, and CVE-2015-5158
Security Advisory Description CVE-2015-3214 An out-of-bounds memory access flaw, leading to memory corruption or possibly an information leak, was found in QEMU's pitioportread function. A privileged guest user in a QEMU guest, which had QEMU PIT emulation enabled, could potentially, in rare case...
K15642: Samba vulnerability CVE-2013-4476
Security Advisory Description Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local...
K15461: OpenSSL vulnerability CVE-2011-4619
Security Advisory Description The Server Gated Cryptography SGC implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service CPU consumption via unspecified vectors. CVE-2011-4619 Impact This...
K15160: GnuTLS vulnerability CVE-2014-0092
Security Advisory Description lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. CVE-2014-0092 Impact...
K05295501: libssh vulnerability CVE-2020-1730
Security Advisory Description A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR or DES ciphers if enabled ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when...
K17444: libXfont vulnerabilities CVE-2015-1802, CVE-2015-1803, and CVE-2015-1804
Security Advisory Description CVE-2015-1802 The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service out-of-bounds write and crash or possibly execute arbitrary code via a 1 negative or ...
K89941125: mod_auth_openidc vulnerability CVE-2021-20718
Security Advisory Description modauthopenidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service DoS condition via unspecified vectors. CVE-2021-20718 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development ha...
K15300: Apache HTTP Server mod_dav DoS vulnerability CVE-2013-6438
Security Advisory Description The davxmlgetcdata function in main/util.c in the moddav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service daemon crash via a crafted DAV WRITE...
K23520761: BIG-IP ASM and BIG-IP AFM/BIG-IP Analytics vulnerability CVE-2018-5505
Security Advisory Description On F5 BIG-IP 13.1.0 - 13.1.0.3, when ASM and one or more of these modules AFM/AVR are provisioned, the Traffic Management Microkernel TMM may restart while processing DNS requests when the virtual server is configured with a DNS profile and the Protocol setting is se...
K36361684: Apache Thrift vulnerability CVE-2018-1320
Security Advisory Description Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled i...
K09092524: Binutils vulnerability CVE-2019-9074
Security Advisory Description An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfdgetl32 in libbfd.c, when called from pex64getruntimefunction in pei-x8664.c. CVE-2019-9074 Impact...
K02884135: Binutils vulnerability CVE-2019-9071
Security Advisory Description An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in dcounttemplatesscopes in cp-demangle.c after many recursive calls. CVE-2019-9071 Impact There is no impact; F5 products are not affected by this...
K42142782: Linux kernel vulnerability CVE-2017-15121
Security Advisory Description A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary. CVE-2017-15121 Impact An attacker can exploit this vulnerability to cause a denial of...
K10751325: TMM vulnerability CVE-2021-23011
Security Advisory Description When the BIG-IP system is buffering packet fragments for reassembly, the Traffic Management Microkernel TMM may consume an excessive amount of resources, eventually leading to a restart and failover event. CVE-2021-23011 Impact BIG-IP The Traffic Management Microkern...
K31424926: BIG-IP APM XSS vulnerability CVE-2019-6595
Security Advisory Description Cross-site scripting XSS vulnerability in F5 BIG-IP Access Policy Manager APM 11.5.x and 11.6.x Admin Web UI. CVE-2019-6595 Impact A remote attacker may be able to access the BIG-IP APM logon page and inject arbitrary web script or HTML to launch a cross-site scripti...
K61002104: BIG-IP AFM and PEM TMUI XSS vulnerability CVE-2019-6639
Security Advisory Description Undisclosed TMUI pages for AFM and PEM Subscriber management are vulnerable to a stored cross-site scripting XSS issue. This is a control plane issue only and is not accessible from the data plane. The attack requires a malicious resource administrator to store the...
K11464209: IP Intelligence Feed List vulnerability CVE-2017-6143
Security Advisory Description X509 certificate verification was not correctly implemented in the IP Intelligence Subscription and IP Intelligence feed-list features, and thus the remote server’s identity is not properly validated in certain versions of BIG-IP. CVE-2017-6143 Impact Affected BIG-IP...
K21042153: XSS vulnerability in undisclosed TMUI page CVE-2018-15313
Security Advisory Description A reflected Cross-Site Scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the current logged-in user. CVE-2018-15313 Impact BIG-IP A remote unauthenticated...
K19361245: BIG-IP TMM vulnerability CVE-2017-6158
Security Advisory Description The Traffic Management Microkernel TMM has a vulnerability related to the handling of invalid IP addresses. CVE-2017-6158 This issue is exposed only when all of the following conditions are met: You have disabled the Auto Last Hop setting at the Virtual Server, VLAN,...
K06014092: E2fsprogs vulnerabilities CVE-2019-5094 and CVE-2019-5188
Security Advisory Description CVE-2019-5094 An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to...
K17663061: BIG-IP SSL state mirroring vulnerability CVE-2020-5885
Security Advisory Description BIG-IP systems set up for connection mirroring in a high availability HA pair transfer sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring...
K65720640: BIG-IP SSL state mirroring vulnerability CVE-2020-5886
Security Advisory Description BIG-IP systems setup for connection mirroring in a High Availability HA pair transfers sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring...
K65615624: BIG-IP FastL4 TMM vulnerability CVE-2017-6166
Security Advisory Description In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel TMM may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server...
K71265658: Intel CSME vulnerability CVE-2019-0153
Security Advisory Description Buffer overflow in subsystem in IntelR CSME 12.0.0 through 12.0.34 may allow an unauthenticated user to potentially enable escalation of privilege via network access. CVE-2019-0153 Impact An attacker can exploit this vulnerability with Converged Security and Manageme...
K13275: PHP vulnerability CVE-2009-3293
Security Advisory Description Unspecified vulnerability in the imagecolortransparent function in PHP prior to version 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index." CVE-2009-3293 Impact None Security Advisory Status F5 Product Development...
K58192514: NSS vulnerability CVE-2017-7805
Security Advisory Description During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new...
K04572666: systemd vulnerability CVE-2020-13776
Security Advisory Description systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete...
K32157421: MySQL vulnerability CVE-2016-3495
Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. CVE-2016-3495 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Stat...
K54358225: BIG-IP APM Portal Access vulnerability CVE-2017-0301
Security Advisory Description In F5 BIG-IP APM software versions 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 and 12.1.2 BIG-IP APM portal access requests do not return the intended resources in some cases. This may allow access to internal BIG-IP APM resources,...
K63163637: BIG-IP TMUI vulnerability CVE-2021-23043
Security Advisory Description A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to access arbitrary files. CVE-2021-23043 Impact An authenticated attacker may exploit this vulnerability by sending a crafted request to the...