6294 matches found
K17443: Perl vulnerability CVE-2007-5116
Security Advisory Description Buffer overflow in the polymorphic opcode support in the Regular Expression Engine regcomp.c in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode UTF characters in a regular expression. CVE-2007-5116 Impact There...
K15553: Kerberos vulnerability CVE-2014-4343
Security Advisory Description Double free vulnerability in the initctxreselect function in the SPNEGO initiator in lib/gssapi/spnego/spnegomech.c in MIT Kerberos 5 aka krb5 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service memory corruption or possibly execu...
K56237129: Linux kernel vulnerability in non-GENERIC_TIME systems CVE-2010-2243
Security Advisory Description A vulnerability exists in kernel/time/clocksource.c in the Linux kernel before 2.6.34 where on non-GENERICTIME systems GENERICTIME=n, accessing /sys/devices/system/clocksource/clocksource0/currentclocksource results in an OOPS. CVE-2010-2243 Impact There is no impact...
K3015: FIPS hardware vulnerability - nCipher Advisory #9 - CAN-2004-0320
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K59957337: ASM Cloud Security Services authentication vulnerability CVE-2019-6687
Security Advisory Description The BIG-IP ASM Cloud Security Services profile uses a built-in verification mechanism that fails to properly authenticate the X.509 certificate of remote endpoints. CVE-2019-6687 Impact This vulnerability may allow man-in-the-middle attackers to intercept traffic...
K17563: Apache Struts vulnerability CVE-2015-2992
Security Advisory Description Arbitrary script can be executed when JSP files are exposed to be accessed directly. Affected versions are Struts 2.0.0 - 2.3.16.3. CVE-2015-2992 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...
K24444495: Linux kernel vulnerability CVE-2016-10764
Security Advisory Description In the Linux kernel before 4.9.6, there is an off by one in the drivers/mtd/spi-nor/cadence-quadspi.c cqspisetupflash function. There are CQSPIMAXCHIPSELECT elements in the -fpdata array so the "" should be "=" instead. CVE-2016-10764 Impact There is no impact; F5...
K15343: OpenSSL vulnerability CVE-2014-0221
Security Advisory Description The dtls1getmessagefragment function in d1both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service recursion and client crash via a DTLS hello message in an invalid DTLS handshake. CVE-2014-02...
K15160: GnuTLS vulnerability CVE-2014-0092
Security Advisory Description lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. CVE-2014-0092 Impact...
K11503: BIND 9 vulnerability CVE-2009-0265
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about F5's security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...
K70204455: Multiple MySQL vulnerabilities
Security Advisory Description CVE-2016-0640 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect integrity and availability via vectors related to DML. CVE-2016-0642 Unspecified vulnerability in Oracle MySQL 5.5.48 a...
K89941125: mod_auth_openidc vulnerability CVE-2021-20718
Security Advisory Description modauthopenidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service DoS condition via unspecified vectors. CVE-2021-20718 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development ha...
K15300: Apache HTTP Server mod_dav DoS vulnerability CVE-2013-6438
Security Advisory Description The davxmlgetcdata function in main/util.c in the moddav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service daemon crash via a crafted DAV WRITE...
K30150004: The attack signature check may fail to detect and block malicious requests
Security Advisory Description The web application firewall attack signature check may fail to detect and block malicious request containing certain decimal-coded characters. This issue occurs when all of the following conditions are met: You are using one of the following web application firewall...
K15722: OpenSSL DTLS SRTP Memory Leak CVE-2014-3513
Security Advisory Description A flaw in the DTLS SRTP extension parsing code allows an attacker, who ends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. This could be exploited in a Denial of Service attack. This issue affects...
K16827: Apache Struts vulnerability CVE-2015-1831
Security Advisory Description Description Incorrect default exclude patterns were introduced in version 2.3.20 of Struts, if default settings are used, the attacker can compromise internal application's state. CVE-2015-1831 Impact There is no impact; F5 products are not affected by this...
K25719440: D-Bus vulnerability CVE-2019-12749
Security Advisory Description dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 and in some, less common, uses of dbus-daemon, allows cookie spoofing because of symlink mishandling in the reference implementation of...
K10631282: Flip Feng Shui (FFS) vulnerability
Security Advisory Description Flip Feng Shui FFS a new exploitation vector that allows an attacker to induce bit flips over arbitrary physical memory in a fully controlled way. FFS relies on the following underlying primitives: The ability to induce bit flips in controlled but not predetermined...
K21536299: Apache Fineract vulnerabilities CVE-2018-1289, CVE-2018-1290, and CVE-2018-1292
Security Advisory Description CVE-2018-1289 In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, the system exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' and 'sortOrder' which are appended directly with SQL...
K42142782: Linux kernel vulnerability CVE-2017-15121
Security Advisory Description A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary. CVE-2017-15121 Impact An attacker can exploit this vulnerability to cause a denial of...
K07082049: NTP vulnerability CVE-2017-6462
Security Advisory Description Buffer overflow in the legacy Datum Programmable Time Server DPTS refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device. CVE-2017-6462 Impact This vulnerability allows local users ...
K43815022: BIG-IP crypto driver vulnerability CVE-2020-5882
Security Advisory Description Under certain conditions, the Intel QuickAssist Technology QAT cryptography driver may produce a Traffic Management Microkernel TMM core file. CVE-2020-5882 Impact The BIG-IP system temporarily fails to process traffic as it recovers from TMM restarting, and systems...
K31424926: BIG-IP APM XSS vulnerability CVE-2019-6595
Security Advisory Description Cross-site scripting XSS vulnerability in F5 BIG-IP Access Policy Manager APM 11.5.x and 11.6.x Admin Web UI. CVE-2019-6595 Impact A remote attacker may be able to access the BIG-IP APM logon page and inject arbitrary web script or HTML to launch a cross-site scripti...
K35750231: TMM vulnerability CVE-2020-5878
Security Advisory Description Traffic Management Microkernel TMM may restart on BIG-IP Virtual Edition VE while processing unusual IP traffic. CVE-2020-5878 Impact The BIG-IP VE system may temporarily fail to process traffic as it recovers from a TMM restart. If the BIG-IP VE system is configured...
K11464209: IP Intelligence Feed List vulnerability CVE-2017-6143
Security Advisory Description X509 certificate verification was not correctly implemented in the IP Intelligence Subscription and IP Intelligence feed-list features, and thus the remote server’s identity is not properly validated in certain versions of BIG-IP. CVE-2017-6143 Impact Affected BIG-IP...
K16342: GNU C Library (glibc) vulnerability CVE-2012-6656
Security Advisory Description iconvdata/ibm930.c in GNU C Library aka glibc before 2.16 allows context-dependent attackers to cause a denial of service out-of-bounds read via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8. CVE-2012-6656...
K06014092: E2fsprogs vulnerabilities CVE-2019-5094 and CVE-2019-5188
Security Advisory Description CVE-2019-5094 An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to...
K93174402: Apache Struts 2 vulnerability CVE-2016-3090
Security Advisory Description The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling. CVE-2016-3090 Impact There is no impact; F5 products are not affected by this...
K65720640: BIG-IP SSL state mirroring vulnerability CVE-2020-5886
Security Advisory Description BIG-IP systems setup for connection mirroring in a High Availability HA pair transfers sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring...
K65615624: BIG-IP FastL4 TMM vulnerability CVE-2017-6166
Security Advisory Description In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel TMM may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server...
K24084759: Linux kernel vulnerability CVE-2018-9517
Security Advisory Description In pppol2tpconnect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel...
K04572666: systemd vulnerability CVE-2020-13776
Security Advisory Description systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete...
K54358225: BIG-IP APM Portal Access vulnerability CVE-2017-0301
Security Advisory Description In F5 BIG-IP APM software versions 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 and 12.1.2 BIG-IP APM portal access requests do not return the intended resources in some cases. This may allow access to internal BIG-IP APM resources,...
K92307453: MySQL Server Replication vulnerabilities CVE-2017-3647 and CVE-2017-3649
Security Advisory Description CVE-2017-3647 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Replication. Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with...
K51182024: libxml2 2.7.8 vulnerability CVE-2010-4494
Security Advisory Description Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling...
K27992001: MySQL vulnerabilities CVE-2018-2805, CVE-2018-2810, CVE-2018-2812, CVE-2018-2813, and CVE-2018-2816
Security Advisory Description CVE-2018-2805 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: GIS Extension. Supported versions that are affected are 5.6.39 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocol...
K16471: Linux kernel vulnerability CVE-2010-0415
Security Advisory Description The dopagesmove function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service OOPS, and possibly have unspecified other impact by specifying ...
K64343470: Linux kernel vulnerability CVE-2017-6874
Security Advisory Description Race condition in kernel/ucount.c in the Linux kernel through 4.10.2 allows local users to cause a denial of service use-after-free and system crash or possibly have unspecified other impact via crafted system calls that leverage certain decrement behavior that cause...
K28312671: MySQL vulnerabilities CVE-2019-2683, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, and CVE-2019-2688
Security Advisory Description CVE-2019-2683 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Options. Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker...
K51743312: NTP vulnerability CVE-2018-7183
Security Advisory Description Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array. CVE-2018-7183 Impact There is no impact; F5 products are not...
K12044607: TMM vulnerability CVE-2017-6132
Security Advisory Description In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners...
K44200194: DNS TCP virtual server vulnerability CVE-2018-5501
Security Advisory Description In some circumstances TCP DNS profile allows excessive buffering due to lack of flow control. CVE-2018-5501 Impact The affected BIG-IP system may experience performance degradation or denial-of-service DoS in the worst-case scenario when the vulnerability is exploite...
K33211839: TMM vulnerability CVE-2018-5500
Security Advisory Description Every Multipath TCP MCTCP connection established leaks a small amount of memory. Virtual server using TCP profile with Multipath TCP MCTCP feature enabled will be affected by this issue. CVE-2018-5500 Impact Over a period of time, the memory leak may lead to memory...
K14342624: MySQL vulnerability CVE-2016-5633
Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-2016-8290. CVE-2016-5633 Impact There is no impact; F5 products are...
K44553214: Web application firewall vulnerability CVE-2021-23050
Security Advisory Description When a cross-site request forgery CSRF-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to terminate. CVE-2021-23050 Impact Traffic is disrupted until the bd process restarts. This vulnerability allows a remote...
K90305959: Intel processor diagnostic tool vulnerability CVE-2019-11133
Security Advisory Description Improper access control in the IntelR Processor Diagnostic Tool before version 4.1.2.24 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access. CVE-2019-11133 Impact There is no...
K00721320: BIG-IP AFM NAT64 policy vulnerability CVE-2022-41806
Security Advisory Description When a BIG-IP AFM Network Address Translation policy with IPv6/IPv4 translation rules is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. CVE-2022-41806 Impact System performance can degrade until the TMM...
K44472013: MySQL Server Optimizer vulnerability CVE-2022-21440
Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromis...
K26455071: BIG-IP HSB vulnerability CVE-2019-6604
Security Advisory Description Under certain conditions, hardware systems with a High-Speed Bridge HSB using non-default Layer 2 forwarding configurations may experience a lockup of the HSB. CVE-2019-6604 This vulnerability occurs when all of the following conditions are met: A VLAN group is...
K61757346: BIG-IP Azure cloud vulnerability CVE-2017-6131
Security Advisory Description In some circumstances, a BIG-IP Azure cloud instance may contain a default administrative password which can be used to remotely log in to the BIG-IP system. The affected administrative account is the Azure instance administrative user created at deployment. The root...