6392 matches found
K04154823: Oracle Java SE vulnerability CVE-2019-2426
Security Advisory Description Vulnerability in the Java SE component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network acce...
K02951273: NTP vulnerability CVE-2017-6463
Security Advisory Description NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service daemon crash via an invalid setting in a :config directive, related to the unpeer option. CVE-2017-6463 Impact A remote, authenticated attacker may exploit this...
K54308152: cURL vulnerability CVE-2021-22923
Security Advisory Description When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download...
K17443: Perl vulnerability CVE-2007-5116
Security Advisory Description Buffer overflow in the polymorphic opcode support in the Regular Expression Engine regcomp.c in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode UTF characters in a regular expression. CVE-2007-5116 Impact There...
K15553: Kerberos vulnerability CVE-2014-4343
Security Advisory Description Double free vulnerability in the initctxreselect function in the SPNEGO initiator in lib/gssapi/spnego/spnegomech.c in MIT Kerberos 5 aka krb5 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service memory corruption or possibly execu...
K56237129: Linux kernel vulnerability in non-GENERIC_TIME systems CVE-2010-2243
Security Advisory Description A vulnerability exists in kernel/time/clocksource.c in the Linux kernel before 2.6.34 where on non-GENERICTIME systems GENERICTIME=n, accessing /sys/devices/system/clocksource/clocksource0/currentclocksource results in an OOPS. CVE-2010-2243 Impact There is no impact...
K3015: FIPS hardware vulnerability - nCipher Advisory #9 - CAN-2004-0320
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K59957337: ASM Cloud Security Services authentication vulnerability CVE-2019-6687
Security Advisory Description The BIG-IP ASM Cloud Security Services profile uses a built-in verification mechanism that fails to properly authenticate the X.509 certificate of remote endpoints. CVE-2019-6687 Impact This vulnerability may allow man-in-the-middle attackers to intercept traffic...
K1877: OpenSSH Remote Challenge Vulnerability - CAN-2001-1279
Security Advisory Description Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...
K15180: OpenSSL vulnerability CVE-2013-4353
Security Advisory Description The ssl3takemac function in ssl/s3both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service NULL pointer dereference and application crash via a crafted Next Protocol Negotiation record in a TLS handshake. CVE-2013-4353 Impact Remot...
K15405: OpenSSL 0.9.8l vulnerability CVE-2009-4355
Security Advisory Description Memory leak in the zlibstatefulfinish function in crypto/comp/czlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service memory consumption via vectors that trigger incorrect calls to the...
K11503: BIND 9 vulnerability CVE-2009-0265
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about F5's security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...
K41107914: iControl REST vulnerability CVE-2016-9251
Security Advisory Description In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection. CVE-2016-9251 Impact An authenticated attacker may be able to cause an escalation of privileges through a crafte...
K70204455: Multiple MySQL vulnerabilities
Security Advisory Description CVE-2016-0640 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect integrity and availability via vectors related to DML. CVE-2016-0642 Unspecified vulnerability in Oracle MySQL 5.5.48 a...
K2104: Buffer read overflow in DNS resolver libraries - CAN-2002-1146
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K15722: OpenSSL DTLS SRTP Memory Leak CVE-2014-3513
Security Advisory Description A flaw in the DTLS SRTP extension parsing code allows an attacker, who ends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. This could be exploited in a Denial of Service attack. This issue affects...
K17524: NTP vulnerability CVE-2015-7854
Security Advisory Description Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service daemon crash or possibly execute arbitrary code via a crafted key file. CVE-2015-7854 Impact...
K16827: Apache Struts vulnerability CVE-2015-1831
Security Advisory Description Description Incorrect default exclude patterns were introduced in version 2.3.20 of Struts, if default settings are used, the attacker can compromise internal application's state. CVE-2015-1831 Impact There is no impact; F5 products are not affected by this...
K15348: OpenSSL DTLS Buffer vulnerability CVE-2009-1387
Security Advisory Description The dtls1retrievebufferedfragment function in ssl/d1both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via an out-of-sequence DTLS handshake message, related to a "fragment bug."...
K25719440: D-Bus vulnerability CVE-2019-12749
Security Advisory Description dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 and in some, less common, uses of dbus-daemon, allows cookie spoofing because of symlink mishandling in the reference implementation of...
K15480: PHP vulnerability CVE-2012-2688
Security Advisory Description Description Unspecified vulnerability in the phpstreamscandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow." CVE-2012-2688 Impact None. F5 products are not...
K10631282: Flip Feng Shui (FFS) vulnerability
Security Advisory Description Flip Feng Shui FFS a new exploitation vector that allows an attacker to induce bit flips over arbitrary physical memory in a fully controlled way. FFS relies on the following underlying primitives: The ability to induce bit flips in controlled but not predetermined...
K64124988: TMM IPv6 stack vulnerability CVE-2022-29479
Security Advisory Description When an IPv6 self IP address is configured and the ipv6.strictcompliance database key is enabled disabled by default on a BIG-IP system, undisclosed packets may cause decreased performance.CVE-2022-29479 Impact This vulnerability allows an unauthenticated attacker to...
K49436091: MySQL vulnerabilities CVE-2018-2668, CVE-2018-2696, and CVE-2018-2703
Security Advisory Description CVE-2018-2668 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacke...
K26430555: MySQL vulnerability CVE-2016-5625
Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Packaging. CVE-2016-5625 Impact There is no impact; F5 products are not affected by this vulnerabilit...
K44873550: Apache Storm vulnerability CVE-2021-38294
Security Advisory Description A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution RCE prior to authentication...
K43815022: BIG-IP crypto driver vulnerability CVE-2020-5882
Security Advisory Description Under certain conditions, the Intel QuickAssist Technology QAT cryptography driver may produce a Traffic Management Microkernel TMM core file. CVE-2020-5882 Impact The BIG-IP system temporarily fails to process traffic as it recovers from TMM restarting, and systems...
K45432295: BIG-IP APM logging disclosure vulnerability CVE-2017-6139
Security Advisory Description Under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk. CVE-2017-6139 Impact A vulnerable BIG-IP APM system may...
K16342: GNU C Library (glibc) vulnerability CVE-2012-6656
Security Advisory Description iconvdata/ibm930.c in GNU C Library aka glibc before 2.16 allows context-dependent attackers to cause a denial of service out-of-bounds read via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8. CVE-2012-6656...
K65355492: Apache vulnerability CVE-2018-5506
Security Advisory Description Apache modules apacheauthtokenmod and modauthf5authtoken.cpp allow possible unauthenticated bruteforce on the emserverip authorization parameter to obtain which SSL client certificates used for mutual authentication between BIG-IQ or Enterprise Manager EM and managed...
K93174402: Apache Struts 2 vulnerability CVE-2016-3090
Security Advisory Description The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling. CVE-2016-3090 Impact There is no impact; F5 products are not affected by this...
K75432956: BIG-IP ASM vulnerability CVE-2018-5539
Security Advisory Description Under certain conditions, on F5 BIG-IP ASM 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, 11.5.1-11.5.6, or 11.2.1, when processing CSRF protections, the BIG-IP ASM bd process may restart and produce a core file. CVE-2018-5539 Impact BIG-IP The affected BIG-IP AS...
K67317871: Python Pillow vulnerability CVE 2016-4009
Security Advisory Description Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow. CVE-2016-4009 Impact There ...
K05122252: Bash vulnerability CVE-2012-6711
Security Advisory Description A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LCCTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the...
K24084759: Linux kernel vulnerability CVE-2018-9517
Security Advisory Description In pppol2tpconnect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel...
K45143221: BIG-IP AVRD vulnerability CVE-2020-27728
Security Advisory Description Under certain conditions, Analytics, Visibility, and Reporting daemon AVRD may generate a core file and restart on the BIG-IP system when processing requests sent from mobile devices. CVE-2020-27728 Impact This may allow an attacker to initiate a denial-of-service Do...
K26351280: HTTP proxy client implementations vulnerability VU#905344
Security Advisory Description HTTP CONNECT requests and 407 Proxy Authentication Required messages are not integrity protected and are susceptible to man-in-the-middle attacks. WebKit-based applications are additionally vulnerable to arbitrary HTML markup and JavaScript execution in the context o...
K92307453: MySQL Server Replication vulnerabilities CVE-2017-3647 and CVE-2017-3649
Security Advisory Description CVE-2017-3647 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Replication. Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with...
K18535734: BIG-IP Secure Vault vulnerability CVE-2019-6609
Security Advisory Description This vulnerability impacts only the iSeries platforms. On these platforms, the secureKeyCapable attribute is not set, which causes the Secure Vault feature to not use F5 hardware support to store the unit key. Instead, the unit key is stored in plaintext on disk, as ...
K85113405: Adobe Flash Player vulnerability CVE-2020-9746
Security Advisory Description Adobe Flash Player version 32.0.0.433 and earlier are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. Exploitation of this issue requires an attacker to insert malicious strings in an HTTP...
K27992001: MySQL vulnerabilities CVE-2018-2805, CVE-2018-2810, CVE-2018-2812, CVE-2018-2813, and CVE-2018-2816
Security Advisory Description CVE-2018-2805 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: GIS Extension. Supported versions that are affected are 5.6.39 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocol...
K16471: Linux kernel vulnerability CVE-2010-0415
Security Advisory Description The dopagesmove function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service OOPS, and possibly have unspecified other impact by specifying ...
K28312671: MySQL vulnerabilities CVE-2019-2683, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, and CVE-2019-2688
Security Advisory Description CVE-2019-2683 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Options. Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker...
K51743312: NTP vulnerability CVE-2018-7183
Security Advisory Description Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array. CVE-2018-7183 Impact There is no impact; F5 products are not...
K44691188: Intel TXE / SPS vulnerabilities CVE-2020-0566, CVE-2020-0586
Security Advisory Description CVE-2020-0566 Improper Access Control in subsystem for IntelR TXE versions before 3.175 and 4.0.25 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. CVE-2020-0586 Improper initialization in subsystem for IntelR SPS...
K12044607: TMM vulnerability CVE-2017-6132
Security Advisory Description In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners...
K85585101: Intel UEFI vulnerability CVE-2019-0119
Security Advisory Description Buffer overflow vulnerability in system firmware for IntelR XeonR Processor D Family, IntelR XeonR Scalable Processor, IntelR Server Board, IntelR Server System and IntelR Compute Module may allow a privileged user to potentially enable escalation of privilege and/or...
K44200194: DNS TCP virtual server vulnerability CVE-2018-5501
Security Advisory Description In some circumstances TCP DNS profile allows excessive buffering due to lack of flow control. CVE-2018-5501 Impact The affected BIG-IP system may experience performance degradation or denial-of-service DoS in the worst-case scenario when the vulnerability is exploite...
K47592780: BIG-IQ vulnerability CVE-2022-23009
Security Advisory Description An authenticated administrative role user on a BIG-IQ managed BIG-IP device can access other BIG-IP devices managed by the same BIG-IQ system. CVE-2022-23009 Impact An authenticated administrative role attacker can potentially gain access to all BIG-IP devices manage...
K44462254: Reflected Cross-Site Scripting (XSS) vulnerability CVE-2018-15312
Security Advisory Description A reflected Cross-Site Scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the current logged-in user. CVE-2018-15312 Impact A remote unauthenticated attacker...