K000140975: OpenSSH vulnerability CVE-2024-6409

Security Advisory Description A race condition vulnerability was discovered in how signals are handled by OpenSSH's server sshd. If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various...

K000140901: glibc vulnerability CVE-2024-2961

Security Advisory Description The iconv function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable...

K000140695: PHP vulnerability CVE-2024-5458

Security Advisory Description In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, due to a code logic error, filtering functions such as filtervar when validating URLs FILTERVALIDATEURL for certain types of URLs the function will result in invalid user information username ...

K000140691: Linux kernel vulnerability CVE-2022-2586

Security Advisory Description It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted. CVE-2022-2586 Impact There is no impact; F5 products are not affected by this vulnerability. Security Adviso...

K000139692: Websense vulnerabilities CVE-2006-2035 and CVE-2010-5144

Security Advisory Description CVE-2006-2035 Websense, when configured to permit access to the dynamic content category, allows local users to bypass intended blocking of the Uncategorized category by appending a "/?" sequence to a URL. CVE-2010-5144 The ISAPI Filter plug-in in Websense Enterprise...

K000132800: F5OS QKView utility vulnerability CVE-2024-23607

Security Advisory Description A directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside the QKView directory. CVE-2024-23607 Impact An authenticated attacker may exploit this vulnerability by executing a crafted QKView utilit...

K000138050: Apache Tomcat vulnerability CVE-2023-41081

Security Advisory Description Important: Authentication Bypass CVE-2023-41081 The modjk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied...

K000137798: Dbus Subscription Manager vulnerability CVE-2023-3899

Security Advisory Description A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By usi...

K000137058: Linux kernel vulnerability CVE-2022-4269

Security Advisory Description A flaw was found in the Linux kernel Traffic Control TC subsystem. Using a specific networking configuration redirecting egress packets to ingress using TC action "mirred" a local unprivileged user could trigger a CPU soft lockup ABBA deadlock when the transport...

K000137038: BIND vulnerability CVE-2023-4236

Security Advisory Description A flaw in the networking code handling DNS-over-TLS queries may cause named to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This issue affects BIND 9...

K000136957: Apache struts vulnerability CVE-2023-41835

Security Advisory Description When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Strut...

K000135636: Java vulnerability CVE-2023-22041

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Editio...

K000135504: BIND vulnerability CVE-2023-2911

Security Advisory Description If the recursive-clients quota is reached on a BIND 9 resolver configured with both stale-answer-enable yes; and stale-answer-client-timeout 0;, a sequence of serve-stale-related lookups could cause named to loop and terminate unexpectedly due to a stack overflow. Th...

K000135352: Heimdal vulnerability CVE-2022-3116

Security Advisory Description The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash. CVE-2022-3116 Impact There is no impact; F5...

K000134744: Intel BIOS vulnerability CVE-2022-38087

Security Advisory Description Exposure of resource to wrong sphere in BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable information disclosure via local access. CVE-2022-38087 Impact A privileged user may be able to enable information disclosure via local...

K000134579: OpenJDK vulnerabilities CVE-2019-2818 and CVE-2019-2821

Security Advisory Description CVE-2019-2818 Vulnerability in the Java SE component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

K000133652: Python vulnerability CVE-2018-18074

Security Advisory Description The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. CVE-2018-18074 Impact Fo...

K46524395: Appliance mode vulnerability CVE-2019-6614

Security Advisory Description On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, internal methods used to prevent arbitrary file overwrites in Appliance Mode were not fully effective. An authenticated attacker with a high privilege level may be able to bypass protections implemented i...

K12357206: Linux kernel rpmsg vulnerability CVE-2019-19053

Security Advisory Description A memory leak in the rpmsgeptdevwriteiter function in drivers/rpmsg/rpmsgchar.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memory consumption by triggering copyfromiterfull failures, aka CID-bbe692e349e2. CVE-2019-19053 Impact...

K18955141: GnuTLS vulnerability CVE-2018-16868

Security Advisory Description A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plainte...

K29149494: iControl REST vulnerability CVE-2019-6637

Security Advisory Description Application logic abuse of ASM REST endpoints can lead to instability of BIG-IP system. Exploitation of this issue causes excessive memory consumption which results in the Linux kernel triggering OOM killer on arbitrary processes. The attack requires an authenticated...

K06430416: Zend Framework vulnerability CVE-2015-7695

Security Advisory Description The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query. CVE-2015-7695 Impact There is no impact; F5 products are not affected by this...

K34893234: BIG-IP APM Appliance mode vulnerability CVE-2022-31473

Security Advisory Description When running in Appliance mode, an authenticated attacker may be able to bypass Appliance mode restrictions due to a directory traversal vulnerability in an undisclosed page within iApps. A successful exploit can allow the attacker to cross a security boundary...

K95434410: TMM vulnerability CVE-2019-6629

Security Advisory Description Undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. The Client SSL profile must have session tickets enabled and use DHE cipher suites to be affected. This only impacts the data plane, there is no impact...

K46337613: NodeJS vulnerability CVE-2015-8315

Security Advisory Description The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service CPU consumption via a long version string, aka a "regular expression denial of service ReDoS. CVE-2015-8315 Impact There is no impact; F5 products are not affected by this...

K58581302: Archive_Tar vulnerabilities CVE-2020-28948 and CVE-2020-28949

Security Advisory Description CVE-2020-28948 ArchiveTar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. CVE-2020-28949 ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack...

K57492753: MySQL Optimizer vulnerability CVE-2016-0651

Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.CVE-2016-0651 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...

K51543541: QEMU vulnerability CVE-2018-7858

Security Advisory Description Quick Emulator aka QEMU, when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service out-of-bounds access and QEMU process crash by leveraging incorrect region calculation when updating VGA display...

K16352404: BIG-IQ DCD vulnerability CVE-2021-22996

Security Advisory Description When set up for auto failover, a BIG-IQ Data Collection Device DCD cluster member that receives an undisclosed message may cause the corosync process to abort. This behavior may lead to a denial-of-service DoS and impact the stability of a BIG-IQ high availability HA...

K47284724: iControl vulnerability CVE-2016-9256

Security Advisory Description Permissions enforced by iControl can lag behind the actual permissions assigned to a user if the rolemap is not reloaded between the time the permissions are changed and the time of the user's next request. This is a race condition that occurs rarely in normal usage;...

K90879323: BIG-IP 11.5.4 HF3 regression may modify security configurations

Security Advisory Description F5 has discovered a regression in BIG-IP 11.5.4 HF3, which has the potential to create a security exposure during the installation process. Operating with an abundance of caution, F5 has decided to remove 11.5.4 HF3 from the Downloads site. To correct the regression,...

K85664507: Linux kernel vulnerability CVE-2017-17852

Security Advisory Description kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service memory corruption or possibly have unspecified other impact by leveraging mishandling of 32-bit ALU ops. CVE-2017-17852 Impact There is no impact; F5 products are...

K55031185: demangler in GNU Libiberty vulnerability CVE-2016-6131

Security Advisory Description The demangler in GNU Libiberty allows remote attackers to cause a denial of service infinite loop, stack overflow, and crash via a cycle in the references of remembered mangled types. CVE-2016-6131 Impact There is no impact; F5 products are not affected by this...

K31445234: Intel I210 network adapter vulnerability CVE-2020-0523

Security Advisory Description Improper access control in the firmware for the IntelR Ethernet I210 Controller series of network adapters before version 3.30 may potentially allow a privileged user to enable a denial of service via local access. CVE-2020-0523 Impact The BIG-IP management network...

K77452266: Intel CPU vulnerability CVE-2018-12171

Security Advisory Description Privilege escalation in Intel Baseboard Management Controller BMC firmware before version 1.43.91f76955 may allow an unprivileged user to potentially execute arbitrary code or perform denial of service over the network. CVE-2018-12171 Impact There is no impact; F5...

K02951273: NTP vulnerability CVE-2017-6463

Security Advisory Description NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service daemon crash via an invalid setting in a :config directive, related to the unpeer option. CVE-2017-6463 Impact A remote, authenticated attacker may exploit this...

K67825238: iControl REST vulnerability CVE-2019-6638

Security Advisory Description Malformed http requests made to an undisclosed iControl REST endpoint can lead to infinite loop of the restjavad process. CVE-2019-6638 Impact All authenticated users, regardless of role, can exploit this vulnerability, which can result in a denial-of-service DoS for...

K54308152: cURL vulnerability CVE-2021-22923

Security Advisory Description When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download...

K15180: OpenSSL vulnerability CVE-2013-4353

Security Advisory Description The ssl3takemac function in ssl/s3both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service NULL pointer dereference and application crash via a crafted Next Protocol Negotiation record in a TLS handshake. CVE-2013-4353 Impact Remot...

K16494: phpMyAdmin vulnerability CVE-2015-2206

Security Advisory Description libraries/selectlang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it...

K42891424: Grep vulnerability CVE-2015-1345

Security Advisory Description The bmexectrans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service out-of-bounds heap read and crash via crafted input when using the -F option. CVE-2015-1345 Impact A local user may cause a denial-of-service DoS by way of...

K16479: Linux kernel vulnerability CVE-2009-4537

Security Advisory Description drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to 1 cause a denial of service temporary network outage via a packet with a...

K5794: Security Advisory: Perl integer sign error in format string processing - CVE-2005-3962

Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about F5 Networks' security policy regarding evaluating older and unsupported versions of F5 Networks products, refer to K4602:...

K15742: Linux kernel vulnerabilities CVE-2014-6416, CVE-2014-6417, and CVE-2014-6418

Security Advisory Description CVE-2014-6416 Buffer overflow in net/ceph/authx.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service memory corruption and panic or possibly have unspecified other impact via a long unencrypted auth ticket...

K15743: BIND vulnerability CVE-2011-2465

Security Advisory Description Description Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone RPZ contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service named daemon crash via...

K15461: OpenSSL vulnerability CVE-2011-4619

Security Advisory Description The Server Gated Cryptography SGC implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service CPU consumption via unspecified vectors. CVE-2011-4619 Impact This...

K15428: Apache Tomcat vulnerability CVE-2014-0096

Security Advisory Description java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and...

K15405: OpenSSL 0.9.8l vulnerability CVE-2009-4355

Security Advisory Description Memory leak in the zlibstatefulfinish function in crypto/comp/czlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service memory consumption via vectors that trigger incorrect calls to the...

K05295501: libssh vulnerability CVE-2020-1730

Security Advisory Description A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR or DES ciphers if enabled ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when...

K2104: Buffer read overflow in DNS resolver libraries - CAN-2002-1146

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...