K79609038: Linux kernel vulnerability CVE-2016-10907

Security Advisory Description An issue was discovered in drivers/iio/dac/ad5755.c in the Linux kernel before 4.8.6. There is an out of bounds write in the function ad5755parsedt. CVE-2016-10907 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status...

K16472: glibc vulnerability CVE-2013-7424

Security Advisory Description The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AIIDN flag is used, allows context-dependent attackers to cause a denial of service invalid free and possibly execute arbitrary code via unspecified vectors, as demonstrated by an...

K10280318: Zend Framework vulnerability CVE-2016-6233

Security Advisory Description The 1 order and 2 group methods in ZendDbSelect in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern \w in a regular expression. CVE-2016-6233 Impact There is no impact;...

K43520321: NGINX Controller API Vulnerability CVE-2020-5901

Security Advisory Description Undisclosed API endpoints may allow for a reflected Cross Site Scripting XSS attack. If the victim user is logged in as admin this could result in a complete compromise of the system. CVE-2020-5901 Impact For the attack to occur, a user must visit a specially crafted...

K32049501: BIG-IP APM vulnerability CVE-2021-22985

Security Advisory Description Under certain conditions, when processing VPN traffic with APM, TMM consumes excessive memory. A malicious, authenticated VPN user may abuse this to perform a DoS attack against the APM. CVE-2021-22985 Impact The BIG-IP APM system may consume excessive memory and cau...

K17516: NTP vulnerability CVE-2015-7852

Security Advisory Description ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service crash via crafted mode 6 response packets. CVE-2015-7852 Impact While the scope of the impact is limited, an attacker may be able to craft response packets...

K18535734: BIG-IP Secure Vault vulnerability CVE-2019-6609

Security Advisory Description This vulnerability impacts only the iSeries platforms. On these platforms, the secureKeyCapable attribute is not set, which causes the Secure Vault feature to not use F5 hardware support to store the unit key. Instead, the unit key is stored in plaintext on disk, as ...

K15793: PHP Posthandler vulnerability CVE-2014-3622

Security Advisory Description A security vulnerability in the PHP scripting language may allow remote code execution by way of the Post Handler. CVE-2014-3622 - pending Impact None. F5 products do not use vulnerable versions of PHP. Security Advisory Status F5 Product Development has assigned ID...

K00958787: NGINX Controller vulnerability CVE-2020-5867

Security Advisory Description The NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages. CVE-2020-5867 Impact A man-in-the-middle MITM attacker can use this vulnerability to intercept the insecure HTTP channel and convincingly forge any...

K44650639: Binutils vulnerability CVE-2019-9076

Security Advisory Description An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elfreadnotes in elf.c. CVE-2019-9076 Impact There is no impact; F5 products are not affected by this...

K10002335: TMM vulnerability CVE-2017-6159

Security Advisory Description The BIG-IP system is vulnerable to a denial of service attack when the MPTCP option is enabled on a virtual server. Data plane is vulnerable when using the MPTCP option of a TCP profile. There is no control plane exposure. CVE-2017-6159 Impact An attacker may be able...

K47592780: BIG-IQ vulnerability CVE-2022-23009

Security Advisory Description An authenticated administrative role user on a BIG-IQ managed BIG-IP device can access other BIG-IP devices managed by the same BIG-IQ system. CVE-2022-23009 Impact An authenticated administrative role attacker can potentially gain access to all BIG-IP devices manage...

K72122162: Binutils vulnerabilities CVE-2018-7569 and CVE-2018-10373

Security Advisory Description CVE-2018-7569 dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service integer underflow or overflow, and application crash via an ELF file with a corrupt DWARF FORM block...

K84262603: Multiple Ruby vulnerabilities

Security Advisory Description CVE-2018-1000073 RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in...

K94110161: Red Hat shell command injection flaw vulnerabilities CVE-2016-4444, CVE-2016-4445, CVE-2016-4446, and CVE-2016-4989

Security Advisory Description CVE-2016-4444 The allowexecmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function. CVE-2016-4445 The...

K35600134: Net-SNMP vulnerability CVE-2018-18066

Security Advisory Description snmpoidcompare in snmplib/snmpapi.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. CVE-2018-18066 Impact There i...

K95010813: The BIG-IP AFM policy does not classify a DNS query name with a label length greater than 23 bytes

Security Advisory Description The BIG-IP AFM policy does not classify a DNS query name with a label length greater than 23 bytes. This issue occurs when all of the following conditions are met: You configure a port misuse policy for DNS and a service policy on the BIG-IP AFM system. The...

K16435: GNU C Library vulnerability CVE-2014-6040

Security Advisory Description GNU C Library aka glibc before 2.20 allows context-dependent attackers to cause a denial of service out-of-bounds read and crash via a multibyte character value of "0xffff" to the iconv function when converting 1 IBM933, 2 IBM935, 3 IBM937, 4 IBM939, or 5 IBM1364...

K07357521: Intel Linux kernel driver vulnerability CVE-2019-11165

Security Advisory Description Improper conditions check in the Linux kernel driver for the IntelR FPGA SDK for OpenCLTM Pro Edition before version 19.4 may allow an authenticated user to potentially enable denial of service via local access. CVE-2019-11165 Impact There is no impact; F5 products a...

K62830532: BIG-IP MQTT iRule vulnerability CVE-2020-5935

Security Advisory Description When your system handles MQTT traffic through a BIG-IP virtual server associated with an MQTT profile, and an iRule performs manipulations on that traffic, TMM may produce a core file. CVE-2020-5935 Impact The Traffic Management Microkernel TMM may generate a core fi...

K01002228: Linux kernel vulnerability CVE-2020-11725

Security Advisory Description DISPUTED sndctlelemadd in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info-owner line, which later affects a privatesizecount multiplication for unspecified "interesting side effects." NOTE: kernel engineers dispute this finding, because it cou...

K62030064: libxml2 vulnerability CVE-2016-1833

Security Advisory Description The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document...

K35710418: Binutils vulnerability CVE-2018-17985

Security Advisory Description An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplusdemangletype function making recursive calls to itself in certain scenarios involving many 'P'...

K45056101: Advanced WAF/ASM TMUI authenticated remote command execution vulnerability CVE-2021-22990

Security Advisory Description On systems with Advanced WAF or BIG-IP ASM provisioned, the Traffic Management User Interface TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. CVE-2021-22990 Note : For systems...

K46535047: F5 TCP IPv6 vulnerability CVE-2016-9252

Security Advisory Description The Traffic Management Microkernel TMM in F5 BIG-IP systems before 11.5.4 HF3, 11.6.x before 11.6.1 HF2, and 12.x.x before 12.1.2 do not properly handle minimum path MTU options for IPv6, which allows remote attackers to cause a denial of service DoS through...

K48224824: BIG-IP DNS Cache vulnerability CVE-2018-5532

Security Advisory Description On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 a domain name cached within the DNS Cache of TMM may continue to be resolved by the cache even after the parent server revokes the record, if the DNS Cache is receiving a stream of requests for the...

K03386032: BIG-IP VE interface vulnerability CVE-2020-5881

Security Advisory Description When the BIG-IP Virtual Edition VE is configured with VLAN groups and there are devices configured with OSPF connected to it, the Network Device Abstraction Layer NDAL Interfaces can lock up and in turn disrupting the communication between the mcpd and tmm processes...

K58530825: Apache CXF vulnerability CVE-2017-5653

Security Advisory Description JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers. CVE-2017-5653 Impact There is no impact; F5 products are not affected by th...

K17264695: BIG-IP ARM BGP vulnerability CVE-2018-17539

Security Advisory Description The BGP daemon bgpd in all ZebOS versions to 7.10.6 and all OcNOS versions to 1.3.3.145 allow remote attackers to cause a denial of service attack via an autonomous system AS path containing 8 or more autonomous system number ASN elements. CVE-2018-17539 Impact Dynam...

K74302282: BIG-IP APM RDP resource security exposure

Security Advisory Description When BIG-IP APM Remote Desktop Protocol RDP is configured, users can bypass RDP resource redirection restrictions between the RDP remote machine and the local machine. This issue occurs when the following condition is met: A BIG-IP APM policy configured with an RDP...

K8919: Linux kernel vulnerability CVE-2007-2878

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K16877: libuser vulnerability CVE-2011-0002

Security Advisory Description Description libuser before 0.57 uses a cleartext password value of 1 !! or 2 x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values. CVE-2011-0002 Impact None. F5 products are not affected by this...

K21230183: NTP vulnerability CVE-2015-7976

Security Advisory Description The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename. CVE-2015-7976 Impact A remote user who uses the ntp...

K38243073: BIG-IP ASM data processing vulnerability CVE-2017-6154

Security Advisory Description The BIG-IP ASM bd process may produce a core file under some circumstances when processing undisclosed types of data on systems with 48 or more CPU cores. CVE-2017-6154 Impact The BIG-IP ASMbd process produces a core file, interrupting traffic processing and causing ...

K15797: Linux kernel vulnerability CVE-2012-4461

Security Advisory Description The KVM subsystem in the Linux kernel before 3.6.9, when running on hosts that use qemu userspace without XSAVE, allows local users to cause a denial of service kernel OOPS by using the KVMSETSREGS ioctl to set the X86CR4OSXSAVE bit in the guest cr4 register, then...

K17155: TMM vulnerability CVE-2015-4638

Security Advisory Description The Traffic Management Microkernel TMM may restart and produce a core file when a FastL4 virtual server processes a fragmented packet. CVE-2015-4638 Impact The Traffic Management Microkernel TMM may restart and temporarily fail to process traffic. Security Advisory...

K12253: PHP vulnerability CVE-2010-2225

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K28538929: MySQL vulnerability CVE-2016-5634

Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to RBR. CVE-2016-5634 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Produ...

K53183580: TMM FastL4 vulnerability CVE-2019-6680

Security Advisory Description While processing traffic through a standard virtual server that targets a FastL4 virtual server VIP on VIP, hardware appliances may stop responding. CVE-2019-6680 Impact This vulnerability allows remote attackers to cause a denial of service DoS on the BIG-IP system...

K31934524: BIG-IP SNAT vulnerability CVE-2021-22998

Security Advisory Description SYN flood protection thresholds are not enforced in secure network address translation SNAT listeners. CVE-2021-22998 Impact Connections to SNAT listeners are not bound by SYN cookie thresholds, leaving them potentially vulnerable to SYN flood class attacks. This iss...

K42406850: F5 SIRT response to the Ukraine crisis

Security Advisory Description Over the past few weeks, the world has watched as tensions have risen between Russia and Ukraine, and most recently, those tensions have escalated into a military conflict. F5 is deeply concerned for the safety of those in harm's way and the impact to everyone affect...

K34144932: libwww-perl vulnerability CVE-2014-3230

Security Advisory Description When libwww-perl LWP uses IO::Socket::SSL and when the HTTPSCADIR or HTTPSCAFILE environment variables are set, server certificate verification is disabled. CVE-2014-3230 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...

K41613034: NTP vulnerability CVE-2016-2519

Security Advisory Description ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service ntpd abort by a large request data value, which triggers the ctlgetitem function to return a NULL value. CVE-2016-2519 Improper restriction of operations within th...

K20717585: BIG-IP APM OAuth vulnerability CVE-2023-22341

Security Advisory Description When the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel TMM to terminate: An OAuth Server that references an OAuth Provider An OAuth profile with the Authorization Endpoint set to '/'...

K000132263: OpenJDK vulnerability CVE-2023-21843

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Sound. Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 a...

K92859602: BIG-IP TMM iRules vulnerability CVE-2016-5024

Security Advisory Description Virtual servers in F5 BIG-IP systems 11.6.1 before 11.6.1 HF1 and 12.1.x before 12.1.2, when configured to parse RADIUS messages via an iRule, allow remote attackers to cause a denial of service Traffic Management Microkernel restart via crafted network traffic...

K82851041: TMM vulnerability CVE-2017-6137

Security Advisory Description In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclosed traffic patterns received while software SYN cookie protection i...

SOL41020865 - MySQL vulnerability CVE-2016-8286

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

SOL15535113 - MySQL vulnerability CVE-2016-5632

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

SOL21856463 - MySQL vulnerability CVE-2016-8289

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...