SOL17119920 - BIG-IP ASM vulnerability CVE-2016-7472

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL43267483 - PHP vulnerability CVE-2016-5766

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL17327 - GnuTLS RSA PKCS signature vulnerability CVE-2015-0282

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL16880 - Libcap vulnerability CVE-2011-4099

The capsh program in libcap before 2.22 does not change the current working directory when the --chroot option is specified, which allows local users to bypass the chroot restrictions via unspecified vectors. CVE-2011-4099...

SOL16827 - Apache Struts vulnerability CVE-2015-1831

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...

SOL15933 - NTP vulnerability CVE-2014-9296

Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...

K000159076: Quarterly Security Notification (February 2026)

Security Advisory Description On February 4, 2026, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associate...

K000151412: Apache Tomcat vulnerability CVE-2025-31650

Security Advisory Description CVE-2025-31650 Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger a...

K000150505: LuaJIT vulnerabilities CVE-2019-19391, CVE-2020-15890, CVE-2020-24372

Security Advisory Description CVE-2019-19391 In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases involving valid stack levels and options are mishandled...

K000148587: BIG-IP iControl REST and tmsh vulnerability CVE-2025-20029

Security Advisory Description A command injection vulnerability exists in iControl REST and the BIG-IP TMOS Shell tmsh, which may allow an authenticated attacker to execute arbitrary system commands. CVE-2025-20029 Impact An authenticated attacker may exploit this vulnerability by sending a craft...

K000149511: Oracle Java vulnerability CVE-2025-21502

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK:...

K000148649: Apache Commons vulnerability CVE-2024-47554

Security Advisory Description Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0...

K000148607: OpenSSL vulnerability CVE-2022-1292

Security Advisory Description The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary comman...

K000148478: PostgreSQL pgAdmin vulnerability CVE-2024-9014

Security Advisory Description pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data. CVE-2024-9014 Impact There is no impact; F...

K000148343: Diffie-Hellman key exchange protocol vulnerability CVE-2024-41996

Security Advisory Description Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers from the client side to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client...

K000140953: libarchive vulnerability CVE-2023-30571

Security Advisory Description Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask call inside archivewritediskposix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask...

K000140743: MySQL vulnerability CVE-2024-21159

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

K000140188: PostgreSQL vulnerability CVE-2024-0985

Security Advisory Description Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of...

K000138634: BIG-IP Next Central Manager vulnerability CVE-2024-32049

Security Advisory Description BIG-IP Next Central Manager may allow an unauthenticated, remote attacker to obtain BIG-IP Next LTM/WAF instance credentials. CVE-2024-32049 Impact This vulnerability may allow an unauthenticated attacker in a man-in-the-middle MITM position between a BIG-IP Next...

K91054692: BIG-IP Appliance mode iAppsLX vulnerability CVE-2024-23976

Security Advisory Description When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing iAppsLX templates on a BIG-IP system. CVE-2024-23976 Impact An authenticated attacker with local system access and th...

K47756555: BIG-IP APM Guided Configuration vulnerability CVE-2023-39447

Security Advisory Description When BIG-IP APM Guided Configuration is configured, undisclosed sensitive information may be logged in the restnoded log file. CVE-2023-39447 Impact This vulnerability may allow a high privileged authenticated attacker with local access to the BIG-IP system to read...

K000134746: BIG-IP Edge Client for macOS vulnerability CVE-2023-38418

Security Advisory Description The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. CVE-2023-38418 Impact An attacker with an ability to run unprivileged arbitrary code on the target macOS client may be able to abuse an...

K000135625: Oracle Java vulnerability CVE-2023-22051

Security Advisory Description Vulnerability in the Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: GraalVM Compiler. Supported versions that are affected are Oracle GraalVM Enterprise Edition: 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1...

K000134764: Java SE vulnerabilities CVE-2018-2941 and CVE-2018-2973

Security Advisory Description CVE-2018-2941 Vulnerability in the Java SE component of Oracle Java SE subcomponent: JavaFX. Supported versions that are affected are Java SE: 7u181, 8u172 and 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

K000134724: MySQL vulnerability CVE-2023-21935

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromis...

K000134616: Intel i915 Graphics Drivers for Linux vulnerability CVE-2023-28410

Security Advisory Description Improper restriction of operations within the bounds of a memory buffer in some IntelR i915 Graphics drivers for linux before kernel version 6.2.10 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2023-28410 Impact...

K000133656: Oracle Java vulnerability CVE-2023-21954

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and...

K000133390: Apache Tomcat vulnerability CVE-2022-45143

Security Advisory Description The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply...

K50254952: BIG-IP Configuration utility vulnerability CVE-2018-5523

Security Advisory Description When authenticated administrative users run commands in the Traffic Management User Interface TMUI, also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. CVE-2018-5523 Impact BIG-IP and Enterprise Manager This...

K40443301: SNMP vulnerability CVE-2019-6640

Security Advisory Description SNMP exposes sensitive configuration objects over insecure transmission channels. This issue is exposed when a passphrase is inserted into various profile types and accessed using SNMPv2. CVE-2019-6640 Impact An attacker with direct SNMP access to a BIG-IP system, or...

K28855111: BIG-IQ HA vulnerability CVE-2020-5869

Security Advisory Description BIG-IQ high availability HA synchronization is not secure by TLS and may allow on-path attackers to read / modify confidential data in transit. CVE-2020-5869 Impact Certain BIG-IQ data may be compromised when the vulnerability is exploited on a BIG-IQ HA configuratio...

K17114: NTP vulnerability CVE-2015-5146

Security Advisory Description ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service service crash via a NULL byte i...

K03585731: F5 secure shell vulnerability CVE-2020-5873

Security Advisory Description A user associated with the Resource Administrator role who has access to the secure copy scp utility but does not have access to Advanced Shell bash can execute arbitrary commands using a maliciously crafted scp request. CVE-2020-5873 Impact An authenticated user wit...

K60565503: OpenJDK vulnerability CVE-2005-1080

Security Advisory Description Directory traversal vulnerability in the Java Archive Tool Jar utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. dot dot in filenames in a .jar file. CVE-2005-1080 Impact There is no impact; F5...

K10366: BIND vulnerability - CVE-2009-0696

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...

K45429077: Exiv2 vulnerability CVE-2019-13114

Security Advisory Description http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service crash due to a NULL pointer dereference by returning a crafted response that lacks a space character. CVE-2019-13114 Impact There is no impact; F5 products are not affected by...

K12403422: BIG-IP ASM vulnerability CVE-2018-5541

Security Advisory Description When the BIG-IP ASM system processes HTTP requests, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process. CVE-2018-5541 Impact BIG-IP When this vulnerability is exploited, the BIG-IP ASM system may experience a denial of...

K54380426: Intel CPU vulnerability CVE-2018-3643

Security Advisory Description A vulnerability in Power Management Controller firmware in systems using specific Intel Converged Security and Management Engine CSME before version 12.0.6 or Intel Server Platform Services firmware before version 4.x.04 may allow a privileged user to potentially...

K31152411: BIG-IP Analytics vulnerability CVE-2019-6655

Security Advisory Description BIG-IP platforms provisioned with AAM, AFM, Application Visibility and Reporting AVR, APM, ASM, and/or PEM may leak sensitive data. CVE-2019-6655 Impact BIG-IP AAM, AFM, AVR, APM, ASM, PEM The vulnerability is only present on BIG-IP systems provisioned with AAM, AFM,...

K16444: Apache vulnerability CVE-2015-0899

Security Advisory Description The Validator in Apache Struts 1.1 and later contains a function to efficiently define rules for input validation across multiple pages during screen transitions. This function contains a vulnerability where input validation may be bypassed. When the Apache Struts 1...

K16081: BIG-IP ASM cross-site scripting (XSS) vulnerability CVE-2015-1050

Security Advisory Description Cross-site scripting XSS vulnerability in F5 BIG-IP Application Security Manager ASM before 11.6.0 allows an authenticated user to inject arbitrary web script or HTML via the Response Body field. CVE-2015-1050 Impact Remote attackers may be able to inject arbitrary w...

K16478: Linux kernel vulnerabilities CVE-2014-8159 and CVE-2014-8369

Security Advisory Description CVE-2014-8159 The InfiniBand IB implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux RHEL 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical...

K8921: Linux kernel vulnerability CVE-2007-3740

Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...

K16337: OpenSSL vulnerability CVE-2009-5146

Security Advisory Description A vulnerability, which was classified as problematic, was found in OpenSSL 0.9.8. This affects an unknown function of the component Hostname TLS Extension. The manipulation with an unknown input leads to a information disclosure vulnerability memory leak. CVE-2009-51...

K16429: Linux kernel vulnerability CVE-2015-0239

Security Advisory Description The emsysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service guest OS crash by triggering use of a 16-bit code...

K45212738: SNMP vulnerability CVE-2019-20892

Security Advisory Description net-snmp before 5.8.1.pre1 has a double free in usmfreeusmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release...

K64855220: F5 TMUI and iControl Rest vulnerability CVE-2019-6634

Security Advisory Description High volume of malformed analytics report requests leads to instability in restjavad process. This causes issues with both iControl REST and some portions of TMUI. The attack requires an authenticated user with any role. CVE-2019-6634 Note: The No Access user role is...

K23328310: TMM vulnerability CVE-2018-15330

Security Advisory Description When a virtual server uses the inflate functionality to process a gzip bomb as a payload, the BIG-IP system will experience a fatal error and may cause the Traffic Management Microkernel TMM to produce a core file. CVE-2018-15330 Impact An attacker may be able to...

K43267483: PHP vulnerability CVE-2016-5766

Security Advisory Description Integer overflow in the gd2GetHeader function in gdgd2.c in the GD Graphics Library aka libgd before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service heap-based buffer overflow and...

K70312000: BIG-IP ASM JSON websocket security exposure

Security Advisory Description The BIG-IP ASM system may fail to block bad JSON websocket requests. This issue occurs when all of the following conditions are met: In the JSON profile of the affected security policy, the Parse Parameters setting is enabled. Note: This setting is enabled by default...