K95313044: Multiple Java vulnerabilities

Security Advisory Description CVE-2013-3829 Unspecified vulnerability in the Java SE, Java SE Embedded component in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentialit...

K8863: Cross-Site Scripting (XSS) vulnerabilities in the FirePass Administrative Console

Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...

K000130469: node.js systeminformation vulnerability CVE-2021-21315

Security Advisory Description The System Information Library for Node.JS npm package "systeminformation" is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Proble...

K55347921: Linux kernel vulnerability CVE-2017-7477

Security Advisory Description Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging the use of a MAXSKBFRAGS+1 size in conjunction with the...

K53244431: SSL Intercept iApp HTTP Explicit Proxy vulnerability CVE-2017-0305

SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature plus...

K14317: OpenSSH J-PAKE vulnerability CVE-2010-4478

OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate. F5 products do not include J-PAKE in the OpenSSH programs a...

K34035645: Multiple Wireshark vulnerabilities

Security Advisory Description CVE-2018-7320 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by validating operand offsets. CVE-2018-7321 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12,...

K19784568: TMM vulnerability CVE-2016-5023

Security Advisory Description Virtual servers in F5 BIG-IP systems 11.2.1 HF11 through HF15, 11.4.1 HF4 through HF10, 11.5.3 through 11.5.4, 11.6.0 HF5 through HF7, and 12.0.0, when configured with a TCP profile, allow remote attackers to cause a denial of service Traffic Management Microkernel...

K92859602: BIG-IP TMM iRules vulnerability CVE-2016-5024

Security Advisory Description Virtual servers in F5 BIG-IP systems 11.6.1 before 11.6.1 HF1 and 12.1.x before 12.1.2, when configured to parse RADIUS messages via an iRule, allow remote attackers to cause a denial of service Traffic Management Microkernel restart via crafted network traffic...

K82851041: TMM vulnerability CVE-2017-6137

Security Advisory Description In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclosed traffic patterns received while software SYN cookie protection i...

K51079478: glibc vulnerability CVE-2015-8778

Security Advisory Description Integer overflow in the GNU C Library aka glibc or libc6 before 2.23 allows context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via the size argument to the hcreater function, which triggers out-of-bounds...

K91229003: Side-channel processor vulnerabilities CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754

Security Advisory Description The following three side-channel attacks were publicly disclosed on January 3, 2018: CVE-2017-5715 Spectre-BTB previously known as Spectre Variant 2 Branch target injection Systems with microprocessors utilizing speculative execution and indirect branch prediction ma...

K25423771: Linux kernel vulnerability CVE-2018-18021

Security Advisory Description arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVMSETONREG ioctl. This is exploitable by attackers who can create virtual machines. An attacker can arbitrarily redirect the hypervisor flow of control with full...

K14652952: yurex USB driver vulnerability CVE-2018-16276

Security Advisory Description An issue was discovered in yurexread in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges...

K07550539: TMM with LRO vulnerability CVE-2018-15311

Security Advisory Description When Large Receive Offload LRO is enabled, undisclosed traffic patterns may cause TMM to restart. LRO has been available since 11.4.0 but is not enabled by default until 13.1.0 for all platforms and 12.0.0 for Virtual Edition. CVE-2018-15311 Impact An attacker may be...

K58523202: PHP vulnerabilities CVE-2018-19395 and CVE-2018-19396

Security Advisory Description CVE-2018-19395 ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service NULL pointer dereference and application crash because com and comsafearrayproxy return NULL in compropertiesget in ext/comdotnet/comhandlers.c, as...

K74114570: BIG-IP APM webtop vulnerability CVE-2018-15334

A cross-site request forgery CSRF vulnerability in the APM webtop, may allow attacker to force an APM webtop session to log out and require re-authentication. CVE-2018-15334 Impact A remote attacker may be able to force a BIG-IP APM webtop session to log out and require reauthentication. Security...

K83430580: SAMBA vulnerability CVE-2022-42898

Security Advisory Description PAC parsing in MIT Kerberos 5 aka krb5 before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution in KDC, kadmind, or a GSS or Kerberos application server on 32-bit platforms which have a resultant heap-based buffer overflow,...

K61214359: Linux kernel vulnerability CVE-2019-15098

Security Advisory Description drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. CVE-2019-15098 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...

K68151373: IP Intelligence Feed List TMUI vulnerability CVE-2019-6636

Security Advisory Description On BIG-IP AFM, ASM 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a stored cross-site scripting vulnerability in AFM feed list. In the worst case, an attacker can store a CSRF which results in code execution as the admin user. Th...

K48351130: Linux kernel vulnerability CVE-2019-16714

Security Advisory Description In the Linux kernel before 5.2.14, rds6incinfocopy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized. CVE-2019-16714 Impact This vulnerability may allow attackers to obtain...

K98008862: OpenLDAP vulnerability CVE-2019-13565

Security Advisory Description An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any...

K76052144: BIG-IP, BIG-IQ, Enterprise Manager, and F5 iWorkflow Configuration utility vulnerability CVE-2019-6663

Security Advisory Description The BIG-IP / BIG-IQ / Enterprise Manager / F5 iWorkflow Configuration utility is vulnerable to Anti DNS Pinning DNS Rebinding attack. CVE-2019-6663 Impact BIG-IP / BIG-IQ / Enterprise Manager / F5 iWorkflow An Anti DNS Pinning DNS Rebinding attack allows an attacker ...

K11186236: Linux kernel KVM subsystem vulnerability CVE-2019-6974

Security Advisory Description In the Linux kernel before 4.20.8, kvmioctlcreatedevice in virt/kvm/kvmmain.c mishandles reference counting because of a race condition, leading to a use-after-free. CVE-2019-6974 Impact BIG-IP An attacker may use this vulnerability to cause a vCMP guest to crash,...

K20105555: F5 SSL Orchestrator may fail to stop an attacker from exfiltrating data on a compromised client system (SNIcat)

Security Advisory Description An attacker may be able to exfiltrate data from a target system sitting behind F5 SSL Orchestrator by inserting data into the TLS SNI field. This approach assumes that the attacker has already compromised, and is in full control of, the target system to be able to...

K14334: BIG-IP Analytics generates predictable session cookies CVE-2013-7408

Security Advisory Description F5 BIG-IP Analytics 11.x before 11.4.0 uses a predictable session cookie, which makes it easier for remote attackers to have unspecified impact by guessing the value. CVE-2013-7408 This may become apparent when running vulnerability scans such as Qualys against a...

K64571774: BIG-IP virtual server TCP sequence numbers vulnerability CVE-2020-5947

Security Advisory Description On specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers. CVE-2020-5947 Impact Attackers may be able to spoof TCP packet...

K82793463: BIG-IP MRF Diameter vulnerability CVE-2022-23019

Security Advisory Description When a message routing type virtual server is configured with both Diameter Session and Router Profiles, undisclosed traffic can cause an increase in memory resource utilization. CVE-2022-23019 Impact System performance can degrade until the process is either forced ...

K32196386: Linux kernel vulnerability CVE-2019-19447

Security Advisory Description In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4putsuper in fs/ext4/super.c, related to dumporphanlist in fs/ext4/super.c. CVE-2019-19447 Impact There is no impact; F...

K30183369: Linux kernel vulnerabilities CVE-2019-15217 and CVE-2019-15221

Security Advisory Description CVE-2019-15217 An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. CVE-2019-15221 An issue was discovered in the Linux kernel before 5.1.17...

K05975972: BIG-IP self IP vulnerability CVE-2020-5923

Security Advisory Description Self-IP port-lockdown bypass by way of IPv6 link-local addresses. CVE-2020-5923 Impact Port lockdowns may be bypassable on accessible self IP addresses on an ipv6 link-local address. Security Advisory Status F5 Product Development has assigned ID 832885 BIG-IP and ID...

K000130414: Samba vulnerability CVE-2022-38023

Security Advisory Description Netlogon RPC Elevation of Privilege Vulnerability. CVE-2022-38023 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently supported releases for potential vulnerability...

K000130411: Samba vulnerabilities CVE-2022-37966 and CVE-2022-37967

Security Advisory Description CVE-2022-37966 Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability. CVE-2022-37967 Windows Kerberos Elevation of Privilege Vulnerability. Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...

K000130396: Keccak XKCP SHA-3 vulnerability CVE-2022-37454

Security Advisory Description The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface...

K41440465: BIG-IP TMM vulnerability CVE-2022-26071

Security Advisory Description A flaw in the way reply ICMP packets are limited in the Traffic Management Microkernel TMM allows an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. CVE-2022-26071 Impact A...

K04043655: Linux kernel vulnerability CVE-2019-14816

Security Advisory Description There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of servicesystem crash or possibly execute arbitrary code. CVE-2019-14816 Impact There is no...

K10015187: BIG-IP APM client for Windows vulnerability CVE-2018-5547

Security Advisory Description Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access. This feature displays a certificate user interface dialog box which contains the...

K14981751: Linux kernel vulnerability CVE-2019-18808

Security Advisory Description A memory leak in the ccprunshacmd function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service memory consumption, aka CID-128c66429247. CVE-2019-18808 Impact There is no impact; F5 products are not affected...

K48127735: Apache log4net Vulnerability CVE-2018-1285

Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files. CVE-2018-1285 Impact There is no impact; F5 products are not affected...

K82567234: NodeJS vulnerability CVE-2022-32215

Security Advisory Description The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS. CVE-2022-32215 Impact Impact There is no impact; F5 products are not affected b...

K000130346: Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability

Security Advisory Description This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. The specific flaw exists within the...

K87669052: Multiple Wireshark (tshark) vulnerabilities

Security Advisory Description CVE-2015-8734 The dissectnwp function in epan/dissectors/packet-nwp.c in the NWP dissector in Wireshark 2.0.x before 2.0.1 mishandles the packet type, which allows remote attackers to cause a denial of service application crash via a crafted packet. CVE-2015-8735 The...

K13838: XSS vulnerability CVE-2012-2975

Security Advisory Description A cross-site scripting XSS vulnerability exists on the BIG-IP ASM traffic overview page. Malicious request URLs may be exposed in the Configuration utility without proper sanitization. CVE-2012-2975 Impact Privileged root access may be granted to unauthenticated user...

K05200155: Multiple Java vulnerabilities

Security Advisory Description CVE-2015-4734 Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JGSS. CVE-2015-4805 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60,...

K15389: OpenSSL vulnerability CVE-2011-4576

Security Advisory Description The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer...

K15395: OpenSSL vulnerability CVE-2012-0027

Security Advisory Description The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service daemon crash via crafted data from a TLS client. CVE-2012-0027 Impact This vulnerability could...

K12055286: Intel CPU vulnerability CVE-2021-33060

Security Advisory Description Out-of-bounds write in the BIOS firmware for some IntelR Processors may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2021-33060 Impact This vulnerability may allow an authenticated local user to potentially enable...

K000130278: Apache Heron vulnerability CVE-2021-42010

Security Advisory Description Heron versions = 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue. CVE-2021-42010 Impact There is no impact; F5 products are not affected by this...

K12201527: Overview of Quarterly Security Notifications

Security Advisory Description F5 discloses security vulnerabilities and security exposures for F5 products in Quarterly Security Notifications QSNs. Note : To be notified about F5 security advisories published during a QSN and those published when it is necessary to disclose vulnerabilities at...

K000130275: Linux kernel vulnerabilities CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722

Security Advisory Description Description CVE-2022-41674 An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211bssinfoupdate function in net/mac80211/scan.c. CVE-2022-42719 A use-after-free in the mac80211...