K000150206: PostgreSQL vulnerabilities CVE-2019-10211, CVE-2017-7546, and CVE-2015-0244

Security Advisory Description CVE-2019-10211 Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory. CVE-2017-7546 PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerabl...

K000149959: NGINX Unit vulnerability CVE-2025-1695

Security Advisory Description When NGINX Unit with the Java Language Module is in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. CVE-2025-1695 Impact System performance can degrade due to high CPU utilization. This vulnerability allows a...

K000150194: PAM vulnerability CVE-2024-10041

Security Advisory Description A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this occurs, the attacker can train the branch predictor to execute an ROP...

K000150185: TCP/IP protocol vulnerabilities CVE-2024-7595, CVE-2024-7596, CVE-2025-23018, and CVE-2025-23019

Security Advisory Description CVE-2024-7595 GRE and GRE6 Protocols RFC2784 do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected...

K000149929: tcpdump vulnerability CVE-2020-8037

Security Advisory Description The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. CVE-2020-8037 Impact This flaw allows a remote attacker to send specially crafted packets that, when printed, can lead the application to allocate a large amount of memory,...

K000149918: PostgresQL vulnerability CVE-2021-3677

Security Advisory Description A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server...

K000149915: zlib vulnerability CVE-2016-9841

Security Advisory Description inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. CVE-2016-9841 Impact This vulnerability may allow an attacker to cause a denial-of-service DoS on the BIG-IP or BIG-IQ system. Securi...

K000149905: zlib vulnerability CVE-2016-9840

Security Advisory Description inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. CVE-2016-9840 Impact This vulnerability may allow an attacker to cause a denial-of-service DoS on the BIG-IP or BIG-IQ system...

K000149884: MiniZip vulnerability CVE-2023-45853

Security Advisory Description MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also...

K000149883: PSR-7 header validation vulnerability CVE-2023-30536

Security Advisory Description slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions prior to 1.6.1 an attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the...

K000149880: Python vulnerabilities CVE-2021-3733, CVE-2021-3426, CVE-2021-23336, and CVE-2020-8492

Security Advisory Description CVE-2021-3733 There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser connects to, could trigger a Regular Expression Denial of Service ReDOS during an authentication request...

K000149304: OpenSSL vulnerability CVE-2024-6119

Security Advisory Description Issue summary: Applications performing certificate name checks e.g., TLS clients checking server certificates may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an...

K000149857: Apache Tomcat vulnerability CVE-2024-52317

Security Advisory Description Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through...

K000149858: Apache Tomcat vulnerability CVE-2024-52318

Security Advisory Description Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue. CVE-2024-52318 Impact This vulnerability may...

K000149873: Multiple rpm vulnerabilities

Security Advisory Description CVE-2014-8118 Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow. CVE-2021-35939 It was found that the fix for...

K000149871: Apache Tomcat vulnerability CVE-2024-50379

Security Advisory Description Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from...

K000149845: pam_access vulnerability CVE-2024-10963

Security Advisory Description A flaw was found in pamaccess, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for...

K000149808: Python tarfile vulnerability CVE-2007-4559

Security Advisory Description Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267...

K000149798: Python vulnerability CVE-2023-27043

Security Advisory Description The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in...

K000149797: BIND vulnerability CVE-2024-12705

Security Advisory Description Clients using DNS-over-HTTPS DoH can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 throug...

K000149757: Python vulnerability CVE-2022-0391

Security Advisory Description A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the U...

K000149756: Python vulnerability CVE-2024-9287

Security Advisory Description A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source...

K000149745: AMD CPU ROM Vulnerability CVE-2024-56161

Security Advisory Description Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP...

K000149722: Apache MINA vulnerability CVE-2024-52046

Security Advisory Description The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows attackers to exploit the deserialization process by sending...

K000149708: Java Xtream vulnerabilities CVE-2021-43859 and CVE-2024-47072

Security Advisory Description CVE-2021-43859 XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulti...

K000149707: PostgreSQL vulnerability CVE-2024-10976

Security Advisory Description Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a...

K000149702: PostgreSQL vulnerabilities CVE-2024-10977 and CVE-2024-10979

Security Advisory Description CVE-2024-10977 Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a...

K000149683: Python asyncio vulnerability CVE-2024-12254

Security Advisory Description Starting in Python 3.12.0, the asyncio.SelectorSocketTransport.writelines method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodicall...

K000149655: PHP vulnerabilities CVE-2024-11236, CVE-2024-8929, CVE-2024-8932

Security Advisory Description CVE-2024-11236 In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, uncontrolled long string inputs to ldapescape function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write. CVE-2024-8929 In PHP versions 8.1...

K000149654: PHP vulnerabilities CVE-2024-11233, CVE-2024-11234

Security Advisory Description CVE-2024-11233 In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose...

K000149540: Quarterly Security Notification (February 2025)

Security Advisory Description On February 5, 2025, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. You can wat...

K000139780: BIG-IP SIP ALG vulnerability CVE-2025-22846

Security Advisory Description When the Session Initiation Protocol SIP application layer gateway ALG profile and the SIP router ALG profile are configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. CVE-2025-22846...

K000148587: BIG-IP iControl REST and tmsh vulnerability CVE-2025-20029

Security Advisory Description A command injection vulnerability exists in iControl REST and the BIG-IP TMOS Shell tmsh, which may allow an authenticated attacker to execute arbitrary system commands. CVE-2025-20029 Impact An authenticated attacker may exploit this vulnerability by sending a craft...

K000134888: TMM vulnerability CVE-2025-21087

Security Advisory Description When Client SSL or Server SSL profiles are configured on a virtual server, or Domain Name System Security Extensions DNSSEC signing operations are in use, undisclosed traffic can cause an increase in memory and CPU resource utilization. CVE-2025-21087 Impact System...

K000139656: BIG-IP APM endpoint inspection vulnerability CVE-2025-23415

Security Advisory Description A missing integrity check vulnerability exists in BIG-IP APM access policy endpoint inspection that may allow an attacker to bypass endpoint inspection checks for VPN connections initiated through the BIG-IP APM browser network access VPN client for Windows, macOS, a...

K000149173: NGINX TLS session resumption vulnerability CVE-2025-23419

Security Advisory Description When name-based virtual hosts are configured to share the same IP address and port combination, with TLS 1.3 and OpenSSL, a previously authenticated attacker can use session resumption to bypass client certificate authentication requirements on these servers. This...

K000138932: BIG-IP SIP ALG profile vulnerability CVE-2025-20045

Security Advisory Description When the Session Initiation Protocol SIP application layer gateway ALG profile with Passthru Mode enabled and the SIP router ALG profile are configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to...

K000140933: BIG-IP SNMP vulnerability CVE-2025-21091

Security Advisory Description When SNMP v1 or v2c are disabled on the BIG-IP system, undisclosed requests can cause an increase in memory resource utilization. CVE-2025-21091 Impact System performance can degrade until the snmpd process is either forced to restart or is manually restarted. This...

K000148412: BIG-IP Next Central Manager vulnerability CVE-2025-24319

Security Advisory Description When BIG-IP Next Central Manager is running, undisclosed requests to the BIG-IP Next Central Manager API can cause the BIG-IP Next Central Manager Node's Kubernetes service to terminate. CVE-2025-24319 Impact This vulnerability may allow a low-privileged, authenticat...

K000141003: BIG-IP APM access profile vulnerability CVE-2025-23412

Security Advisory Description When a BIG-IP APM access profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2025-23412 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote,...

K000141380: BIG-IP AFM vulnerability CVE-2025-24312

Security Advisory Description When BIG-IP AFM is provisioned with IPS module enabled and protocol inspection profile is configured on a virtual server or firewall rule or policy, undisclosed traffic can cause an increase in CPU resource utilization. CVE-2025-24312 Impact System performance can...

K000140950: BIG-IP ASM BADoS vulnerability CVE-2025-24326

Security Advisory Description When the BIG-IP ASM Behavioral DoS BADoS TLS Signatures feature is configured, undisclosed traffic can cause an increase in memory resource utilization. CVE-2025-24326 Impact System performance can degrade until the admd or Traffic Management Microkernel TMM processe...

K000149185: BIG-IP Next Central Manager logging vulnerability CVE-2025-23413

Security Advisory Description When users log in through the webUI or API using local authentication, BIG-IP Next Central Manager may log sensitive information in the pgaudit log files. CVE-2025-23413 Impact An authenticated attacker granted the Administrator role on a BIG-IP Next Central Manager...

K000140947: BIG-IP message routing vulnerability CVE-2025-20058

Security Advisory Description When a BIG-IP message routing profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. CVE-2025-20058 Impact System performance can degrade until the Traffic Management Microkernel TMM process is either forc...

K000140920: BIG-IP PEM vulnerability CVE-2025-24497

Security Advisory Description When URL categorization is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2025-24497 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote unauthenticate...

K000139778: BIG-IP PEM vulnerability CVE-2025-22891

Security Advisory Description When a BIG-IP PEM Control Plane Listener virtual server is configured with a Diameter Endpoint profile, undisclosed traffic can cause the virtual server to stop processing new client connections and cause an increase in memory resource utilization. CVE-2025-22891...

K000140578: BIG-IP Configuration utility vulnerability CVE-2025-24320

Security Advisory Description A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. This vulnerability is due to an incomplete fix for...

K000138757: BIG-IP iControl REST vulnerability CVE-2025-23239

Security Advisory Description When running in Appliance mode, and logged into a highly-privileged role, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. CVE-2025-23239...

K000149640: Multiple Perl vulnerabilities

Security Advisory Description CVE-2023-31486 HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. CVE-2020-12723 regcomp.c in Perl before 5.30.3 allows a buffer overflow...

K000149629: libldap vulnerability CVE-2015-3276

Security Advisory Description The nssparseciphers function in libraries/libldap/tlsm.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown...