6294 matches found
K000148349: Spring framework vulnerability CVE-2024-38819
Security Advisory Description The cve record for the cve id does not exist. CVE-2024-38819 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently supported releases for potential vulnerability, and...
K000148314: MySQL vulnerabilities CVE-2024-21232 and CVE-2024-21212
Security Advisory Description CVE-2024-21232 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Components Services. Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with...
K000148313: MySQL vulnerabilities CVE-2024-21247, CVE-2024-21209, and CVE-2024-21231
Security Advisory Description CVE-2024-21247 Vulnerability in the MySQL Client product of Oracle MySQL component: Client: mysqldump. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker wit...
K000148311: MySQL vulnerabilities CVE-2024-21201, CVE-2024-21230, and CVE-2024-21200
Security Advisory Description CVE-2024-21201 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker wit...
K000148310: MySQL vulnerabilities CVE-2024-21213, CVE-2024-21194, CVE-2024-21218, CVE-2024-21199, and CVE-2024-21207
Security Advisory Description CVE-2024-21213 Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to...
K000148309: MySQL vulnerabilities CVE-2024-21198 and CVE-2024-21219
Security Advisory Description CVE-2024-21198 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with...
K000148290: Moment.JS vulnerabilities CVE-2017-18214 and CVE-2022-24785
Security Advisory Description CVE-2017-18214 The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055. CVE-2022-24785 Moment.js is a JavaScript date library for parsing, validating,...
K000148288: Python Gevent vulnerability CVE-2023-41419
Security Advisory Description An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component. CVE-2023-41419 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Produc...
K000148287: Apache Tomcat vulnerability CVE-2019-0232
Security Advisory Description When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The...
K000148279: CUPS vulnerability CVE-2024-47850
Security Advisory Description CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. The request is meant to probe the new printer bu...
K000148278: Spring framework CVE-2024-38820 vulnerability
Security Advisory Description The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected. CVE-2024-38820 Impact There is no impact; F5...
K000148259: libarchive vulnerability CVE-2016-10350 and CVE-2016-10349
Security Advisory Description CVE-2016-10350 The archivereadformatcabreadheader function in archivereadsupportformatcab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted file. CVE-2016-10349 The archivele32de...
K000148256: libarchive vulnerability CVE-2018-1000880
Security Advisory Description libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards release v3.2.0 onwards contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archivereadsupportformatwarc.c, warcread that can result in DoS - quasi-infinite r...
K000148255: libarchive vulnerabilities CVE-2019-1000020 and CVE-2019-1000019
Security Advisory Description CVE-2019-1000020 libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards version v2.8.0 onwards contains a CWE-835: Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in ISO9660 parser, archivereadsupportformatiso9660.c,...
K000148252: Python tarfile vulnerability CVE-2024-6232
Security Advisory Description There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile. TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. CVE-2024-6232 Impact Attackers can exploit this...
K000148250: PostgreSQL vulnerabilities CVE-2016-0766, CVE-2015-3167, CVE-2015-0243, CVE-2015-0242, and CVE-2015-0241
Security Advisory Description CVE-2016-0766 PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings GUCS for PL/Java, which allows attackers to gain privileges via...
K000148248: less vulnerability CVE-2024-32487
Security Advisory Description less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive...
K000148242: Qt vulnerability CVE-2017-10904
Security Advisory Description Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. CVE-2017-10904 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated...
K000148239: Intel FPGA vulnerability CVE-2024-25576
Security Advisory Description improper access control in firmware for some IntelR FPGA products before version 24.1 may allow a privileged user to enable escalation of privilege via local access. CVE-2024-25576 Impact There is no impact; F5 products are not affected by this vulnerability. Securit...
K000145124: Linux kernel vulnerability CVE-2023-52880
Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: require CAPNETADMIN to attach NGSM0710 ldisc Any unprivileged user can attach NGSM0710 ldisc, but it requires CAPNETADMIN to create a GSM network anyway. Require initial namespace...
K000145125: Curl vulnerability CVE-2024-6197
Security Advisory Description libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this...
K000141528: glibc vulnerability CVE-2024-33600
Security Advisory Description nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's nscd cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cach...
K000141509: Intel UEFI vulnerability CVE-2024-21781
Security Advisory Description Improper input validation in UEFI firmware for some IntelR Processors may allow a privileged user to enable information disclosure or denial of service via local access. CVE-2024-21781 Impact Attackers may exploit this vulnerability to enable privilege escalation via...
K000141511: Intel UEFI vulnerability CVE-2023-43626
Security Advisory Description Improper access control in UEFI firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2023-43626 Impact Attackers may exploit this vulnerability to enable privilege escalation via local...
K000141503: Intel UEFI vulnerability CVE-2023-42772
Security Advisory Description Untrusted pointer dereference in UEFI firmware for some IntelR reference processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2023-42772 Impact There is no impact; F5 products are not affected by this vulnerabilit...
K000141501: Intel UEFI vulnerability CVE-2024-21871
Security Advisory Description Improper input validation in UEFI firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2024-21871 Impact There is no impact; F5 products are not affected by this vulnerability. F5 previous...
K000141500: Intel BIOS vulnerability CVE-2024-23599
Security Advisory Description Race condition in Seamless Firmware Updates for some IntelR reference platforms may allow a privileged user to potentially enable denial of service via local access. CVE-2024-23599 Impact Attackers may exploit this vulnerability to enable privilege escalation via loc...
K000141505: Intel UEFI vulnerability CVE-2024-21829
Security Advisory Description Improper input validation in UEFI firmware error handler for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2024-21829 Impact Attackers may exploit this vulnerability to enable privilege escalati...
K000141508: MySQL vulnerability CVE-2024-21127
Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocol...
K000141507: Intel CPU vulnerability CVE-2023-41833
Security Advisory Description A race condition in UEFI firmware for some IntelR processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2023-41833 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...
K000141506: glibc vulnerability CVE-2024-33602
Security Advisory Description nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's nscd netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was...
K000141479: Wget vulnerability CVE-2024-38428
Security Advisory Description url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent...
K000141302: Quarterly Security Notification (October 2024)
Security Advisory Description On October 16, 2024, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. You can wat...
K000140061: BIG-IP monitors vulnerability CVE-2024-45844
Security Advisory Description BIG-IP monitor functionality may allow an authenticated attacker with at least Manager role privileges to elevate their privileges and/or modify the configuration. CVE-2024-45844 Impact This vulnerability may allow an authenticated attacker with Manager role privileg...
K000141080: BIG-IQ vulnerability CVE-2024-47139
Security Advisory Description A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IQ user interface that allows an attacker with the Administrator role to run JavaScript in the context of the currently logged-in user. CVE-2024-47139 Impact An authenticated...
K000141470: Apache Tomcat vulnerabilities CVE-2024-23672 and CVE-2024-24549
Security Advisory Description CVE-2024-23672 Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through...
K000141459: Angular JS vulnerabilities CVE-2019-14863 and CVE-2022-25869
Security Advisory Description CVE-2019-14863 There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it. CVE-2022-2586...
K000141463: Angular JS vulnerabilities CVE-2019-10768 and CVE-2023-26116
Security Advisory Description CVE-2019-10768 In AngularJS before 1.7.9 the function merge could be tricked into adding or modifying properties of Object.prototype using a proto payload. CVE-2023-26116 Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Servi...
K000141449: MySQL vulnerability CVE-2024-21096
Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Client: mysqldump. Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure...
K000141403: Apache Tomcat vulnerability CVE-2024-38286
Security Advisory Description The cve record for the cve id does not exist. CVE-2024-38286 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently supported releases for potential vulnerability, and...
K000141402: SQLite vulnerabilities CVE-2018-20506, CVE-2018-20505, CVE-2018-20346, CVE-2015-5895, CVE-2015-3717
Security Advisory Description CVE-2018-20506 SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow and resultant buffer overflow for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute...
K000141393: Containerd vulnerability CVE-2021-41103
Security Advisory Description containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux...
K000141357: libxml2 vulnerability CVE-2024-25062
Security Advisory Description An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free. CVE-2024-25062...
K000141359: libpng vulnerability CVE-2015-8540
Security Advisory Description Integer underflow in the pngcheckkeyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space...
K000141358: Multiple libpng vulnerabilities
Security Advisory Description CVE-2016-3751 Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining...
K000141355: Multiple PHP vulnerabilities
Security Advisory Description CVE-2016-4342 ext/phar/pharobject.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact v...
K000141354: Multiple PHP vulnerabilities
Security Advisory Description CVE-2017-7272 PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is...
K000141353: Multiple PHP vulnerabilities
Security Advisory Description CVE-2019-9024 An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpcdecode can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64decodexmlrpc in...
K000141352: Multiple gRPC vulnerabilities
Security Advisory Description CVE-2020-7768 The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition. CVE-2017-9431 Google gRPC before 2017-04-05 has an out-of-bounds write caused by a heap-based buffer overflow related...
K000141317: PHP vulnerabilities CVE-2017-9225, CVE-2017-8923, CVE-2016-7413, CVE-2016-9935, and CVE-2016-7417
Security Advisory Description CVE-2017-9225 An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigencunicodegetcasefoldcodesbystr occurs during regular expression compilation. Code point...