K72372334: FreeType vulnerability CVE-2014-9745

Security Advisory Description The parseencoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service infinite loop via a "broken number-with-base" in a Postscript stream, as demonstrated by 8garbage. CVE-2014-9745 Impact A remote attacker may be...

K68852819: Linux kernel vulnerability CVE-2016-10200

Security Advisory Description Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service use-after-free by making multiple bind system calls without properly ascertaining whether a socket has the...

K51663510: Apache Tomcat vulnerability CVE-2016-5388

Security Advisory Description Apache Tomcat through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect ...

K50254952: BIG-IP Configuration utility vulnerability CVE-2018-5523

Security Advisory Description When authenticated administrative users run commands in the Traffic Management User Interface TMUI, also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. CVE-2018-5523 Impact BIG-IP and Enterprise Manager This...

K42219132: OpenSSL vulnerability CVE-2016-6309

Security Advisory Description statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service use-after-free or possibly execute arbitrary code via a crafted TLS session. CVE-2016-6309 Impact There is no...

K15217245: Oracle Java SE vulnerability CVE-2018-2815

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability...

K15868: Multiple Wireshark vulnerabilities

Security Advisory Description CVE-2013-4074 The dissectcapwapdata function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a...

K22843911: F5 Path MTU Discovery vulnerability CVE-2015-7759

Security Advisory Description BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 12.0.0 before HF1, when the TCP profile for a virtual server is configured with Congestion Metrics Cache enabled, allow remote attackers to cause a denial of service Traffic Management Microkernel TM...

K29280193: BIG-IP Configuration utility vulnerability CVE-2019-6597

Security Advisory Description When authenticated administrative users run commands in the Traffic Management User Interface TMUI, also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. CVE-2019-6597 Impact BIG-IP and Enterprise Manager This...

K25511825: Linux kernel vulnerabilities CVE-2021-3564, CVE-2021-3573, and CVE-2021-3752

Security Advisory Description CVE-2021-3564 A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kerne...

K86772626: OpenSSL vulnerability CVE-2015-3194

Security Advisory Description crypto/rsa/rsaameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an RSA PSS ASN.1 signature that lacks a mask generation function parameter...

K75532331: iRulesLX debug NodeJS vulnerability CVE-2019-6644

Security Advisory Description Similar to the issue identified in CVE-2018-12120, the BIG-IP system will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if the plugin is left in debug mode and the port is accessible. CVE-2019-6644 Impac...

K53146535: Multiple Sun Java vulnerabilities

Security Advisory Description CVE-2013-5870 Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX. CVE-2013-5878 Unspecified vulnerability in Oracle Java SE 6u65 and...

K55143785: NSS vulnerability CVE-2017-7502

Security Advisory Description Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker. CVE-2017-7502 Impact There is no impact; F5 products are not affected by this vulnerability. Security...

K25607522: BIG-IP vulnerability CVE-2019-6688

Security Advisory Description A user can obtain the secret used to encrypt a BIG-IP UCS backup file while sending an SNMP query to the BIG-IP or BIG-IQ system; however, the user cannot access the UCS files. CVE-2019-6688 Impact BIG-IP and BIG-IQ The SNMP user can obtain the secret used to encrypt...

K30714460: OpenSSL vulnerability CVE-2015-3193

Security Advisory Description The Montgomery squaring implementation in crypto/bn/asm/x8664-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x8664 platform, as used by the BNmodexp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to...

K44183007: MySQL vulnerability CVE-2017-3302

Security Advisory Description Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.CVE-2017-3302 Impact There is no impact; F5 products are not affected by this...

K17246: Linux kernel vulnerability CVE-2015-3636

Security Advisory Description The pingunhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service use-after-free and system crash by...

K96300145: C Library (SQLite & libxslt) vulnerabilities CVE-2019-16168 CVE-2019-13117 CVE-2019-13118

Security Advisory Description CVE-2019-16168 In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlitestat1 sz field, aka a "severe division by zero in the query planner." CVE-2019-13117 In numbers.c in libxslt...

K99862460: PHP vulnerability CVE-2020-7069

Security Advisory Description In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption...

K93960557: Linux kernel vulnerability CVE-2018-5953

Security Advisory Description The swiotlbprintinfo function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call. CVE-2018-5953 Impact There is no impact; F5 products are not...

K91245485: RSA-CRT key leak vulnerability CVE-2015-5738

Security Advisory Description The RSA-CRT implementation in the Cavium Software Development Kit SDK 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy PFS, makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra...

K61045143: Configuration utility CSRF vulnerability

Security Advisory Description A cross-site request forgery CSRF vulnerability in the Traffic Management User Interface TMUI, also referred to as the Configuration utility, may allow a malicious site to force an administrative session to log out and require re-authentication. Impact A remote...

K66871452: PowerDNS vulnerability CVE-2015-5311

Security Advisory Description PowerDNS aka pdns Authoritative Server 3.4.4 before 3.4.7 allows remote attackers to cause a denial of service assertion failure and server crash via crafted query packets. CVE-2015-5311 Impact There is no impact; F5 products are not affected by this vulnerability...

K55001100: glibc vulnerability CVE-2015-5180

Security Advisory Description resquery in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service NULL pointer dereference and process crash. CVE-2015-5180 Impact For this vulnerability, an attacker must have local access to the system and know how to make the glibc...

K55540723: OpenSSL vulnerability CVE-2015-3196

Security Advisory Description ssl/s3clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service race condition and...

K54207009: Apache mod_remoteip vulnerability CVE-2019-10097

Security Advisory Description In Apache HTTP Server 2.4.32-2.4.39, when modremoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only...

K54211024: OpenSSL vulnerability CVE-2016-6304

Security Advisory Description Multiple memory leaks in t1lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service memory consumption via large OCSP Status Request extensions. CVE-2016-6304 Impact A remote attacker can...

K49440608: TMOS vulnerability CVE-2018-5509

Security Advisory Description When a specifically configured virtual server receives traffic of an undisclosed nature, the Traffic Management Microkernel TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration that exposes this issue is n...

K46524395: Appliance mode vulnerability CVE-2019-6614

Security Advisory Description On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, internal methods used to prevent arbitrary file overwrites in Appliance Mode were not fully effective. An authenticated attacker with a high privilege level may be able to bypass protections implemented i...

K42027747: BIG-IP SNMP vulnerability CVE-2018-15328

Security Advisory Description The passphrases for SNMPv3 users and trap destinations that are used for authentication and privacy are not handled by the BIG-IP system Secure Vault feature; they are written in the clear to the various configuration files. CVE-2018-15328 Note : The BIG-IP system...

K41204355: PHP vulnerability CVE-2016-5114

Security Advisory Description sapi/fpm/fpm/fpmlog.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service out-of-bounds read...

K40443301: SNMP vulnerability CVE-2019-6640

Security Advisory Description SNMP exposes sensitive configuration objects over insecure transmission channels. This issue is exposed when a passphrase is inserted into various profile types and accessed using SNMPv2. CVE-2019-6640 Impact An attacker with direct SNMP access to a BIG-IP system, or...

K38110373: Apache Tomcat vulnerability CVE-2014-7810

Security Advisory Description The Expression Language EL implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a...

K40523020: Linux kernel vulnerability CVE-2018-16658

Security Advisory Description An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdromioctldrivestatus in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is...

K23512141: OpenSSL vulnerability CVE-2016-2179

Security Advisory Description The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service memory consumption by maintaining many crafted DTLS...

K35205264: Linux kernel vulnerability CVE-2018-10938

Security Advisory Description A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipsov4optptr function in net/ipv4/cipsoipv4.c leading to a denial-of-servic...

K23024812: BIG-IP APM vulnerability CVE-2018-5544

Security Advisory Description When the BIG-IP APM system renders certain pages with a logon agent or a confirm box, the system may disclose configuration information such as partition and agent names via URI parameters. CVE-2018-5544 Impact This vulnerability allows unauthorized disclosure of...

K22206205: Intel vulnerabilities CVE-2020-0548 CVE-2020-0549

Security Advisory Description CVE-2020-0548 Cleanup errors in some data cache evictions for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2020-0549 Cleanup errors in some IntelR Processors may allow an authenticated user ...

K19166530: XSS vulnerability CVE-2020-27719

Security Advisory Description A cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. CVE-2020-27719 Impact An attacker can exploit this vulnerability to run JavaScript in the context of the currently logged-in user. When successfully exploiting...

K21711352: TMOS Shell vulnerability CVE-2019-19151

Security Advisory Description Authenticated users granted TMOS Shell tmsh privileges can access objects on the file system, which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to access objects on the file system, which would not normal...

K14051233: Linux kernel vulnerability CVE-2017-13715

Security Advisory Description The skbflowdissect function in net/core/flowdissector.c in the Linux kernel before 4.3 does not ensure that nproto, ipproto, and thoff are initialized, which allows remote attackers to cause a denial of service system crash or possibly execute arbitrary code via a...

K11772107: BIG-IP and BIG-IQ cloud image vulnerability CVE-2016-2084

Security Advisory Description There is an issue with regenerating certificates and keys when deploying BIG-IP and BIG-IQ cloud images in Amazon Web Services AWS, Azure or Verizon cloud services environments. CVE-2016-2084 Note : CVE-2016-2084 impacts only BIG-IP or BIG-IQ AWS, Azure, or Verizon...

K10558632: Linux privilege-escalation vulnerability CVE-2016-5195

Security Advisory Description Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write COW feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka...

K14118520: MySQL vulnerabilities CVE-2019-2752, CVE-2019-2755, CVE-2019-2757, CVE-2019-2758, and CVE-2019-2774

Security Advisory Description CVE-2019-2752 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Options. Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

K13314257: slpd vulnerability CVE-2017-17833

Security Advisory Description OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability. CVE-2017-17833 Impact There is no impact; F5 products are not affected by this...

K03125360: F5 iRules 'RESOLV::lookup' command vulnerability CVE-2020-5941

Security Advisory Description Using the RESOLV::lookup command within an iRule may cause the Traffic Management Microkernel TMM to generate a core file and restart. This issue occurs when data exceeding the maximum limit of a host name passes to the RESOLV::lookup command. CVE-2020-5941 Impact Th...

K02500249: Linux kernel vulnerability CVE-2013-1059

Security Advisory Description net/ceph/authnone.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact via an authreply message that triggers an attempted buildrequest operation...

K02495251: Ghostscript vulnerability CVE-2018-16509 (VU#332928)

Security Advisory Description An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction...

K98394530: Intel CPU vulnerability CVE-2019-14598

Security Advisory Description Improper Authentication in subsystem in IntelR CSME versions 12.0 through 12.0.48 IOT only: 12.0.56, versions 13.0 through 13.0.20, versions 14.0 through 14.0.10 may allow a privileged user to potentially enable escalation of privilege, denial of service or informati...