K59010802: Multiple MySQL vulnerabilities

Security Advisory Description CVE-2015-4730 Unspecified vulnerability in Oracle MySQL 5.6.20 and earlier allows remote authenticated users to affect availability via unknown vectors related to Types. CVE-2015-4792 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and...

K51220077: BIG-IP APM Edge Client vulnerability CVE-2018-15316

Security Advisory Description The BIG-IP APM Edge Client component loads the policy library with user permission and bypassing the endpoint checks. CVE-2018-15316 Impact A malicious user can exploit this vulnerability on the APM Edge Client by injecting a library file which will be loaded by the...

K43404629: F5 SSH server key size vulnerability CVE-2020-5917

Security Advisory Description The BIG-IP and BIG-IQ host OpenSSH servers use keys less than 2048 bits that are no longer considered secure. CVE-2020-5917 Impact The BIG-IP system may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications. Some security scanners, such as the...

K41272944: Intel MPSS vulnerability CVE-2020-0563

Security Advisory Description Improper permissions in the installer for IntelR MPSS before version 3.8.6 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2020-0563 Impact There is no impact; F5 products are not affected by this vulnerability...

K35322517: BIND vulnerability CVE-2016-8864

Security Advisory Description named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service assertion failure and daemon exit via a DNAME record in the answer section of a response to a recursive query, related to...

K29002929: INTEL-SA-00223 - Intel Unified Extensible Firmware Interface CVE-2019-0120

Security Advisory Description Insufficient key protection vulnerability in silicon reference firmware for IntelR PentiumR Processor J Series, IntelR PentiumR Processor N Series, IntelR CeleronR J Series, IntelR CeleronR N Series, IntelR AtomR Processor A Series, IntelR AtomR Processor E3900 Serie...

K29100014: Intel processors vulnerability CVE-2019-14607

Security Advisory Description Improper conditions check in multiple Intel® Processors may allow an authenticated user to potentially enable partial escalation of privilege, denial of service and/or information disclosure via local access. CVE-2019-14607 Impact While certain F5 hardware platforms...

K16961: TLS MAC error vulnerability

Security Advisory Description Some TLS implementations fail to correctly check the MAC on TLS messages. Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently supported releases for potential...

K2319: Insufficient MAC computation in OpenSSH - CAN-2003-0078

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K22113131: BIG-IP TMM Ram Cache vulnerability CVE-2020-5861

Security Advisory Description The TMM process may produce a core file in some cases when Ram Cache incorrectly optimizes stored data resulting in memory errors. RAM Cache is a BIG-IP feature used to accelerate HTTP traffic and can be enabled in a Web Acceleration profile. CVE-2020-5861 Impact The...

K16965: bzip2 vulnerabilities CVE-2005-0953 and CVE-2005-1260

Security Advisory Description CVE-2005-0953 Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete...

K16945: Mailx vulnerabilities CVE-2004-2771 and CVE-2014-7844

Security Advisory Description CVE-2014-7844 The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell meta characters in an email address. CVE-2004-2771 A flaw was found in the way mailx handled...

K15423: GNU Libtasn1 vulnerabilities CVE-2014-3467 and CVE-2014-3468

Security Advisory Description GNU Libtasn1 has been cited with the following vulnerabilities, which may be exploitable on some F5 products: CVE-2014-3467 Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnutTLS, allow remote attackers to cause a denia...

K01276005: OpenSSL vulnerability CVE-2016-2182

Security Advisory Description The BNbn2dec function in crypto/bn/bnprint.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service out-of-bounds write and application crash or possibly have unspecified other impact via unknow...

K11274054: GNU C Library vulnerability CVE-2018-6551

Security Advisory Description The malloc implementation in the GNU C Library aka glibc or libc6, from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZEMAX and could return a pointer to a heap region that is smaller...

K12357206: Linux kernel rpmsg vulnerability CVE-2019-19053

Security Advisory Description A memory leak in the rpmsgeptdevwriteiter function in drivers/rpmsg/rpmsgchar.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memory consumption by triggering copyfromiterfull failures, aka CID-bbe692e349e2. CVE-2019-19053 Impact...

K05617914: Linux kernel vulnerability CVE-2020-10757

Security Advisory Description A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system. CVE-2020-10757 Impact There is no impact; F5...

K84141449: MySQL vulnerabilities CVE-2019-2830, CVE-2019-2834, and CVE-2019-3822

Security Advisory Description CVE-2019-2830 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

K82570157: NTP vulnerability CVE-2018-7170

Security Advisory Description ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This...

K78530002: Java vulnerability CVE-2013-5803

Security Advisory Description Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via...

K57110035: BIG-IP APM Edge Client for Windows logging vulnerability CVE-2022-27636

Security Advisory Description BIG-IP Edge Client may log sensitive APM session-related information when VPN is launched on a Windows system. CVE-2022-27636 Impact An attacker with privileges on the Windows system can view the logged sensitive APM session-related information. Security Advisory...

K52494142: GNU C Library (glibc) vulnerability CVE-2016-10228

Security Advisory Description The iconv program in the GNU C Library aka glibc or libc6 2.31 and earlier, when invoked with multiple suffixes in the destination encoding TRANSLATE or IGNORE along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leadi...

K55129614: tcpdump vulnerabilities CVE-2016-7975, CVE-2016-7986, and CVE-2017-5341

Security Advisory Description CVE-2016-7975 The TCP parser in tcpdump before 4.9.0 has a buffer overflow in print-tcp.c:tcpprint. CVE-2016-7986 The GeoNetworking parser in tcpdump before 4.9.0 has a buffer overflow in print-geonet.c, multiple functions. CVE-2017-5341 The OTV parser in tcpdump...

K52035247: BIG-IP DNS virtual server vulnerability CVE-2020-27721

Security Advisory Description In a BIG-IP DNS / BIG-IP LTM GSLB deployment, under certain circumstances, the BIG-IP DNS system may stop using a BIG-IP LTM virtual server for DNS response. CVE-2020-27721 This can occur under the following conditions: You configure connection rate limiting by eithe...

K49405623: Linux vulnerability CVE-2002-2438

Security Advisory Description TCP firewalls could be circumvented by sending a SYN Packets with other flags like e.g. RST flag set, which was not correctly discarded by the Linux TCP stack after firewalling. CVE-2002-2438 Impact There is no impact; F5 products are not affected by this...

K49116387: BIND vulnerabilities CVE-2017-3140 and CVE-2017-3141

Security Advisory Description CVE-2017-3140 If named is configured to use Response Policy Zones RPZ an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0-9.11.1, 9.9.10-S1, 9.10.5-S1. An error...

K25414045: Intel server board vulnerability CVE-2018-3682

Security Advisory Description BMC Firmware in Intel server boards, compute modules, and systems potentially allow an attacker with administrative privileges to make unauthorized read\writes to the SMBUS. CVE-2018-3682 Impact There is no impact; F5 products are not affected by this vulnerability...

K32037442: Intel In-Band Manageability software vulnerabilities CVE-2021-0193, CVE-2021-0194, and CVE-2021-33108

Security Advisory Description CVE-2021-0193 Improper authentication in the IntelR In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via network access. CVE-2021-0194 Improper access control in the IntelR In-Band...

K23440942: Insufficient validation of ICMP error messages CVE-2004-0790 (11.x - 13.x)

Security Advisory Description The vulnerability described in this article was initially fixed in earlier versions, but a regression was reintroduced in BIG-IP 12.x through 13.x. For information about earlier versions, refer to K4583: Insufficient validation of ICMP error messages - VU222750 /...

K22505850: BIG-IP and BIG-IQ iControl REST vulnerability CVE-2022-41770

Security Advisory Description An authenticated iControl REST user can cause an increase in memory resource utilization, through undisclosed requests. CVE-2022-41770 Impact BIG-IP and BIG-IQ System performance degradation can occur until the process is either forced to restart or manually restarte...

K22691834: Linux kernel vulnerability CVE-2018-16597

Security Advisory Description An issue was discovered in the Linux kernel through 4.18.6. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem. CVE-2018-16597 Impact There is no impact; F5 products are not affected...

K21350967: OpenSSH vulnerability CVE-2019-6111

Security Advisory Description An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned only directory...

K08306700: DHCP client vulnerability CVE-2018-5732

Security Advisory Description An out-of-bound memory access flaw was found in the way dhclient processed a DHCP response packet. A malicious DHCP server could potentially use this flaw to crash dhclient processes running on DHCP client machines via a crafted DHCP response packet. CVE-2018-5732...

K06145135: Remote DNS security filter vulnerabilities CVE-2003-1491 and CVE-2004-1473

Security Advisory Description CVE-2003-1491 Kerio Personal Firewall KPF 2.1.4 has a default rule to accept incoming packets from DNS UDP port 53, which allows remote attackers to bypass the firewall filters via packets with a source port of 53. CVE-2004-1473 Symantec Enterprise Firewall/VPN...

K05510205: Linux kernel vulnerability CVE-2018-14678

Security Advisory Description An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xenfailsafecallback entry point in arch/x86/entry/entry64.S does not properly maintain RBX, which allows local users to cause a denial of service uninitialized memory usag...

K73657294: BIG-IP APM VDI plugin vulnerability CVE-2020-27722

Security Advisory Description Under certain conditions, the VDI plugin does not observe plugin flow-control protocol causing excessive resource consumption. CVE-2020-27722 Impact This affects only a BIG-IP APM virtual server configured with a Virtual Desktop Infrastructure VDI profile. Your BIG-I...

K80557033: Linux kernel vulnerability CVE-2018-16882

Security Advisory Description A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested=1 virtualization is enabled. In nestedgetvmcs12pages, in case of an error while processing posted interrupt address, it unmaps the 'pidescpage' witho...

K82907233: PHP vulnerability CVE-2017-5340

Security Advisory Description Zend/zendhash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service integer overflow, uninitialized memory access, and use of...

K54724312: Linux kernel vulnerability CVE-2022-0492

Security Advisory Description A vulnerability was found in the Linux kernel’s cgroupreleaseagentwrite in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 releaseagent feature to escalate privileges and bypass the namespace isolation...

K50343630: iAppsLX REST vulnerability CVE-2020-27727

Security Advisory Description When an authenticated administrative user installs RPMs using the iAppsLX REST installer, the BIG-IP system does not sufficiently validate user input, allowing the user read access to the filesystem. CVE-2020-27727 Impact An attacker can exploit this vulnerability as...

K50394032: Java SE vulnerabilities CVE-2018-3149, CVE-2018-3169, and CVE-2018-3209

Security Advisory Description CVE-2018-3149 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JNDI. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit...

K32541890: DHCP Client Script Code Execution vulnerability CVE-2018-1111

Security Advisory Description DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP...

K40812100: OpenSSL vulnerability CVE-2021-3711

Security Advisory Description In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is...

K16940442: Java SE vulnerability CVE-2018-3136

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacke...

K20219314: OpenSSL vulnerability CVE-2015-1794

Security Advisory Description The ssl3getkeyexchange function in ssl/s3clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service segmentation fault via a zero p value in an anonymous Diffie-Hellman DH ServerKeyExchange message. CVE-2015-1794 Impact There is no impac...

K15351: OpenSSL DTLS ChangeCipherSpec vulnerability CVE-2009-1386

Security Advisory Description ssl/s3pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a DTLS ChangeCipherSpec packet that occurs before ClientHello. CVE-2009-1386 Impact None Security Advisory Status To determine if...

K15359: OpenSSL vulnerability CVE-2009-1378

Security Advisory Description Multiple memory leaks in the dtls1processoutofseqmessage function in ssl/d1both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service memory consumption via DTLS records that 1 are duplicates or 2 have sequence numbers muc...

K15329: SSL_MODE_RELEASE_BUFFERS vulnerability CVE-2014-0198

Security Advisory Description The dossl3write function in s3pkt.c in OpenSSL 1.x through 1.0.1g, when SSLMODERELEASEBUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service NULL pointer dereference and...

K15277: ICMP vulnerability CVE-1999-0524

Security Advisory Description ICMP information such as 1 netmask and 2 timestamp is allowed from arbitrary hosts. CVE-1999-0524 Impact This vulnerability allows unauthorized disclosure of information. Security Advisory Status To determine if your release is known to be vulnerable, the components ...

K15311661: NodeJS vulnerability CVE-2016-2086

Security Advisory Description Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. CVE-2016-2086 Impact An attacker may be able to perform HTTP reques...