6413 matches found
K15882: TLS1.x padding vulnerability CVE-2014-8730
Security Advisory Description Incorrect TLS padding may be accepted when terminating TLS 1.x CBC cipher connections. CVE-2014-8730 Impact Attackers may be able to calculate the plaintext of secure connections. Security Advisory Status F5 Product Development has assigned IDs 451218, 450804, and...
K15883: Net-SNMP vulnerability CVE-2012-2141
Security Advisory Description Array index error in the handlensExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service out-of-bounds read and snmpd crash via an SNMP GET request for an entry not in the extension...
K15863: Libtiff vulnerabilities CVE-2012-1173 and CVE-2012-2088
Security Advisory Description CVE-2012-1173 Multiple integer overflows in tiffgetimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the 1 gtTileSeparate or 2 gtStripSeparate function, leading to a...
K13108: TCP Packet Filtering Weakness - CERT VU#464113
Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribing to email notifications regarding F5 products. Note : Versions that are not listed in this article have not been evaluated for vulnerability to this securit...
K13053402: TMM vulnerability CVE-2016-7468
Security Advisory Description An unauthenticated remote attacker may be able to disrupt services on F5 BIG-IP 11.4.1 - 11.5.4 devices with maliciously crafted network traffic. This vulnerability affects virtual servers associated with TCP profiles when the BIG-IP system's tm.tcpprogressive db...
K42842401: MySQL vulnerabilities CVE-2018-3145, CVE-2018-3155, CVE-2018-3156, CVE-2018-3161, and CVE-2018-3162
Security Advisory Description CVE-2018-3145 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Parser. Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protoco...
K4232: BIND version 8.4.4 and 8.4.5 vulnerability CAN-2005-0033
Security Advisory Description Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5...
K4207: Buffer overflow in mod_include - CAN-2004-0940
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K41900062: Linux kernel vulnerability CVE-2017-15127
Security Advisory Description A flaw was found in the hugetlbmcopyatomicpte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VMSHARED hugetlbfs mapping could trigger a local denial of service BUG. CVE-2017-15127 Impact There is no impact; F5 product...
K32734107: BIG-IP APM vulnerability CVE-2021-23052
Security Advisory Description An open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthenticated malicious user to build an open redirect URI. CVE-2021-23052 Impact An unauthenticated attacker can create an open redirect...
K30446705: GnuTLS vulnerability CVE-2020-13777
Security Advisory Description GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3. The earliest affected version is 3.6.4 2018-09-24 because of an error in a 2018-09-18 commit. Until t...
K16430721: IP forwarding vulnerability CVE-1999-0511
Security Advisory Description IP forwarding is enabled on a machine which is not a router or firewall. CVE-1999-0511 Impact F5 products are not affected by this vulnerability in default configurations. However, Nessus or similar scanning tools may send alerts for BIG-IP systems in the following...
K17133899: Multiple Treck TCP/IP stack vulnerabilities
Security Advisory Description CVE-2020-11896 The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling. CVE-2020-11897 The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets. CVE-2020-11898 The Treck TCP/IP stack...
K15725: Multiple 5.5.x and 5.6.x MySQL vulnerabilities
Security Advisory Description CVE-2014-6507 Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML. CVE-2014-6491 Unspecified...
K15699: Linux kernel vulnerability CVE-2014-0131
Security Advisory Description Use-after-free vulnerability in the skbsegment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. CVE-2014-0131 Impact...
K15680: Linux kernel vulnerabilities CVE-2014-3917, CVE-2014-0205 and CVE-2014-4667
Security Advisory Description Description CVE-2014-3917 kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIGAUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service OOPS via...
K15783: Kerberos vulnerability CVE-2013-1417
Security Advisory Description dotgsreq.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service daemon crash via a TGS-REQ request that triggers an attempted...
K15745: Multiple Oracle Java vulnerabilities
Security Advisory Description CVE-2014-6513 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. CVE-2014-6532 Unspecified vulnerability in Oracle Jav...
K15156: OpenSSH vulnerability CVE-2009-2904
Security Advisory Description A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux RHEL 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files withi...
K11009429: MySQL vulnerabilities CVE-2018-3170, CVE-2018-3171, CVE-2018-3173, CVE-2018-3174, and CVE-2018-3182
Security Advisory Description CVE-2018-3170 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DDL. Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols...
K03073656: X.Org X server vulnerability CVE-2018-14665
Security Advisory Description A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and...
K03151140: ImageMagick vulnerability CVE-2016-3714
Security Advisory Description The 1 EPHEMERAL, 2 HTTPS, 3 MVG, 4 MSL, 5 TEXT, 6 SHOW, 7 WIN, and 8 PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." CVE-2016-3714 Impac...
K12331123: NGINX Plus and Open Source vulnerability CVE-2021-23017
Security Advisory Description An issue in NGINX resolver may allow an attacker who is able to forge UDP packets from the specified DNS server to cause a 1-byte memory overwrite, resulting in a worker process crash or other unspecified impact. CVE-2021-23017 Impact A remote attacker can cause a...
K12234501: BIG-IP virtual server vulnerability CVE-2020-5883
Security Advisory Description When a virtual server is configured with HTTP explicit proxy and has an attached HTTPPROXYREQUEST iRule, POST requests sent to the virtual server cause an xdata memory leak. CVE-2020-5883 Impact The BIG-IP system may become vulnerable to conditions that result when i...
K08250500: Nginx vulnerability CVE-2016-4450
Security Advisory Description os/unix/ngxfiles.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service NULL pointer dereference and worker process crash via a crafted request, involving writing a client request body to a temporary file. CVE-2016-4450...
K99123750: BIG-IP Stream profile vulnerability CVE-2022-28701
Security Advisory Description When the stream profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.CVE-2022-28701 Impact System performance can degrade until the Traffic Management Microkernel TMM process is either forced to restart ...
K95463126: OpenSSL vulnerabilities CVE-2016-0703 and CVE-2016-0704
Security Advisory Description CVE-2016-0703 The getclientmasterkey function in s2srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, whic...
K93683207: Apache vulnerability CVE-2018-1333
Security Advisory Description By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 Affected 2.4.18-2.4.30,2.4.33. CVE-2018-1333 Impact There is no impact; F5...
K65043534: Multiple INTEL BIOS vulnerabilities
Security Advisory Description CVE-2017-5705 Multiple buffer overflows in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code. CVE-2017-5706 Multiple buffer overflows in kernel in Intel Server Platfo...
K58149033: Critical vulnerability in Apple iOS WebKit browser components can impact users of the BIG-IP APM F5 Access client
Security Advisory Description F5 Access is the SSL Virtual Private Network VPN client for BIG-IP APM systems. It is available for both desktop and mobile platforms in their respective app stores. For Android and Apple devices, F5 Access utilizes the operating system’s web browser WebKit to allow...
K49549213: Advanced WAF and BIG-IP ASM brute force mitigation may fail when receiving a specially crafted request
Security Advisory Description F5 Advanced Web Application Firewall WAF and BIG-IP ASM brute force mitigation may fail. This issue occurs when all of the following conditions are met: A security policy is configured with a login page using basic authentication as its authentication type. The...
K42534513: Multiple PeopleSoft Enterprise PeopleTools vulnerabilities
Security Advisory Description CVE-2018-3129 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: Portal. Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with...
K37130415: BIG-IQ Grafana vulnerability CVE-2020-5868
Security Advisory Description A remote access vulnerability has been discovered that may allow a remote user to run shell commands on affected systems using HTTP requests to the BIG-IQ user interface. CVE-2020-5868 Impact A remote attacker may be able to leverage the Grafana component to run loca...
K37046163: Kernel vulnerability CVE-2016-6480
Security Advisory Description Race condition in the ioctlsendfib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service out-of-bounds access or system crash by changing a certain size value, aka a "double fetch" vulnerability...
K15261: Apache Struts vulnerability CVE-2014-0112
Security Advisory Description ParametersInterceptor in Apache Struts before 2.3.16.2 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. CVE-2014-0112 Impact None. F5 products do...
K15274: TCP reassembly vulnerability CVE-2014-3000
Security Advisory Description The TCP reassembly function in the inet module in FreeBSD 8.3 before p16, 8.4 before p9, 9.1 before p12, 9.2 before p5, and 10.0 before p2 allows remote attackers to cause a denial of service undefined memory access and system crash or possibly read system memory via...
K15262: Apache Struts vulnerability CVE-2014-0113
Security Advisory Description CookieInterceptor in Apache Struts before 2.3.16.2, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request...
K14712: The BIG-IP APM access policy logout page may be vulnerable to XSS cookie tampering CVE-2013-5976
Security Advisory Description Description The BIG-IP APM access policy logout page may be vulnerable to cross-site scripting XSS. Impact XSS protection in the BIG-IP APM access policy logout page may be insufficient. Security Advisory Status F5 Product Development tracked this vulnerability as ID...
K11830089: BIG-IP Advanced WAF and ASM iControl REST vulnerability CVE-2022-41617
Security Advisory Description When the F5 BIG-IP Advanced WAF or BIG-IP ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface. CVE-2022-41617 Impact On systems deployed in Standard or Appliance mode, this vulnerability may all...
K10366: BIND vulnerability - CVE-2009-0696
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...
K95434410: TMM vulnerability CVE-2019-6629
Security Advisory Description Undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. The Client SSL profile must have session tickets enabled and use DHE cipher suites to be affected. This only impacts the data plane, there is no impact...
K4256: RADIUS integer overflow vulnerability CAN-2005-0108
Security Advisory Description Apache modauthradius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service crash via a RADIUSREPLYMESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument. Note: Versions that a...
K44611310: MySQL vulnerability CVE-2015-0411
Security Advisory Description Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption. CVE-2015-0411 Impact Through...
K54562183: BIG-IP PEM vulnerability CVE-2018-5503
Security Advisory Description TMM may restart when processing a specifically crafted page through a virtual server with an associated PEM policy that has content insertion as an action. CVE-2018-5503 Impact An attacker may be able to cause a remote denial of service DoS. Security Advisory Status ...
K16480: Multiple unzip vulnerabilities CVE-2014-8139, CVE-2014-8140, and CVE-2014-8141
Security Advisory Description CVE-2014-8139 A buffer overflow flaw was found in the way unzip computed the CRC32 checksum of certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option. CVE-2014-8140 An integer...
K17597093: 389-ds-base vulnerability CVE-2017-15135
Security Advisory Description It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the...
K15189: Apache Commons FileUpload vulnerability CVE-2014-0050
Security Advisory Description MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted Content-Type header that bypasses a loop's...
K15155: OpenSSH vulnerability CVE-2007-3102
Security Advisory Description Unspecified vulnerability in the linuxauditrecordevent function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. CVE-2007-3102 Impact None. F5 products...
K15154: NTP vulnerability CVE-2013-5211
Security Advisory Description The monlist feature in ntprequest.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service traffic amplification via forged 1 REQMONGETLIST or 2 REQMONGETLIST1 requests, as exploited in the wild in December 2013. CVE-2013-5211 Impact A...
K15147: OpenSSL vulnerability CVE-2013-6449
Security Advisory Description The sslgetalgorithm2 function in ssl/s3lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service daemon crash via crafted traffic from a TLS 1.2 client. CVE-2013-6449...