6413 matches found
K42454663: PHP vulnerability CVE-2015-8874
Security Advisory Description Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.CVE-2015-8874 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status ...
K40625021: BIG-IP APM portal access vulnerability CVE-2018-15310
Security Advisory Description A vulnerability in BIG-IP APM portal access discloses the BIG-IP software version in rewritten pages. CVE-2018-15310 Impact The BIG-IP version may be exposed to users with valid BIG-IP APM portal access sessions. Security Advisory Status F5 Product Development has...
K35815741: Intel CSME and TXE vulnerability CVE-2019-0086
Security Advisory Description Insufficient access control vulnerability in Dynamic Application Loader software for IntelR CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and IntelR TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local...
K25206238: Apache Commons FileUpload vulnerability CVE-2016-1000031
Security Advisory Description Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution CVE-2016-1000031 Impact Remote attackers can run arbitrary code on the vulnerable device. Security Advisory Status F5 Product Development has assigned CPF-24841, CPF-24842, an...
K21561554: Linux kernel vulnerability security/apparmor CVE-2019-18814
Security Advisory Description An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aalabelparse fails in aaauditruleinitin security/apparmor/audit.c. CVE-2019-18814 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisor...
K30105730: Intel SPS vulnerability CVE-2019-0099
Security Advisory Description Insufficient access control vulnerability in subsystem in IntelR SPS before version SPSE305.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. CVE-2019-0099 Impact Traffix SDC An attacker with physical...
K17127: PHP vulnerability CVE-2014-9709
Security Advisory Description The GetCode function in gdgifin.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted GIF image that is improperly handled by the...
K17126: Apache Struts vulnerability CVE-2014-7809
Security Advisory Description Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism. CVE-2014-7809 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5...
K18570111: BIG-IP ASM and Advanced WAF WebSocket vulnerability CVE-2021-23010
Security Advisory Description When the BIG-IP ASM/Advanced WAF system processes WebSocket requests with JSON payloads using the default JSON content profile in the ASM security policy, the BIG-IP ASM bd process may produce a core file. CVE-2021-23010 Impact When this vulnerability is exploited, t...
K18252740: libarchive vulnerability CVE-2017-14503
Security Advisory Description libarchive 3.3.2 suffers from an out-of-bounds read within lhareaddatanone in archivereadsupportformatlha.c when extracting a specially crafted lha archive, related to lhacrc16. CVE-2017-14503 Impact There is no impact; F5 products are not affected by this...
K17119: MySQL vulnerability CVE-2015-2576
Security Advisory Description Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to Installation. CVE-2015-2576 Impact There is no impact; F5 products are not...
K17124: Linux kernel vulnerability CVE-2015-1465
Security Advisory Description The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update RCU grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service memory consumption o...
K17125: Multiple Java vulnerabilities
Security Advisory Description CVE-2015-0458 Unspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. CVE-2015-0459 Unspecified vulnerability in Oracle Java SE 5.0u8...
K16729408: D-Bus vulnerability CVE-2020-12049
Security Advisory Description An issue was discovered in dbus = 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system...
K16707: cURL and libcurl vulnerability CVE-2015-3148
Security Advisory Description cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. CVE-2015-3148 Impact Remote attackers may be able to re-use Negotiate connections as other user...
K16708: cURL and libcurl vulnerabilities CVE-2015-3144 and CVE-2015-3145
Security Advisory Description CVE-2015-3144 The fixhostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service out-of-bounds read or write and crash or possibly have other unspecified impact via a...
K14335949: Intel processors vulnerability CVE-2022-24436
Security Advisory Description Observable behavioral in power management throttling for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via network access. CVE-2022-24436 also known as hertzbleed Impact Successful exploitation of this vulnerabili...
K14631834: NGINX Controller vulnerability CVE-2020-5863
Security Advisory Description In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other...
K13434228: Apache Struts vulnerability CVE-2012-0392
Security Advisory Description The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method...
K11420556: Apache Tomcat vulnerability CVE-2018-8014
Security Advisory Description The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have...
K10771536: MySQL vulnerabilities CVE-2017-3309, CVE-2017-3453, and CVE-2019-2974
Security Advisory Description CVE-2017-3309 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged...
K00409335: procps-ng vulnerability CVE-2018-1122
Security Advisory Description procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the configfil...
K00322972: Apache Log4j Chainsaw vulnerability CVE-2022-23307
Security Advisory Description CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. CVE-2022-23307 Impact An attacker may be able to use this vulnerability to generat...
K05052081: NodeJS vulnerability CVE-2015-8854
Security Advisory Description The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service CPU consumption via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," aka a "regular expression denial of service ReDoS." CVE-2015-885...
K05112543: HTTPS monitor vulnerability CVE-2018-5542
Security Advisory Description F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.6, or 11.2.1-11.6.3.2 HTTPS health monitors do not validate the identity of the monitored server. CVE-2018-5542 Impact This vulnerability may allow unauthorized disclosure and modification of monitor traffic by an attacker with ...
K98221124: Multiple dnsmasq vulnerabilities CVE-2020-25684, CVE-2020-25685, and CVE-2020-25686
Security Advisory Description CVE-2020-25684 A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:replyquery if the reply destination address/port is used by the pending forwarded queries. However, it does not use the...
K93144355: Vim/Neovim vulnerability CVE-2019-12735
Security Advisory Description getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assertfails or nviminput in Neovim. CVE-2019-12735 Impact This vulnerabili...
K91610944: Intel Ethernet controller vulnerabilities CVE-2020-24492, CVE-2020-24493, CVE-2020-24494, CVE-2020-24495, CVE-2020-24496
Security Advisory Description CVE-2020-24492 Insufficient access control in the firmware for the IntelR 722 Ethernet Controllers before version 1.5 may allow a privileged user to potentially enable a denial of service via local access. CVE-2020-24493 Insufficient access control in the firmware fo...
K92153852: Apache httpd vulnerability CVE-2022-30522
Security Advisory Description If Apache HTTP Server 2.4.53 is configured to do transformations with modsed in contexts where the input to modsed may be very large, modsed may make excessively large memory allocations and trigger an abort. CVE-2022-30522 Impact There is no impact; F5 products are...
K68713584: bzip2 vulnerability CVE-2019-12900
Security Advisory Description BZ2decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. CVE-2019-12900 Impact BIG-IP AAM If an iSession tunnel is configured with an iSession profile that has bzip2 compression enabled, an attacker using speciall...
K58581302: Archive_Tar vulnerabilities CVE-2020-28948 and CVE-2020-28949
Security Advisory Description CVE-2020-28948 ArchiveTar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. CVE-2020-28949 ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack...
K58928452: Kernel vulnerability CVE-2017-1000410
Security Advisory Description The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker i...
K55237223: BIG-IP Advanced WAF and ASM XSS vulnerability CVE-2021-22993
Security Advisory Description DOM-based XSS on DoS Profile properties page. CVE-2021-22993 Impact An attacker can inject a malicious script into the BIG-IP Advanced WAF and ASM Configuration utility and trick users into executing malicious code. Security Advisory Status F5 Product Development has...
K57492753: MySQL Optimizer vulnerability CVE-2016-0651
Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.CVE-2016-0651 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...
K51543541: QEMU vulnerability CVE-2018-7858
Security Advisory Description Quick Emulator aka QEMU, when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service out-of-bounds access and QEMU process crash by leveraging incorrect region calculation when updating VGA display...
K43450419: TMM vulnerability CVE-2020-5871
Security Advisory Description Undisclosed requests can lead to a denial of service DoS when sent to BIG-IP HTTP/2 virtual servers. The problem can occur when ciphers, which have been blacklisted by the HTTP/2 RFC, are used on backend servers. This is a data-plane issue. There is no control-plane...
K35104614: Java SE vulnerability CVE-2017-10116
Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows...
K38108582: Apache Tomcat vulnerability CVE-2018-11759
Security Advisory Description The Apache Web Server httpd specific code that normalized the requested path before matching it to the URI-worker map in Apache Tomcat JK modjk Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were...
K32412503: Trusted Platform Module vulnerabilities CVE-2019-11090 and CVE-2019-16863
Security Advisory Description CVE-2019-11090 Cryptographic timing conditions in the subsystem for IntelR PTT before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; IntelR TXE 3.1.70 and 4.0.20; IntelR SPS before versions SPSE504.01.04.305.0, SPSSoC-X04.00.04.108.0,...
K24401914: DNS vulnerability CVE-2019-6612
Security Advisory Description On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, DNS query TCP connections that are aborted before receiving a response from a DNS cache may cause TMM to restart. CVE-2019-6612 Impact A BIG-IP virtual server associated wi...
K23173103: log4j vulnerability CVE-2017-5645
Security Advisory Description In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. CVE-2017-5645 Impact...
K22141757: Artifex Ghostscript vulnerabilities CVE-2018-18284, CVE-2018-15910, CVE-2018-15911, and CVE-2018-16513
Security Advisory Description CVE-2018-18284 Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. CVE-2018-15910 In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a...
K21665601: OpenSSL vulnerability CVE-2018-0732
Security Advisory Description During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until...
K54811521: Linux kernel vulnerabilities CVE-2019-14815, CVE-2019-14895, CVE-2019-14901, CVE-2019-19055
Security Advisory Description CVE-2019-14815 A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiexsetwmmparams function of Marvell Wifi Driver. CVE-2019-14895 A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18....
K55655944: BIG-IP Engineering Hotfix authentication bypass vulnerability CVE-2019-6675
Security Advisory Description BIG-IP configurations using Active Directory, LDAP, or Client Certificate LDAP for management authentication with multiple servers are exposed to a vulnerability which allows an authentication bypass. This can result in a complete compromise of the system. This issue...
K56851402: Linux kernel vulnerability CVE-2019-17666
Security Advisory Description rtlp2pnoaie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow. CVE-2019-17666 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...
K50133242: Apache Solr vulnerability CVE-2019-17558
Security Advisory Description Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could...
K21121402: PHP vulnerability CVE-2020-7062
Security Advisory Description In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.uploadprogress.cleanup is set to 0 disabled, and the file upload fails, the upload procedure would...
K47234311: Intel SPS vulnerability CVE-2019-0089
Security Advisory Description Improper data sanitization vulnerability in subsystem in IntelR SPS before versions SPSE504.00.04.381.0, SPSE304.01.04.054.0, SPSSoC-A04.00.04.181.0, and SPSSoC-X04.00.04.086.0 may allow a privileged user to potentially enable escalation of privilege via local access...
K20038622: Multiple Apache Tomcat vulnerabilities
Security Advisory Description CVE-2013-1976 The 1 tomcat5, 2 tomcat6, and 3 tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a...