K34527393: LibTIFF vulnerabilities CVE-2016-9533, CVE-2016-9534, and CVE-2016-9535

Security Advisory Description CVE-2016-9533 tifpixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka "PixarLog horizontalDifference heap-buffer-overflow." CVE-2016-9534 tifwrite.c in libtiff 4.0.6 has an issue in the error code...

K35155453: Multiple LibTIFF vulnerabilities

Security Advisory Description CVE-2015-8683 The putcontig8bitCIELab function in tifgetimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service out-of-bounds read via a packed TIFF image. CVE-2015-8665 tifgetimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of...

K30046854: Linux kernel vulnerability CVE-2019-19332

Security Advisory Description An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVMGETEMULATEDCPUID' ioctl2 request to get CPUID features emulated by the KVM hypervisor. A user or process able to...

K29421535: Intel processor vulnerability CVE-2021-33117

Security Advisory Description Improper access control for some 3rd Generation IntelR XeonR Scalable Processors before BIOS version MR7, may allow a local attacker to potentially enable information disclosure via local access. CVE-2021-33117 Impact This vulnerability may potentially allow a local...

K23391972: cURL and libcurl vulnerability CVE-2016-8622

Security Advisory Description The URL percent-encoding decode function in libcurl before 7.51.0 is called curleasyunescape. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable...

K28410870: LibTIFF vulnerability CVE-2015-8668

Security Advisory Description Heap-based buffer overflow in the PackBitsPreEncode function in tifpackbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image. CVE-2015-8668 Impact There is...

K21458044: Linux kernel vulnerability CVE-2020-10942

Security Advisory Description In the Linux kernel before 5.5.8, getrawsocket in drivers/vhost/net.c lacks validation of an skfamily field, which might allow attackers to trigger kernel stack corruption via crafted system calls. CVE-2020-10942 Impact There is no impact; F5 products are not affecte...

K14234227: Apache DB DdlUtils vulnerability CVE-2021-41616

Security Advisory Description Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using the ddlutils features. The BinaryObjectsHelper class was insecure an...

K15122200: Linux kernel vulnerability CVE-2019-3460

Security Advisory Description A heap data infoleak in multiple locations including L2CAPPARSECONFRSP was found in the Linux kernel before 5.1-rc1. CVE-2019-3460 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has...

K11312491: Intel AMT SDK, Intel SCS, or Intel MEBx vulnerability CVE-2021-33107

Security Advisory Description Insufficiently protected credentials in USB provisioning for IntelR AMT SDK before version 16.0.3, IntelR SCS before version 12.2 and IntelR MEBx before versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004 may allow an unauthenticated user to potentially...

K14086714: BIND vulnerability CVE-2022-1183

Security Advisory Description On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS...

K10251014: BIG-IP VE TMM vulnerability CVE-2020-5887

Security Advisory Description BIG-IP Virtual Edition VE may expose a mechanism for remote attackers to access local daemons and bypass port lockdown settings. CVE-2020-5887 Impact The vulnerability can occur on BIG-IP VE systems with the following configuration: An IPv6 forwarding virtual server ...

K07010600: BIND vulnerability CVE-2022-3080

Security Advisory Description By sending specific queries to the resolver, an attacker can cause named to crash. CVE-2022-3080 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently supported...

K00947806: Linux kernel vulnerability CVE-2019-3846

Security Advisory Description A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. CVE-2019-3846 Impact There is no impact; F5 products are not affected by this vulnerability...

K98750200: Server component of Oracle MySQL vulnerabilities CVE-2017-3243, CVE-2017-3244, CVE-2017-3257, CVE-2017-3265, and CVE-2017-3273

Security Advisory Description CVE-2017-3243 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Charsets. Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple...

K02254805: InfiniBand vulnerability in the Linux kernel CVE-2016-4565

Security Advisory Description The InfiniBand aka IB stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service kernel memory write operation or possibly have unspecified other impact via a uAPI interface. CVE-2016-4565...

K01934914: Ruby-MySQL vulnerability CVE-2021-3779

Security Advisory Description A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later. CVE-2021-3779 Impact There is no impact; F5 products are...

K01993501: Linux kernel vulnerability CVE-2016-10906

Security Advisory Description An issue was discovered in drivers/net/ethernet/arc/emacmain.c in the Linux kernel before 4.5. A use-after-free is caused by a race condition between the functions arcemactx and arcemactxclean. CVE-2016-10906 Impact There is no impact; F5 products are not affected by...

K00040234: BIND vulnerability CVE-2018-5744

Security Advisory Description A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 - 9.10.8-P1, 9.11.3 - 9.11.5-P1, 9.12.0 - 9.12.3-P1, and versions 9.10.7-S1 - 9.11.5-S3 of BIND 9 Supported Preview Edition...

K93951507: Multiple Samba vulnerabilities

Security Advisory Description CVE-2020-1472 An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol MS-NRPC, aka 'Netlogon Elevation of Privilege Vulnerability'...

K92071148: Server component of Oracle MySQL vulnerabilities CVE-2016-8318, CVE-2017-3291, CVE-2017-3312, CVE-2017-3313, and CVE-2017-3320

Security Advisory Description CVE-2016-8318 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Encryption. Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker...

K90492697: OpenSSL vulnerability CVE-2016-6306

Security Advisory Description The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service out-of-bounds read via crafted certificate operations, related to s3clnt.c and s3srvr.c. CVE-2016-6306 Impact This vulnerability may allo...

K89434121: Linux kernel vulnerability CVE-2017-12193

Security Advisory Description The assocarrayinsertintoterminalnode function in lib/assocarray.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service NULL pointer dereference and panic via a crafted application, as demonstrated by the...

K75540265: BIG-IP APM ACL bypass vulnerability CVE-2021-23016

Security Advisory Description An attacker may be able to bypass APM's internal restrictions and retrieve static content that is hosted within APM by sending specifically crafted requests to an APM Virtual Server. CVE-2021-23016 Impact This vulnerability may allow an attacker to retrieve static...

K70569537: BIG-IP DNS Express vulnerability CVE-2022-41787

Security Advisory Description When the DNS profile is configured on a virtual server with DNS Express enabled, undisclosed DNS queries with Domain Name System Security Extensions DNSSEC can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-41787 Impact Traffic is disrupted while...

K63545041: Server component of Oracle MySQL vulnerabilities CVE-2017-3317, CVE-2017-3318, and CVE-2017-3319

Security Advisory Description CVE-2017-3317 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Logging. Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker...

K64921482: Apache Tomcat vulnerability CVE-2018-11784

Security Advisory Description When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory e.g. redirecting to '/foo/' when the user requested '/foo' a specially crafted URL could be used to cause the redirect to be...

K63771715: Linux kernel vulnerability CVE-2017-7261

Security Advisory Description The vmwsurfacedefineioctl function in drivers/gpu/drm/vmwgfx/vmwgfxsurface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service ZEROSIZEPTR dereference, and GPF and possibly...

K60511369: Intel Data Center SSDs vulnerability CVE-2020-0527

Security Advisory Description Insufficient control flow management in firmware for some IntelR Data Center SSDs may allow a privileged user to potentially enable information disclosure via local access. CVE-2020-0527 Impact There is no impact; F5 products are not affected by this vulnerability...

K53420251: Linux kernel vulnerability CVE-2019-15666

Security Advisory Description An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in xfrmpolicyunlink, which will cause denial of service, because verifynewpolicyinfo in net/xfrm/xfrmuser.c mishandles directory validation. CVE-2019-15666 Impact This...

K46421255: Docker privilege elevation vulnerability CVE-2019-5736

Security Advisory Description runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary and consequently obtain host root access by leveraging the ability to execute a command as root within one of these types of containers: 1 a...

K46123931: cURL and libcurl vulnerability CVE-2016-8619

Security Advisory Description The function readdata in security.c in curl before version 7.51.0 is vulnerable to memory double free. CVE-2016-8619 Impact An attacker may use this vulnerability to exploit the usage of the cURL command with Kerberos authentication on custom BIG-IP monitors and/or t...

K45026834: Apache Tomcat vulnerability CVE-2020-13935

Security Advisory Description The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload...

K34205867: Server component of Oracle MySQL vulnerabilities CVE-2016-8327, CVE-2017-3238, CVE-2017-3251, CVE-2017-3256, and CVE-2017-3258

Security Advisory Description CVE-2016-8327 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Replication. Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with...

K31209433: Linux kernel vulnerabilities CVE-2017-6345, CVE-2017-6347, and CVE-2017-6348

Security Advisory Description CVE-2017-6345 The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which allows local users to cause a denial of service BUGON or possibly have unspecified other impact via crafted system...

K23435400: Intel CPU vulnerability CVE-2022-0004

Security Advisory Description Hardware debug modes and processor INIT setting that allow override of locks for some IntelR Processors in IntelR Boot Guard and IntelR TXT may allow an unauthenticated user to potentially enable escalation of privilege via physical access. CVE-2022-0004 Impact There...

K22251611: Attack signature check security exposure

Security Advisory Description BIG-IP Advanced WAF and BIG-IP ASM systems incorrectly handle certain requests. This issue occurs when the following condition is met: BIG-IP Advanced WAF and BIG-IP ASM handle a malicious request when a parameter with Base64 decoding is enabled. Impact The attack...

K15840535: BIND vulnerability CVE-2019-6477

Security Advisory Description With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the serve...

K18491258: Cluster component of Oracle MySQL vulnerabilities CVE-2016-5541, CVE-2017-3321, CVE-2017-3322, and CVE-2017-3323

Security Advisory Description CVE-2016-5541 Vulnerability in the MySQL Cluster component of Oracle MySQL subcomponent: Cluster: NDBAPI. Supported versions that are affected are 7.2.26 and earlier, 7.3.14 and earlier and 7.4.12 and earlier. Difficult to exploit vulnerability allows unauthenticated...

K13213418: BIG-IP monitor configuration vulnerability CVE-2022-35735

Security Advisory Description An authenticated attacker with Resource Administrator or Manager privileges can create or modify existing monitor objects in the Configuration utility in an undisclosed manner, leading to a privilege escalation. CVE-2022-35735 Impact This vulnerability may allow an...

K13145361: Linux kernel KVM subsystem vulnerability CVE-2014-3647

Security Advisory Description arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service guest OS crash via a crafted application. CVE-2014-3647 Impact A local user with Advanced...

K13559191: Linux kernel vulnerability CVE-2022-25636

Security Advisory Description net/netfilter/nfdupnetdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nftablesoffload. CVE-2022-25636 Impact BIG-IP, BIG-IQ Centralized Management, BIG-IP SPK, F5OS-A, and...

K13290208: NSS vulnerability CVE-2020-12403

Security Advisory Description A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 which was not functioning correctly and strictly enforcing tag...

K11542555: iApps vulnerability CVE-2020-17507

Security Advisory Description An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. readxbmbody in gui/image/qxbmhandler.cpp has a buffer over-read. CVE-2020-17507 Impact An unauthenticated remote attacker can trick an administrator into processing a large file wi...

K08152433: Intel processors MMIO stale data vulnerability CVE-2022-21166

Security Advisory Description Incomplete cleanup in specific special register write operations for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2022-21166 Impact Successful exploitation of this vulnerability can lead to...

K04460334: libxml2 2.9.10 vulnerability CVE-2020-7595

Security Advisory Description xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. CVE-2020-7595 Impact An attacker could exploit this vulnerability to cause the application to enter into an infinite loop resulting in a denial of servic...

K09422508: OpenSSL vulnerabilities CVE-2016-6307 and CVE-2016-6308

Security Advisory Description CVE-2016-6307 The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service memory consumption via crafted TLS messages, related to...

K03814795: Linux kernel vulnerability CVE-2019-16089

Security Advisory Description An issue was discovered in the Linux kernel through 5.2.13. nbdgenlstatus in drivers/block/nbd.c does not check the nlaneststartnoflag return value. CVE-2019-16089. Impact This vulnerability may allow a local user to perform a denial-of-service DoS attack. Security...

K95453343: Multiple Java vulnerabilities CVE-2020-2601, CVE-2020-2604, CVE-2020-2654

Security Advisory Description CVE-2020-2601 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Security. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows...

K93472064: Linux kernel vulnerability CVE-2017-12190

Security Advisory Description The biomapuseriov and biounmapuser functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bioaddpcpage function merges them into one, but the page...