K87351324: Intel BIOS vulnerability CVE-2021-33124

Security Advisory Description Out-of-bounds write in the BIOS authenticated code module for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2021-33124 Impact A local attacker logged in as a privileged user can exploit the...

K84301413: CUPS vulnerability CVE-2017-18190

Security Advisory Description A localhost.localdomain whitelist entry in validhost in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is...

K85664507: Linux kernel vulnerability CVE-2017-17852

Security Advisory Description kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service memory corruption or possibly have unspecified other impact by leveraging mishandling of 32-bit ALU ops. CVE-2017-17852 Impact There is no impact; F5 products are...

K87920510: BIG-IP mcpd vulnerability CVE-2019-6647

Security Advisory Description When processing authentication attempts for control-plane users, mcpd leaks a small amount of memory. Under rare conditions, attackers with access to the management interface can eventually deplete memory on the system. CVE-2019-6647 Impact Repeated failed...

K82781208: BIG-IP FIX profile vulnerability CVE-2019-6667

Security Advisory Description On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.1.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.5.1-11.6.5, under certain conditions, TMM may consume excessive resources when processing traffic for a Virtual Server with the FIX Financial Information eXchange...

K72384465: Linux kernel vulnerability CVE-2018-5332

Security Advisory Description In the Linux kernel through 4.14.13, the rdsmessageallocsgs function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write related to the rdsrdmaextrasize function in net/rds/rdma.c. CVE-2018-5332 Impact There ...

K73837233: Intel processors vulnerability CVE-2019-0117

Security Advisory Description Insufficient access control in protected memory subsystem for IntelR SGX for 6th, 7th, 8th, 9th Generation IntelR CoreTM Processor Families; IntelR XeonR Processor E3-1500 v5, v6 Families; IntelR XeonR E-2100 & E-2200 Processor Families with IntelR Processor Graphics...

K71612511: Kernel vulnerability CVE-2016-8106

Security Advisory Description A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions. CVE-2016-8106 Impact There ...

K62103028: Multiple Java vulnerabilities CVE-2020-2583, CVE-2020-2590, CVE-2020-2593

Security Advisory Description CVE-2020-2583 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows...

K61643620: BIG-IP TMUI XSS vulnerability CVE-2021-23038

Security Advisory Description A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. CVE-2021-23038 Impact An authenticated attacker may exploit...

K55031185: demangler in GNU Libiberty vulnerability CVE-2016-6131

Security Advisory Description The demangler in GNU Libiberty allows remote attackers to cause a denial of service infinite loop, stack overflow, and crash via a cycle in the references of remembered mangled types. CVE-2016-6131 Impact There is no impact; F5 products are not affected by this...

K52171694: OpenSSL vulnerability CVE-2021-3450

Security Advisory Description The X509VFLAGX509STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curv...

K52125139: NGINX Ingress Controller vulnerability CVE-2022-30535

Security Advisory Description An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. CVE-2022-30535 Impact This vulnerability may allow an authenticated attacker with network access to NGINX Ingress Controller ingress objects t...

K51512510: tcpdump vulnerability CVE-2018-14879

Security Advisory Description The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:getnextfile. CVE-2018-14879 Impact A local attacker may be able to corrupt data, run arbitrary code, or cause the program to terminate. Security Advisory Status F5 Product...

K49331953: libicu vulnerability CVE-2017-17484

Security Advisory Description The ucnvUTF8FromUTF8 function in ucnvu8.cpp in International Components for Unicode ICU for C/C++ through 60.1 mishandles ucnvconvertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service stack-based buffer overflow and...

K48527562: Samba vulnerabilities CVE-2021-20277, CVE-2017-14746, CVE-2017-15275

Security Advisory Description CVE-2021-20277 A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is t...

K46444421: Linux Kernel Vulnerability CVE-2019-9458

Security Advisory Description In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. CVE-2019-9458 Impact There i...

K44482551: Intel I210 network adapter vulnerability CVE-2020-0525

Security Advisory Description Improper access control in firmware for the IntelR Ethernet I210 Controller series of network adapters before version 3.30 may allow a privileged user to potentially enable denial of service via local access. CVE-2020-0525 Impact The BIG-IP management network port us...

K42238532: BIND vulnerabilities CVE-2019-6475 and CVE-2019-6476

Security Advisory Description CVE-2019-6475 Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by other servers. A mirror zone is similar to a zone of type secondary, except that its data is subject to DNSSEC validation before being used in answers, as if i...

K42433061: Intel processors vulnerability CVE-2019-11139

Security Advisory Description Improper conditions check in the voltage modulation interface for some IntelR XeonR Scalable Processors may allow a privileged user to potentially enable denial of service via local access. CVE-2019-11139 Impact There is no impact; F5 products are not affected by thi...

K38481791: glibc vulnerability CVE-2020-10029

Security Advisory Description The GNU C Library aka glibc or libc6 before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. Th...

K37283878: Intel I210 network adapter vulnerability CVE-2020-0522

Security Advisory Description Improper initialization in the firmware for the IntelR Ethernet I210 Controller series of network adapters before version 3.30 may allow a privileged user to potentially enable denial of service via local access. CVE-2020-0522 Impact The BIG-IP management network por...

K31925518: BIG-IP APM access logs vulnerability CVE-2016-1497

Security Advisory Description A vulnerability in the BIG-IP Configuration utility can be used by an unauthorized BIG-IP administrative user to gain unauthorized access to the Access Policy Manager APM access logs. This vulnerability requires valid user account credentials and access to the...

K34041353: Linux kernel vulnerability CVE-2021-38202

Security Advisory Description fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service out-of-bounds read in strlen by sending NFS traffic when the trace event framework is being used for nfsd. CVE-2021-38202 Impact There is no impact; F5 product...

K31445234: Intel I210 network adapter vulnerability CVE-2020-0523

Security Advisory Description Improper access control in the firmware for the IntelR Ethernet I210 Controller series of network adapters before version 3.30 may potentially allow a privileged user to enable a denial of service via local access. CVE-2020-0523 Impact The BIG-IP management network...

K26314875: Apache vulnerability CVE-2022-26377

Security Advisory Description Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4...

K26890535: libcgroup vulnerability CVE-2018-14348

Security Advisory Description libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information. CVE-2018-14348 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F...

K23720587: Apache Solr vulnerability CVE-2019-12409

Security Advisory Description The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLEREMOTEJMXOPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX...

K14703097: BIG-IP AFM vulnerability CVE-2019-6672

Security Advisory Description When bad-actor detection is configured on a wildcard virtual server on platforms with hardware-based sPVA, the performance of the BIG-IP AFM system is degraded. CVE-2019-6672 Impact The affected BIG-IP AFM system's CPU usage increases and may cause the legitimate...

K21336065: GD Graphics Library vulnerability CVE-2016-8670

Security Advisory Description Integer signedness error in the dynamicGetbuf function in gdiodp.c in the GD Graphics Library aka libgd through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service stack-based buffer overflow or possibly hav...

K15310332: BIG-IP APM open redirect vulnerability CVE-2020-27729

Security Advisory Description An undisclosed link on the BIG-IP APM virtual server allows a malicious user to build an open redirect URI. CVE-2020-27729 Impact An attacker can create a URL with a specially crafted value and trick BIG-IP APM users into visiting the link. Victims may be redirected ...

K16162257: Intel BIOS vulnerability CVE-2021-0154

Security Advisory Description Improper input validation in the BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable an escalation of privilege via local access. CVE-2021-0154 Impact A local attacker logged in as a privileged user can exploit the vulnerability...

K14693346: TMM vulnerability CVE-2021-22977

Security Advisory Description Cooperation between malicious HTTP client code and a malicious server may cause TMM to restart and generate a core file. CVE-2021-22977 Impact When attackers exploit this vulnerability, the Traffic Management Microkernel TMM restarts, and then the BIG-IP system...

K12403422: BIG-IP ASM vulnerability CVE-2018-5541

Security Advisory Description When the BIG-IP ASM system processes HTTP requests, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process. CVE-2018-5541 Impact BIG-IP When this vulnerability is exploited, the BIG-IP ASM system may experience a denial of...

K13070025: Intel BIOS vulnerabiilties CVE-2021-0159, CVE-2021-0188, CVE-2021-0189, CVE-2021-33103, and CVE-2021-33122

Security Advisory Description CVE-2021-0159 Improper input validation in the BIOS authenticated code module for some IntelR Processors may allow a privileged user to potentially enable aescalation of privilege via local access. CVE-2021-0188 Return of pointer value outside of expected range in th...

K06747393: TMM vulnerability CVE-2019-6677

Security Advisory Description Under certain conditions, when using custom TCP congestion control settings in a TCP profile, TMM stops processing traffic when processed by an iRule. CVE-2019-6677 Impact The Traffic Management Microkernel TMM may generate a core file and restart, causing a traffic...

K06524534: Linux kernel vulnerability CVE-2021-22555

Security Advisory Description A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/xtables.c. This allows an attacker to gain privileges or cause a DoS via heap memory corruption through user name space CVE-2021-22555 Impact This vulnerability may allow an...

K04808933: Intel Processors MMIO Stale Data Advisory vulnerabilities CVE-2022-21123, CVE-2022-21125, and CVE-2022-21127

Security Advisory Description CVE-2022-21123 Incomplete cleanup of multi-core shared buffers for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2022-21125 Incomplete cleanup of microarchitectural fill buffers on some Intel...

K00053434: OPENSSL_LH_flush() function vulnerability CVE-2022-1473

Security Advisory Description The OPENSSLLHflush function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or...

K88126845: BIG-IP APM web pages may be indexed by search engines

Security Advisory Description This issue occurs when all of the following conditions are met: Users connect to the BIG-IP APM system through the internet. The BIG-IP APM system is reachable by search engines. Impact BIG-IP APM web pages may be enumerated and other data may be disclosed. Symptoms ...

K88511840: QEMU vulnerability CVE-2015-8345

Security Advisory Description The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service application crash and infinite loop via vectors involving the command block list. CVE-2015-8345 Impact There is no impact; F5 products are not affected by this...

K95003704: Java SE vulnerability CVE-2018-3183

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Scripting. Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows...

K87141725: BIG-IP APM redirect vulnerability CVE-2017-0302

Security Advisory Description Insufficient boundary checks on the request URL may cause the tmm process to assert when the user is redirected back to the original request URL following successful authentication to the BIG-IP APM system. CVE-2017-0302 Impact An authenticated user with an establish...

K82641075: PHP vulnerability CVE-2018-10545

Security Advisory Description An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpmunix.c makes a PRSETDUMPABLE prctl call, allowing one user in a multiuser...

K74605824: MySQL Server UDF vulnerability CVE-2017-3529

Security Advisory Description Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: UDF. Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to...

K77215791: Linux kernel vulnerability CVE-2017-7277

Security Advisory Description The TCP stack in the Linux kernel through 4.10.6 mishandles the SCMTIMESTAMPINGOPTSTATS feature, which allows local users to obtain sensitive information from the kernels internal socket data structures or cause a denial of service out-of-bounds read via crafted syst...

K82224417: Linux kernel vulnerability CVE-2017-7308

Security Advisory Description The packetsetring function in net/packet/afpacket.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service overflow or possibly have unspecified other impact via crafted system call...

K77452266: Intel CPU vulnerability CVE-2018-12171

Security Advisory Description Privilege escalation in Intel Baseboard Management Controller BMC firmware before version 1.43.91f76955 may allow an unprivileged user to potentially execute arbitrary code or perform denial of service over the network. CVE-2018-12171 Impact There is no impact; F5...

K67190282: MySQL X plugin vulnerabilities CVE-2017-3637 and CVE-2017-3646

Security Advisory Description CVE-2017-3637 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: X Plugin. Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols...

K60381308: Intel CPU vulnerability CVE-2018-3655

Security Advisory Description A vulnerability in a subsystem in Intel CSME before version 11.21.55, Intel Server Platform Services before version 4.0 and Intel Trusted Execution Engine Firmware before version 3.1.55 may allow an unauthenticated user to potentially modify or disclose information v...