6413 matches found
K46421255: Docker privilege elevation vulnerability CVE-2019-5736
Security Advisory Description runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary and consequently obtain host root access by leveraging the ability to execute a command as root within one of these types of containers: 1 a...
K45026834: Apache Tomcat vulnerability CVE-2020-13935
Security Advisory Description The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload...
K34205867: Server component of Oracle MySQL vulnerabilities CVE-2016-8327, CVE-2017-3238, CVE-2017-3251, CVE-2017-3256, and CVE-2017-3258
Security Advisory Description CVE-2016-8327 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Replication. Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with...
K31209433: Linux kernel vulnerabilities CVE-2017-6345, CVE-2017-6347, and CVE-2017-6348
Security Advisory Description CVE-2017-6345 The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which allows local users to cause a denial of service BUGON or possibly have unspecified other impact via crafted system...
K23435400: Intel CPU vulnerability CVE-2022-0004
Security Advisory Description Hardware debug modes and processor INIT setting that allow override of locks for some IntelR Processors in IntelR Boot Guard and IntelR TXT may allow an unauthenticated user to potentially enable escalation of privilege via physical access. CVE-2022-0004 Impact There...
K22251611: Attack signature check security exposure
Security Advisory Description BIG-IP Advanced WAF and BIG-IP ASM systems incorrectly handle certain requests. This issue occurs when the following condition is met: BIG-IP Advanced WAF and BIG-IP ASM handle a malicious request when a parameter with Base64 decoding is enabled. Impact The attack...
K15840535: BIND vulnerability CVE-2019-6477
Security Advisory Description With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the serve...
K18491258: Cluster component of Oracle MySQL vulnerabilities CVE-2016-5541, CVE-2017-3321, CVE-2017-3322, and CVE-2017-3323
Security Advisory Description CVE-2016-5541 Vulnerability in the MySQL Cluster component of Oracle MySQL subcomponent: Cluster: NDBAPI. Supported versions that are affected are 7.2.26 and earlier, 7.3.14 and earlier and 7.4.12 and earlier. Difficult to exploit vulnerability allows unauthenticated...
K13213418: BIG-IP monitor configuration vulnerability CVE-2022-35735
Security Advisory Description An authenticated attacker with Resource Administrator or Manager privileges can create or modify existing monitor objects in the Configuration utility in an undisclosed manner, leading to a privilege escalation. CVE-2022-35735 Impact This vulnerability may allow an...
K13145361: Linux kernel KVM subsystem vulnerability CVE-2014-3647
Security Advisory Description arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service guest OS crash via a crafted application. CVE-2014-3647 Impact A local user with Advanced...
K13559191: Linux kernel vulnerability CVE-2022-25636
Security Advisory Description net/netfilter/nfdupnetdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nftablesoffload. CVE-2022-25636 Impact BIG-IP, BIG-IQ Centralized Management, BIG-IP SPK, F5OS-A, and...
K13290208: NSS vulnerability CVE-2020-12403
Security Advisory Description A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 which was not functioning correctly and strictly enforcing tag...
K11542555: iApps vulnerability CVE-2020-17507
Security Advisory Description An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. readxbmbody in gui/image/qxbmhandler.cpp has a buffer over-read. CVE-2020-17507 Impact An unauthenticated remote attacker can trick an administrator into processing a large file wi...
K09422508: OpenSSL vulnerabilities CVE-2016-6307 and CVE-2016-6308
Security Advisory Description CVE-2016-6307 The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service memory consumption via crafted TLS messages, related to...
K03814795: Linux kernel vulnerability CVE-2019-16089
Security Advisory Description An issue was discovered in the Linux kernel through 5.2.13. nbdgenlstatus in drivers/block/nbd.c does not check the nlaneststartnoflag return value. CVE-2019-16089. Impact This vulnerability may allow a local user to perform a denial-of-service DoS attack. Security...
K08152433: Intel processors MMIO stale data vulnerability CVE-2022-21166
Security Advisory Description Incomplete cleanup in specific special register write operations for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2022-21166 Impact Successful exploitation of this vulnerability can lead to...
K04460334: libxml2 2.9.10 vulnerability CVE-2020-7595
Security Advisory Description xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. CVE-2020-7595 Impact An attacker could exploit this vulnerability to cause the application to enter into an infinite loop resulting in a denial of servic...
K93472064: Linux kernel vulnerability CVE-2017-12190
Security Advisory Description The biomapuseriov and biounmapuser functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bioaddpcpage function merges them into one, but the page...
K95453343: Multiple Java vulnerabilities CVE-2020-2601, CVE-2020-2604, CVE-2020-2654
Security Advisory Description CVE-2020-2601 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Security. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows...
K87920510: BIG-IP mcpd vulnerability CVE-2019-6647
Security Advisory Description When processing authentication attempts for control-plane users, mcpd leaks a small amount of memory. Under rare conditions, attackers with access to the management interface can eventually deplete memory on the system. CVE-2019-6647 Impact Repeated failed...
K82781208: BIG-IP FIX profile vulnerability CVE-2019-6667
Security Advisory Description On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.1.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.5.1-11.6.5, under certain conditions, TMM may consume excessive resources when processing traffic for a Virtual Server with the FIX Financial Information eXchange...
K85664507: Linux kernel vulnerability CVE-2017-17852
Security Advisory Description kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service memory corruption or possibly have unspecified other impact by leveraging mishandling of 32-bit ALU ops. CVE-2017-17852 Impact There is no impact; F5 products are...
K84301413: CUPS vulnerability CVE-2017-18190
Security Advisory Description A localhost.localdomain whitelist entry in validhost in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is...
K87351324: Intel BIOS vulnerability CVE-2021-33124
Security Advisory Description Out-of-bounds write in the BIOS authenticated code module for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2021-33124 Impact A local attacker logged in as a privileged user can exploit the...
K72384465: Linux kernel vulnerability CVE-2018-5332
Security Advisory Description In the Linux kernel through 4.14.13, the rdsmessageallocsgs function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write related to the rdsrdmaextrasize function in net/rds/rdma.c. CVE-2018-5332 Impact There ...
K73837233: Intel processors vulnerability CVE-2019-0117
Security Advisory Description Insufficient access control in protected memory subsystem for IntelR SGX for 6th, 7th, 8th, 9th Generation IntelR CoreTM Processor Families; IntelR XeonR Processor E3-1500 v5, v6 Families; IntelR XeonR E-2100 & E-2200 Processor Families with IntelR Processor Graphics...
K71612511: Kernel vulnerability CVE-2016-8106
Security Advisory Description A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions. CVE-2016-8106 Impact There ...
K62103028: Multiple Java vulnerabilities CVE-2020-2583, CVE-2020-2590, CVE-2020-2593
Security Advisory Description CVE-2020-2583 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows...
K61643620: BIG-IP TMUI XSS vulnerability CVE-2021-23038
Security Advisory Description A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. CVE-2021-23038 Impact An authenticated attacker may exploit...
K55031185: demangler in GNU Libiberty vulnerability CVE-2016-6131
Security Advisory Description The demangler in GNU Libiberty allows remote attackers to cause a denial of service infinite loop, stack overflow, and crash via a cycle in the references of remembered mangled types. CVE-2016-6131 Impact There is no impact; F5 products are not affected by this...
K51512510: tcpdump vulnerability CVE-2018-14879
Security Advisory Description The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:getnextfile. CVE-2018-14879 Impact A local attacker may be able to corrupt data, run arbitrary code, or cause the program to terminate. Security Advisory Status F5 Product...
K52171694: OpenSSL vulnerability CVE-2021-3450
Security Advisory Description The X509VFLAGX509STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curv...
K52125139: NGINX Ingress Controller vulnerability CVE-2022-30535
Security Advisory Description An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. CVE-2022-30535 Impact This vulnerability may allow an authenticated attacker with network access to NGINX Ingress Controller ingress objects t...
K49331953: libicu vulnerability CVE-2017-17484
Security Advisory Description The ucnvUTF8FromUTF8 function in ucnvu8.cpp in International Components for Unicode ICU for C/C++ through 60.1 mishandles ucnvconvertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service stack-based buffer overflow and...
K48527562: Samba vulnerabilities CVE-2021-20277, CVE-2017-14746, CVE-2017-15275
Security Advisory Description CVE-2021-20277 A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is t...
K46444421: Linux Kernel Vulnerability CVE-2019-9458
Security Advisory Description In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. CVE-2019-9458 Impact There i...
K44482551: Intel I210 network adapter vulnerability CVE-2020-0525
Security Advisory Description Improper access control in firmware for the IntelR Ethernet I210 Controller series of network adapters before version 3.30 may allow a privileged user to potentially enable denial of service via local access. CVE-2020-0525 Impact The BIG-IP management network port us...
K42433061: Intel processors vulnerability CVE-2019-11139
Security Advisory Description Improper conditions check in the voltage modulation interface for some IntelR XeonR Scalable Processors may allow a privileged user to potentially enable denial of service via local access. CVE-2019-11139 Impact There is no impact; F5 products are not affected by thi...
K42238532: BIND vulnerabilities CVE-2019-6475 and CVE-2019-6476
Security Advisory Description CVE-2019-6475 Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by other servers. A mirror zone is similar to a zone of type secondary, except that its data is subject to DNSSEC validation before being used in answers, as if i...
K37283878: Intel I210 network adapter vulnerability CVE-2020-0522
Security Advisory Description Improper initialization in the firmware for the IntelR Ethernet I210 Controller series of network adapters before version 3.30 may allow a privileged user to potentially enable denial of service via local access. CVE-2020-0522 Impact The BIG-IP management network por...
K38481791: glibc vulnerability CVE-2020-10029
Security Advisory Description The GNU C Library aka glibc or libc6 before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. Th...
K31445234: Intel I210 network adapter vulnerability CVE-2020-0523
Security Advisory Description Improper access control in the firmware for the IntelR Ethernet I210 Controller series of network adapters before version 3.30 may potentially allow a privileged user to enable a denial of service via local access. CVE-2020-0523 Impact The BIG-IP management network...
K31925518: BIG-IP APM access logs vulnerability CVE-2016-1497
Security Advisory Description A vulnerability in the BIG-IP Configuration utility can be used by an unauthorized BIG-IP administrative user to gain unauthorized access to the Access Policy Manager APM access logs. This vulnerability requires valid user account credentials and access to the...
K34041353: Linux kernel vulnerability CVE-2021-38202
Security Advisory Description fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service out-of-bounds read in strlen by sending NFS traffic when the trace event framework is being used for nfsd. CVE-2021-38202 Impact There is no impact; F5 product...
K26890535: libcgroup vulnerability CVE-2018-14348
Security Advisory Description libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information. CVE-2018-14348 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F...
K26314875: Apache vulnerability CVE-2022-26377
Security Advisory Description Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4...
K23720587: Apache Solr vulnerability CVE-2019-12409
Security Advisory Description The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLEREMOTEJMXOPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX...
K15310332: BIG-IP APM open redirect vulnerability CVE-2020-27729
Security Advisory Description An undisclosed link on the BIG-IP APM virtual server allows a malicious user to build an open redirect URI. CVE-2020-27729 Impact An attacker can create a URL with a specially crafted value and trick BIG-IP APM users into visiting the link. Victims may be redirected ...
K14703097: BIG-IP AFM vulnerability CVE-2019-6672
Security Advisory Description When bad-actor detection is configured on a wildcard virtual server on platforms with hardware-based sPVA, the performance of the BIG-IP AFM system is degraded. CVE-2019-6672 Impact The affected BIG-IP AFM system's CPU usage increases and may cause the legitimate...
K21336065: GD Graphics Library vulnerability CVE-2016-8670
Security Advisory Description Integer signedness error in the dynamicGetbuf function in gdiodp.c in the GD Graphics Library aka libgd through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service stack-based buffer overflow or possibly hav...