6413 matches found
K29203191: Linux kernel vulnerability CVE-2019-10220
Security Advisory Description Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists. CVE-2019-10220 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has...
K31152411: BIG-IP Analytics vulnerability CVE-2019-6655
Security Advisory Description BIG-IP platforms provisioned with AAM, AFM, Application Visibility and Reporting AVR, APM, ASM, and/or PEM may leak sensitive data. CVE-2019-6655 Impact BIG-IP AAM, AFM, AVR, APM, ASM, PEM The vulnerability is only present on BIG-IP systems provisioned with AAM, AFM,...
K35340595: Kerberos vulnerability CVE-2016-3120
Security Advisory Description The validateasrequest function in kdcutil.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.13.6 and 1.4.x before 1.14.3, when restrictanonymoustotgt is enabled, uses an incorrect client data structure, which allows remote authenticated users t...
K27044729: TMM vulnerability CVE-2018-5528
Security Advisory Description Under certain conditions, the Traffic Management Microkernel TMM may restart and produce a core file while processing BIG-IP APM data. CVE-2018-5528 Impact This vulnerability allows remote attackers to cause a denial of service DoS on the BIG-IP system. The BIG-IP...
K25061316: BIND vulnerability CVE-2016-9778
Security Advisory Description An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacker if it was...
K27575300: Linux kernel vulnerability CVE-2019-17053
Security Advisory Description ieee802154create in net/ieee802154/socket.c in the AFIEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAPNETRAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7. CVE-2019-17053 Impact There is no impact; F...
K27112954: Linux kernel vulnerability CVE-2019-15292
Security Advisory Description An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalkprocexit, related to net/appletalk/atalkproc.c, net/appletalk/ddp.c, and net/appletalk/sysctlnetatalk.c. CVE-2019-15292 Impact There is no impact; F5 products are not affected...
K29146534: SSB Variant 4 vulnerability CVE-2018-3639
Security Advisory Description Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel...
K17848347: Oracle Java vulnerabilities CVE-2019-2422, CVE-2019-2449, and CVE-2019-2540
Security Advisory Description CVE-2019-2422 Vulnerability in the Java SE component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with...
K21766035: mod_perl vulnerability CVE-2011-2767
Security Advisory Description modperl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because contrary to the documentation there is no configuration option that permits Perl code for the administrator's control of HTTP request...
K15328: OpenSSL vulnerability CVE-2010-5298
Security Advisory Description Race condition in the ssl3readbytes function in s3pkt.c in OpenSSL through 1.0.1g, when SSLMODERELEASEBUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service use-after-free and parsing error via an SSL connection in a...
K15079139: Linux kernel vulnerability CVE-2019-18660
Security Advisory Description The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry64.S and arch/powerpc/kernel/security.c. CVE-2019-18660...
K15511932: F5 statement about Super Micro hardware compromise
Security Advisory Description F5 is aware of the reports of the alleged Super Micro Supermicro hardware compromise. F5 does not use Super Micro boards in any of our BIG-IP, BIG-IQ, Enterprise Manager, ARX, FirePass, or VIPRION hardware. F5 designs our own boards and controls the manufacturing tes...
K13184144: Apache Tomcat vulnerability CVE-2019-0221
Security Advisory Description The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is...
K14601: BIND vulnerability CVE-2012-5689
Security Advisory Description ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service assertion failure and named daemon exit via a query...
K13401920: Apache HTTPD vulnerability CVE-2021-36160
Security Advisory Description A carefully crafted request uri-path can cause modproxyuwsgi to read above the allocated memory and crash DoS. This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 inclusive. CVE-2021-36160 Impact A remote attacker, through a crafted request, can exploit t...
K11410303: cURL vulnerability CVE-2017-2629
Security Advisory Description curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificate's validity in the code that checks for a test success or failure. It ends up always thinking there's valid proof, even when...
K04146019: Linux kernel vulnerability CVE-2010-5332
Security Advisory Description In the Linux kernel before 2.6.37, an out of bounds array access happened in drivers/net/mlx4/port.c. When searching for a free entry in either mlx4registervlan or mlx4registermac, and there is no free entry, the loop terminates without updating the local variable fr...
K04154823: Oracle Java SE vulnerability CVE-2019-2426
Security Advisory Description Vulnerability in the Java SE component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network acce...
K04082144: Apache HTTP Server vulnerability CVE-2021-41773, CVE-2021-42013
Security Advisory Description A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protect...
K05121675: F5 TLS vulnerability CVE-2016-9244
Security Advisory Description A BIG-IP SSL virtual server with the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory, aka the Ticketbleed bug. CVE-2016-9244 Impact A BIG-IP virtual server configured with a Client SSL profile that has the non-default Sessio...
K01552024: Apache vulnerability CVE-2021-40438
Security Advisory Description A crafted request uri-path can cause modproxy to forward the request to an origin server chosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. CVE-2021-40438 Impact A remote attacker can exploit this vulnerability by sending a specially...
K19559038: OpenSSL vulnerability CVE-2021-3712
Security Advisory Description ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which i...
K02951273: NTP vulnerability CVE-2017-6463
Security Advisory Description NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service daemon crash via an invalid setting in a :config directive, related to the unpeer option. CVE-2017-6463 Impact A remote, authenticated attacker may exploit this...
K02524143: Apache Tomcat vulnerability CVE-2016-8747
Security Advisory Description An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different request...
K00174195: Apache Tomcat vulnerability CVE-2021-25122
Security Advisory Description When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both se...
K15338344: Eclipse Jetty vulnerability CVE-2021-28165
Security Advisory Description In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. CVE-2021-28165 Impact Affected systems may experience resource exhaustion when receiving an invalid large TLS...
K11561403: Intel CPU vulnerability CVE-2018-3657
Security Advisory Description Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access. CVE-2018-3657 Impact There is no impact; F5 products ar...
K13322484: libssh2 vulnerability CVE-2019-13115
Security Advisory Description In libssh2 before 1.9.0, kexmethoddiffiehellmangroupexchangesha256keyexchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose...
K15317908: Apache mod_cluster vulnerability CVE-2016-8612
Security Advisory Description Apache HTTP Server modcluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process. CVE-2016-8612 Impact There is no impact; F5...
K83823933: OpenSSL Vulnerability CVE-2021-4044
Security Advisory Description Internally libssl in OpenSSL calls X509verifycert on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error for example out of memory. Such a negative return value is mishandled by...
K82248373: Linux kernel vulnerability CVE-2020-16119
Security Advisory Description Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccpshctxccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123,...
K80758444: Linux kernel vulnerability CVE-2015-8812
Security Advisory Description drivers/infiniband/hw/cxgb3/iwchcm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free via crafted packets. CVE-2015-8812 Impact There is no...
K67825238: iControl REST vulnerability CVE-2019-6638
Security Advisory Description Malformed http requests made to an undisclosed iControl REST endpoint can lead to infinite loop of the restjavad process. CVE-2019-6638 Impact All authenticated users, regardless of role, can exploit this vulnerability, which can result in a denial-of-service DoS for...
K72453266: Linux kernel vulnerability CVE-2013-2164
Security Advisory Description The mmcioctlcdromreaddata function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. CVE-2013-2164 Impact There is no impact; F5...
K71282001: TMM vulnerability CVE-2016-9249
Security Advisory Description An undisclosed traffic pattern received by a BIG-IP Virtual Server with TCP Fast Open enabled may cause the Traffic Management Microkernel TMM to restart, resulting in a Denial-of-Service DoS. CVE-2016-9249 Impact If the Fast Open option is enabled in a TCP profile...
K68401558: BIG-IP virtual server TCP sequence numbers vulnerability
Security Advisory Description Attackers in a privileged network position may be able to obtain TCP sequence numbers SEQ from the BIG-IP system for a short period of time up to 4 seconds that will be reused in future connections with the same source and destination port and IP numbers. Impact...
K64721111: vCMP vulnerability CVE-2018-5531
Security Advisory Description Through undisclosed methods, adjacent network attackers can cause a denial of service for vCMP guest and host systems. Attacks must be sourced from an adjacent network Layer 2. CVE-2018-5531 Impact BIG-IP An attacker from an adjacent network may be able to cause a...
K52868493: libssh vulnerability CVE-2018-10933
Security Advisory Description A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access. CVE-2018-10933 Impact There is no impact. F5 products...
K62279530: ConfigSync mcpd vulnerability CVE-2017-6161
Security Advisory Description When configuration synchronization ConfigSync is configured, attackers on adjacent networks may be able to bypass the TLS protections usually used to encrypt and authenticate connections to mcpd. CVE-2017-6161 Impact This vulnerability may allow remote attackers to...
K48726314: Linux kernel vulnerability CVE-2013-2140
Security Advisory Description The dispatchdiscardio function in drivers/block/xen-blkback/blkback.c in the Xen blkback implementation in the Linux kernel before 3.10.5 allows guest OS users to cause a denial of service data loss via filesystem write operations on a read-only disk that supports th...
K52697522: libarchive vulnerability CVE-2016-8689
Security Advisory Description The readHeader function in archivereadsupportformat7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service out-of-bounds read via multiple EmptyStream attributes in a header in a 7zip archive. CVE-2016-8689 Impact For BIG-IP and VIPRION...
K44885536: iControl REST vulnerability CVE-2019-6622
Security Advisory Description Undisclosed iControl REST worker is vulnerable to command injection by an administrator or resource administrator user. This attack is only exploitable on multi-bladed systems. The vulnerability allows bypass of Appliance mode security on BIG-IP systems by allowing t...
K43451236: Apache Struts 2 vulnerability CVE-2017-5638
Security Advisory Description The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted...
K31332013: Linux kernel vulnerability CVE-2016-10905
Security Advisory Description An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4.8. A use-after-free is caused by the functions gfs2clearrgrpd and readrindexentry. CVE-2016-10905 Security Advisory Status F5 Product Development has evaluated the currently supported releases for...
K25033460: TMM vulnerability CVE-2017-6133
Security Advisory Description In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, undisclosed HTTP requests may cause a denial of service. CVE-2017-6133 Impact The Traffic Management Microkernel TMM generates a core...
K22541983: BIG-IP virtual servers with Client SSL and HTTP/2 or SPDY configured vulnerability CVE-2017-6163
Security Advisory Description In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, when a virtual server uses the standard configuration of HTTP/2 or SPDY profile with Client SSL profile, and the client initiates a...
K22183127: Vim vulnerability CVE-2016-1248
Security Advisory Description vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened. CVE-2016-1248 Impact A local attacker may abuse...
K73926196: PHPMailer vulnerability CVE-2016-10045
Security Advisory Description The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in...
K07052904: PHP vulnerability CVE-2015-3307
Security Advisory Description The pharparsemetadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service heap metadata corruption or possibly have unspecified other impact via a crafted tar archive...