6294 matches found
K13277: Apache vulnerability CVE-2009-2412
Security Advisory Description Multiple integer overflows in the Apache Portable Runtime APR library and the Apache Portable Utility library aka APR-util 0.9.x and 1.3.x allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code by way of vectors that...
K00329831: NTP vulnerabilities CVE-2015-8139 and CVE-2015-8140
Security Advisory Description CVE-2015-8139 ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors. CVE-2015-8140 The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the...
K15872: libxml2 vulnerability CVE-2014-3660
Security Advisory Description parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted XML document containing a large number of...
K15902: Apache vulnerability CVE-2010-1623
Security Advisory Description Memory leak in the aprbrigadesplitline function in buckets/aprbrigade.c in the Apache Portable Runtime Utility library aka APR-util before 1.3.10, as used in the modreqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a...
K15873: cURL/libcURL vulnerability CVE-2014-2522
Security Advisory Description curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate when accessing a...
K9025: FirePass SNMP DoS vulnerability
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K71245322: NTP vulnerability CVE-2015-8138
Security Advisory Description NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero. CVE-2015-8138 Impact An attacker may be able to disable time synchronization with the server or push...
K40496533: PHP vulnerability CVE-2016-3132
Security Advisory Description Double free vulnerability in the SplDoublyLinkedList::offsetSet function in ext/spl/spldllist.c in PHP 7.x before 7.0.6 allows remote attackers to execute arbitrary code via a crafted index. CVE-2016-3132 Impact There is no impact; F5 products are not affected by thi...
K43570545: OpenSSL vulnerability CVE-2016-7055
Security Advisory Description There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private...
K16057: GHOST: glibc gethostbyname buffer overflow vulnerability CVE-2015-0235
Security Advisory Description A heap-based buffer overflow was found in glibc's nsshostnamedigitsdots function, which is used by the gethostbyname and gethostbyname2 glibc function calls. A remote attacker may be able to use this flaw to execute arbitrary code. CVE-2015-0235 Impact A remote...
K14433: PHP SOAP vulnerability CVE-2013-1643
Security Advisory Description PHP allows the use of external entities while parsing SOAP wsdl files, which allows an attacker to read arbitrary files. If a web application unserializes user-supplied data and tries to execute any method of it, an attacker can send a serialized SoapClient object...
K14432: PHP SOAP wdsl cache file vulnerability CVE-2013-1635
Security Advisory Description PHP does not validate the configuration directive soap.wsdlcachedir before writing SOAP wsdl cache files to the filesystem. Impact An attacker is able to write remote wsdl files to arbitrary locations on an affected system. Security Advisory Status To determine if yo...
K10772: Linux NULL pointer dereference vulnerability - CVE-2009-2692
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...
K2773: Multiple Open SSH vulnerabilities CA-2003-24, CA-2003-26, and CA-2003-26
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K20145801: Mozilla NSS vulnerability CVE-2016-1979
Security Advisory Description Use-after-free vulnerability in the PK11ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services NSS before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified othe...
K15557: OpenSSH vulnerability CVE-2011-4327
Security Advisory Description ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call. CVE-2011-4327 Impact None. F5 products a...
K15546: glibc vulnerability CVE-2014-4043
Security Advisory Description Description posixspawnfileactionsaddopen in glibc prior to version 2.20 fails to copy the path argument. The result of not copying is that programs can easily trigger use-after-free bugs, or other situations where the path is mutated. Impact None. No F5 products are...
K14201: BIND denial-of-service attack CVE-2012-5166/CVE-2012-4244
Security Advisory Description A vulnerability exists in the BIND DNS server process that may allow a remote attacker to initiate a denial-of-service DoS attack against the DNS service. Impact DNS services may be unavailable and cause a failure in DNS resolution. Security Advisory Status F5 Produc...
K13217575: Session data may be exposed when using a proxy to multiplex connections to the BIG-IP APM system
Security Advisory Description This issue occurs when all of the following conditions are met: The BIG-IP APM system is configured to perform NTLM SSO authentication to back-end servers. A proxy in front of the BIG-IP APM system multiplexes connections from different users. Impact Users may be...
K12876166: Linux kernel vulnerability CVE-2019-12817
Security Advisory Description arch/powerpc/mm/mmucontextbook3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are...
K9988: libpng vulnerability CVE-2009-0040
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K9990: icclib vulnerabilities CVE-2009-0583 and CVE-2009-0584
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to SOL4602: Overview of F5...
K6027: FIPS hardware vulnerability - nCipher Advisory #14
Security Advisory Description Note: Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about F5 Networks' security policy regarding evaluating older and unsupported versions of F5 Networks products, refer to SOL4602:...
K5716: Authentication bypass in PAM LDAP module - CAN-2005-2641
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K5718: IKE version 1 multiple vulnerabilities CERT VU#226364
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K45611803: TMM vulnerability CVE-2018-5530
Security Advisory Description F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.1 virtual servers with HTTP/2 profiles enabled are vulnerable to "HPACK Bomb". CVE-2018-5530 Impact HPACK bombs are designed to consume an abnormal amount of memory resources on a target system, which can...
K38456756: Kernel vulnerability CVE-2018-18445
Security Advisory Description In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjustscalarminmaxvals in kernel/bpf/verifier.c mishandles 32-bit right shifts...
K21404407: TACACS+ audit forwarding uses an unencrypted database variable to store passwords
Security Advisory Description The audit forwarding mechanism for Terminal Access Controller Access-Control System Plus TACACS+ uses an unencrypted database variable to store passwords. BIG-IP This issue occurs when all the following conditions are met: You configure TACACS+ to enable audit...
K17049: PHP vulnerability CVE-2015-4598
Security Advisory Description PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls 1 a DOMDocument save method or 2 t...
K16489: Linux kernel security vulnerabilities CVE-2010-3848, CVE-2010-3849, and CVE-2010-3850
Security Advisory Description CVE-2010-3848 Stack-based buffer overflow in the econetsendmsg function in net/econet/afeconet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to gain privileges by providing a large number of iovec structures...
K16443: MIT Kerberos 5 vulnerabilities CVE-2014-9421 and CVE-2014-5352
Security Advisory Description CVE-2014-9421 The authgssapiunwrapdata function in lib/rpc/authgssapimisc.c in MIT Kerberos 5 aka krb5 through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cau...
K16441: MIT Kerberos 5 vulnerability CVE-2014-9423
Security Advisory Description The svcauthgssacceptseccontext function in lib/rpc/svcauthgss.c in MIT Kerberos 5 aka krb5 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive...
K16486: PHP vulnerability CVE-2015-2787
Security Advisory Description Use-after-free vulnerability in the processnesteddata function in ext/standard/varunserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of...
K15578: MD5 Message-Digest Algorithm vulnerability CVE-2004-2761
Security Advisory Description The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate. CVE-2004-2761 Impact A...
K15580: Apache CXF and JBoss vulnerabilities
Security Advisory Description CVE-2010-2076 Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows...
K15561: Kerberos vulnerability CVE-2014-4344
Security Advisory Description The accctxcont function in the SPNEGO acceptor in lib/gssapi/spnego/spnegomech.c in MIT Kerberos 5 aka krb5 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty continuatio...
K15549: Rsync vulnerability CVE-2007-6199
Security Advisory Description rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy. CVE-2007-6199 Impact An...
K15504: OpenSSH vulnerability CVE-2014-1692
Security Advisory Description The hashbuffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service memory corruption or have unspecifie...
K94730263: Linux kernel vulnerability CVE-2017-17450
Security Advisory Description net/netfilter/xtosf.c in the Linux kernel through 4.14.4 does not require the CAPNETADMIN capability for addcallback and removecallback operations, which allows local users to bypass intended access restrictions because the xtosffingers data structure is shared acros...
K32055534: Brute Force Attack Prevention feature may erroneously stop prevention before an attack is over
Security Advisory Description The Brute Force Attack Prevention feature may stop prevention before the attack is over. This issue occurs when all of the following conditions are met: You configured the BIG-IP ASM system with many virtual servers hundreds that have web application protection with...
K16135: OpenSSL vulnerability CVE-2015-0205
Security Advisory Description The ssl3getcertverify function in s3srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman DH certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without...
K15295: OpenSSL vulnerability CVE-2014-0076
Security Advisory Description The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack. CVE-2014-0076 Impact...
K14742: OpenSSH vulnerability CVE-2008-4109
Security Advisory Description A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a...
K84591451: Intel AMT vulnerabilities CVE-2019-0092, CVE-2019-0094, CVE-2019-0097, and CVE-2019-0096
Security Advisory Description CVE-2019-0092 Insufficient input validation vulnerability in subsystem for IntelR AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. CVE-2019-0094 Insufficient...
K52013062: Ansible Engine vulnerability CVE-2020-14365
Security Advisory Description A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disablegpgcheck is set to False, which is the...
K17514331: BIG-IP TMM vulnerability CVE-2022-23020
Security Advisory Description When the 'Respond on Error' setting is enabled on the Request Logging profile and configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-23020 Impact Traffic is disrupted while the TMM process...
K15236: ConfigSync IP Rsync full file system access vulnerability CVE-2014-2927
Security Advisory Description The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require...
K14673240: Linux kernel vulnerability CVE-2018-20856
Security Advisory Description An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an blkdrainqueue use-after-free because a certain error case is mishandled. CVE-2018-20856 Impact There is no impact; F5 products are not affected by this vulnerability. Security...
K14740: OpenSSH vulnerability CVE-2011-5000
Security Advisory Description The sshgssapiparseename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service memory consumption via a large value in a certain length field. NOTE: there may b...
K6999: Web browser domain-based security and discussion of ''double eval()'' and FP_DO_NOT_TOUCH tags VU#261869
Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...