K3082: Multiple vulnerabilities in OpenSSL - CAN-2004-0081, CAN-2004-0079, CAN-2004-0112

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K31333705: BIG-IP APM portal access may potentially leak host name information for back-end servers

Security Advisory Description This issue occurs when all of the following conditions are met: You configure the BIG-IP APM system to provide portal access to back-end resources. Users accessing portal access resources receive redirect responses from the BIG-IP APM system due to DNS resolution...

K2591: Linux kernel vulnerabilities CAN-2003-0244 and CAN-2003-0246

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K2593: Buffer overflow in zlib - CAN-2003-0107

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K21125762: The BIG-IP CFE logs sensitive Azure storage account credentials

Security Advisory Description The BIG-IP Cloud Failover Extension CFE logs sensitive Azure storage account credentials in /var/log/restnoded/restnoded.log. This issue occurs when all of the following conditions are met: You configure the CFE to provide failover functionality for your BIG-IP syste...

K15404: OpenSSL vulnerability CVE-2009-3245

Security Advisory Description OpenSSL before 0.9.8m does not check for a NULL return value from bnwexpand function calls in 1 crypto/bn/bndiv.c, 2 crypto/bn/bngf2m.c, 3 crypto/ec/ec2smpl.c, and 4 engines/eubsec.c, which has unspecified impact and context-dependent attack vectors. CVE-2009-3245...

K14909: OpenSSL vulnerability CVE-2013-4248

Security Advisory Description The opensslx509parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle...

K14907: MySQL Server vulnerability CVE-2012-3163

Security Advisory Description Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema. CVE-2012-31...

K14901: SASL vulnerability CVE-2013-4122

Security Advisory Description Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service thread crash and consumption via 1 an...

K96639388: Overview of F5 vulnerabilities (April 2021)

Security Advisory Description On April 28th, 2021, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. The details of each issue can be found in the associate...

K41556648: CPU vulnerability CVE-2019-0184

Security Advisory Description Insufficient access control in protected memory subsystem for IntelR TXT for 6th, 7th, 8th and 9th Generation IntelR CoreTM Processor Families; IntelR XeonR Processor E3-1500 v5 and v6 Families; IntelR XeonR E-2100 and E-2200 Processor Families with IntelR Processor...

K93048305: Linux kernel vulnerability CVE-2021-20268

Security Advisory Description An out-of-bounds access flaw was found in the Linux kernel's implementation of the eBPF code verifier in the way a user running the eBPF script calls devmapinitmap or sockmapalloc. This flaw allows a local user to crash the system or possibly escalate their privilege...

K59957337: ASM Cloud Security Services authentication vulnerability CVE-2019-6687

Security Advisory Description The BIG-IP ASM Cloud Security Services profile uses a built-in verification mechanism that fails to properly authenticate the X.509 certificate of remote endpoints. CVE-2019-6687 Impact This vulnerability may allow man-in-the-middle attackers to intercept traffic...

K15630: TLS in Mozilla NSS vulnerability CVE-2013-1620

Security Advisory Description The TLS implementation in Mozilla Network Security Services NSS does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attack...

K15629: Multiple GNU Bash vulnerabilities

Security Advisory Description CVE-2014-6271 GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand...

K15640: GNU C Library (glibc) vulnerabilities CVE-2014-0475, CVE-2014-5119, CVE-2013-4458

Security Advisory Description CVE-2014-0475 Multiple directory traversal vulnerabilities in GNU C Library aka glibc or libc6 before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. dot dot in a 1 LC, 2 LANG, or other...

K44590877: PHP vulnerabilities CVE-2019-11034 and CVE-2019-11035

Security Advisory Description CVE-2019-11034 When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exifprocessIFDTAG function. This may lead to information disclosure or crash...

K8425: Linux Kernel Vulnerability - CVE-2008-0600

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K3568: DNS denial of service vulnerability - CAN-2004-0789

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K23453330: NTP vulnerability CVE-2016-4957

Security Advisory Description ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service daemon crash via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547. CVE-2016-4957 Impact There is no impact; F5 products are not affected ...

K16081: BIG-IP ASM cross-site scripting (XSS) vulnerability CVE-2015-1050

Security Advisory Description Cross-site scripting XSS vulnerability in F5 BIG-IP Application Security Manager ASM before 11.6.0 allows an authenticated user to inject arbitrary web script or HTML via the Response Body field. CVE-2015-1050 Impact Remote attackers may be able to inject arbitrary w...

K14741: OpenSSH vulnerability CVE-2010-5107

Security Advisory Description The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service connection-slot exhaustion by periodically making many n...

K14446: OpenSSH vulnerability CVE-2012-0814

Security Advisory Description The authparseoptions function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorizedkeys command options. CVE-2012-0814 Impact This vulnerability may allow remotely-authenticated users to obtain potentially sensitive information...

K14739: OpenSSH vulnerability CVE-2008-3234

Security Advisory Description sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ colon slash sequence, followed by the role name, to the username. CVE-2008-3234 Impact None. No F...

K10143: Cross-Site Scripting Vulnerabilities in the FirePass logon

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this Solution have not been evaluated for...

K7147: Execution of UNIX shell commands from the URL in the Admin UI

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K48187630: Multiple grub2 vulnerabilities

Security Advisory Description CVE-2020-14308 In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity...

K35358312: TCP vulnerability CVE-2015-8099

Security Advisory Description Under limited conditions, an invalid TCP segment can lead to a Denial of Service for the High-Speed Bridge HSB on the following platforms: 3900, 6900, 8900, 8950, 11000, 11050, PB100 or PB200. This issue is only exposed on virtual servers while Software SYN cookies a...

K16841: GNU C Library (glibc) vulnerability CVE-2013-7423

Security Advisory Description The senddg function in resolv/ressend.c in GNU C Library aka glibc or libc6 before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of request that trigger a call to the...

K16840: SSH vulnerability CVE-1999-1085

Security Advisory Description Description SSH 1.2.25, 1.2.23, and other versions, when used in in CBC Cipher Block Chaining or CFB Cipher Feedback 64 bits modes, allows remote attackers to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext...

K1877: OpenSSH Remote Challenge Vulnerability - CAN-2001-1279

Security Advisory Description Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...

K16842: Row hammer (rowhammer) vulnerability

Security Advisory Description Row hammer rowhammer is a problem with some recent DRAM devices, in which repeatedly accessing a row of memory can cause bit flips in adjacent rows. Impact None. F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has...

K17957133: Linux kernel vulnerability CVE-2019-3701

Security Advisory Description An issue was discovered in cancangwrcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the candlc field. Because of a missing check, the CAN drivers may write arbitrary...

K16833: Linux vulnerability CVE-2014-7826

Security Advisory Description kernel/trace/tracesyscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service invalid pointer dereference via a crafted...

K16834: OpenSSL vulnerability CVE-2011-3210

Security Advisory Description The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service daemon crash via...

K16831: BSD regex library vulnerability CVE-2015-2305

Security Advisory Description Description Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library aka rxspencer alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via ...

K4351: BIND 9.3.0 denial of service vulnerability CAN-2005-0034

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K15180: OpenSSL vulnerability CVE-2013-4353

Security Advisory Description The ssl3takemac function in ssl/s3both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service NULL pointer dereference and application crash via a crafted Next Protocol Negotiation record in a TLS handshake. CVE-2013-4353 Impact Remot...

K14434: OpenSSH vulnerability CVE-2006-5794

Security Advisory Description Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker authentication verification, which might allow attackers to bypass authentication. As of 2006-11-08, it is believed that this issue is only exploitable by leveragin...

K13993: Cross-site URL redirection attack vulnerability CVE-2009-4017

Security Advisory Description F5 FirePass SSL VPN contains a flaw that allows a remote cross-site redirection attack. This flaw exists because the application does not validate the refreshURL parameter upon submission to the my.activation.cns.php3 script. As a result, a user could create a URL...

K10701310: BIG-IP may not detect invalid Transfer-Encoding headers

Security Advisory Description This issue occurs when the conditions are met based on the BIG-IP module provisioned and the affected version listed in the following table. Products| Conditions that trigger the issue| Affected versions ---|---|--- BIG-IP LTM| For versions prior to 15.1.0, the...

K91024405: Java SE vulnerability CVE-2017-10115

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JCE. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows...

K77508618: Multiple Oracle MySQL vulnerabilities

Security Advisory Description CVE-2016-0502 Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. CVE-2016-0505 Unspecified vulnerability in Oracle MySQL 5.5.46 and...

K63290144: Intel processor vulnerabilities CVE-2020-8696 and CVE-2020-8698

Security Advisory Description CVE-2020-8696 Improper removal of sensitive information before storage or transfer in some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2020-8698 Improper isolation of shared resources in some...

K17566: NTP vulnerability CVE-2015-7704

Security Advisory Description The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. CVE-2015-7704 Impact An off-path attacker can send a crafted Kiss of Death KoD packet to the client, which...

K17563: Apache Struts vulnerability CVE-2015-2992

Security Advisory Description Arbitrary script can be executed when JSP files are exposed to be accessed directly. Affected versions are Struts 2.0.0 - 2.3.16.3. CVE-2015-2992 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...

K17541: Linux kernel vulnerability CVE-2015-2150

Security Advisory Description Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest users to cause a denial of service non-maskable interrupt and host crash by disabling the 1 memory or 2 I/O decoding fo...

K17543: Linux kernel vulnerability CVE-2014-9420

Security Advisory Description The rockcontinue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service infinite loop, and system crash or hang via a crafted iso9660 image...

K15516: LZ4 compression vulnerability CVE-2014-4715

Security Advisory Description Yann Collet LZ4 before r119, when used on certain 32-bit platforms that allocate memory beyond 0x80000000, does not properly detect integer overflows, which allows context-dependent attackers to cause a denial of service memory corruption or possibly have unspecified...

K15512: LZO decompressor vulnerability CVE-2014-4608

Security Advisory Description DISPUTED Multiple integer overflows in the lzo1xdecompresssafe function in lib/lzo/lzo1xdecompresssafe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service memory corruption via a crafted Literal...