6413 matches found
K16443: MIT Kerberos 5 vulnerabilities CVE-2014-9421 and CVE-2014-5352
Security Advisory Description CVE-2014-9421 The authgssapiunwrapdata function in lib/rpc/authgssapimisc.c in MIT Kerberos 5 aka krb5 through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cau...
K16441: MIT Kerberos 5 vulnerability CVE-2014-9423
Security Advisory Description The svcauthgssacceptseccontext function in lib/rpc/svcauthgss.c in MIT Kerberos 5 aka krb5 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive...
K15580: Apache CXF and JBoss vulnerabilities
Security Advisory Description CVE-2010-2076 Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows...
K15578: MD5 Message-Digest Algorithm vulnerability CVE-2004-2761
Security Advisory Description The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate. CVE-2004-2761 Impact A...
K15561: Kerberos vulnerability CVE-2014-4344
Security Advisory Description The accctxcont function in the SPNEGO acceptor in lib/gssapi/spnego/spnegomech.c in MIT Kerberos 5 aka krb5 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty continuatio...
K15549: Rsync vulnerability CVE-2007-6199
Security Advisory Description rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy. CVE-2007-6199 Impact An...
K15504: OpenSSH vulnerability CVE-2014-1692
Security Advisory Description The hashbuffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service memory corruption or have unspecifie...
K94730263: Linux kernel vulnerability CVE-2017-17450
Security Advisory Description net/netfilter/xtosf.c in the Linux kernel through 4.14.4 does not require the CAPNETADMIN capability for addcallback and removecallback operations, which allows local users to bypass intended access restrictions because the xtosffingers data structure is shared acros...
K32055534: Brute Force Attack Prevention feature may erroneously stop prevention before an attack is over
Security Advisory Description The Brute Force Attack Prevention feature may stop prevention before the attack is over. This issue occurs when all of the following conditions are met: You configured the BIG-IP ASM system with many virtual servers hundreds that have web application protection with...
K16135: OpenSSL vulnerability CVE-2015-0205
Security Advisory Description The ssl3getcertverify function in s3srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman DH certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without...
K15295: OpenSSL vulnerability CVE-2014-0076
Security Advisory Description The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack. CVE-2014-0076 Impact...
K14742: OpenSSH vulnerability CVE-2008-4109
Security Advisory Description A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a...
K84591451: Intel AMT vulnerabilities CVE-2019-0092, CVE-2019-0094, CVE-2019-0097, and CVE-2019-0096
Security Advisory Description CVE-2019-0092 Insufficient input validation vulnerability in subsystem for IntelR AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. CVE-2019-0094 Insufficient...
K52013062: Ansible Engine vulnerability CVE-2020-14365
Security Advisory Description A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disablegpgcheck is set to False, which is the...
K17514331: BIG-IP TMM vulnerability CVE-2022-23020
Security Advisory Description When the 'Respond on Error' setting is enabled on the Request Logging profile and configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-23020 Impact Traffic is disrupted while the TMM process...
K15236: ConfigSync IP Rsync full file system access vulnerability CVE-2014-2927
Security Advisory Description The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require...
K14740: OpenSSH vulnerability CVE-2011-5000
Security Advisory Description The sshgssapiparseename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service memory consumption via a large value in a certain length field. NOTE: there may b...
K14673240: Linux kernel vulnerability CVE-2018-20856
Security Advisory Description An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an blkdrainqueue use-after-free because a certain error case is mishandled. CVE-2018-20856 Impact There is no impact; F5 products are not affected by this vulnerability. Security...
K6999: Web browser domain-based security and discussion of ''double eval()'' and FP_DO_NOT_TOUCH tags VU#261869
Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...
K4441: BSD telnet vulnerabilities CAN-2005-0468 and CAN-2005-0469
Security Advisory Description Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5...
K15310: Data Manager SQL Injection Remote Code Execution vulnerability CVE-2014-2949
Security Advisory Description F5 Data Manager SQL Injection Remote Code Execution Vulnerability. CVE-2014-2949 Impact An authenticated user may potentially execute code. Security Advisory Status F5 Product Development has assigned ID 461853 Data Manager to this vulnerability, and has evaluated th...
K13605: FirePass sudo vulnerability - CVE-2012-2053
Security Advisory Description Description F5 has identified a possible sudo vulnerability for FirePass. FirePass does not require a password to execute sudo commands with elevated permissions. FirePass is designed to function as a closed-box appliance with no user-level access to the underlying...
K22052524: cURL and libcurl vulnerability CVE-2018-1000120
Security Advisory Description A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse. CVE-2018-1000120 Impact libcurl does not safely parse FTP URLs when using the CURLOPTFTPFILEMETHOD method. By...
K2617: Reverse name resolution vulnerability in SSH - CVE-2003-0386
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...
K17381: OpenJDK vulnerability CVE-2014-0428
Security Advisory Description Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. CVE-2014-0428 Impact There is no impact; F5 products...
K17386: vCMP DoS vulnerability CVE-2015-6546
Security Advisory Description An attacker sourcing malicious traffic from a network adjacent to the BIG-IP system may be able to cause a denial-of-service DoS condition on a vCMP host and the vCMP guests running on it. The vulnerability cannot be exploited outside of the local network segment or ...
K17335: GnuTLS vulnerability CVE-2015-6251
Security Advisory Description Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName DN entry in a certificate. CVE-2015-6251 Impact This vulnerability allows disruption of service. Security Adviso...
K16866: PowerDNS vulnerabilities CVE-2014-8601 and CVE-2015-1868
Security Advisory Description CVE-2014-8601 PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service "performance degradations" via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it...
K16505: NTP vulnerability CVE-2015-1798
Security Advisory Description The symmetric-key feature in the receive function in ntpproto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC...
K16859: SUSE coreutils vulnerabilities CVE-2013-0221, CVE-2013-0222, and CVE-2013-0223
Security Advisory Description CVE-2013-0221 The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service segmentation fault and crash via a long string to the sort command, when using the 1 -d or 2 -M switch, which triggers a stack-based buffer...
K16444: Apache vulnerability CVE-2015-0899
Security Advisory Description The Validator in Apache Struts 1.1 and later contains a function to efficiently define rules for input validation across multiple pages during screen transitions. This function contains a vulnerability where input validation may be bypassed. When the Apache Struts 1...
K9528: IPv6 Neighbor Discovery Protocol (NDP) vulnerability CVE-2008-2476 - VU#472363
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K9109: Apache Tomcat cross-site scripting vulnerability CVE-2008-1947
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K9110: Apache Tomcat information disclosure vulnerability - CVE-2008-2370
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K9107: OpenSSH vulnerability CVE-2008-1483
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K15595: Apache Xalan-Java vulnerability CVE-2014-0107
Security Advisory Description Description The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURESECUREPROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access...
K16013: OpenSSL vulnerability CVE-2014-3569
Security Advisory Description The ssl23getclienthello function in s23srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via an unexpected...
K15553: Kerberos vulnerability CVE-2014-4343
Security Advisory Description Double free vulnerability in the initctxreselect function in the SPNEGO initiator in lib/gssapi/spnego/spnegomech.c in MIT Kerberos 5 aka krb5 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service memory corruption or possibly execu...
K14700: BIG-IP APM clickjacking vulnerability CVE-2013-5975
Security Advisory Description The access policy logon page logon.inc in F5 BIG-IP APM 11.1.0 through 11.2.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. CVE-2013-5975 Impact Clickjacking protection in the BIG-IP APM access policy logon page may be insufficient...
K73071205: PHP vulnerability CVE-2016-5385
Security Advisory Description PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...
K10020: Multiple Cross-Site Scripting Vulnerabilities in the FirePass logon and activation pages
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K54150332: ASP.NET x-up-devcap-post-charset header security exposure
Security Advisory Description An attacker may be able to evade ASM detections by including the x-up-devcap-post-charset header when sending requests to an ASP.NET application, to craft a request payload with language encoding that is not supported by BIG-IP ASM/Advanced WAF, and is different to...
K23421535: Expat vulnerabilities CVE-2022-22822, CVE-2022-22823, and CVE-2022-22824
Security Advisory Description CVE-2022-22822 addBinding in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow. CVE-2022-22823 buildmodel in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow. CVE-2022-22824 defineAttribute in xmlparse.c in Expat aka libexpat...
K14236: OpenSSL vulnerability CVE-2012-2686
Security Advisory Description A flaw in the OpenSSL handling of CBC ciphersuites in TLS 1.1 and TLS 1.2 on AES-NI supporting platforms can be exploited in a denial-of-service DoS attack. Anyone using an AES-NI platform for TLS 1.2 or TLS 1.1 on OpenSSL 1.0.1 before 1.0.1d is affected. Platforms...
K14228: OpenSSH vulnerability CVE-2007-2243
Security Advisory Description OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to...
K84583382: VMware Tools vulnerability CVE-2015-5191
Security Advisory Description VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation. CVE-2015-5191 Impact This vulnerability may allow a...
K71436934: Apache httpd vulnerability CVE-2016-4979
Security Advisory Description The Apache HTTP Server 2.4.18 through 2.4.20, when modhttp2 and modssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveragin...
K56237129: Linux kernel vulnerability in non-GENERIC_TIME systems CVE-2010-2243
Security Advisory Description A vulnerability exists in kernel/time/clocksource.c in the Linux kernel before 2.6.34 where on non-GENERICTIME systems GENERICTIME=n, accessing /sys/devices/system/clocksource/clocksource0/currentclocksource results in an OOPS. CVE-2010-2243 Impact There is no impact...
K15299: Linux kernel vulnerability CVE-2013-2888
Security Advisory Description Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device HID subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service heap memory corruption via a crafted device...
K15272: PHP Vulnerability CVE-2013-4636
Security Advisory Description The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service invalid pointer dereference and application crash via an MP3 file that triggers incorrect MIME type detection during...