6421 matches found
K23421535: Expat vulnerabilities CVE-2022-22822, CVE-2022-22823, and CVE-2022-22824
Security Advisory Description CVE-2022-22822 addBinding in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow. CVE-2022-22823 buildmodel in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow. CVE-2022-22824 defineAttribute in xmlparse.c in Expat aka libexpat...
K14228: OpenSSH vulnerability CVE-2007-2243
Security Advisory Description OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to...
K14236: OpenSSL vulnerability CVE-2012-2686
Security Advisory Description A flaw in the OpenSSL handling of CBC ciphersuites in TLS 1.1 and TLS 1.2 on AES-NI supporting platforms can be exploited in a denial-of-service DoS attack. Anyone using an AES-NI platform for TLS 1.2 or TLS 1.1 on OpenSSL 1.0.1 before 1.0.1d is affected. Platforms...
K84583382: VMware Tools vulnerability CVE-2015-5191
Security Advisory Description VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation. CVE-2015-5191 Impact This vulnerability may allow a...
K71436934: Apache httpd vulnerability CVE-2016-4979
Security Advisory Description The Apache HTTP Server 2.4.18 through 2.4.20, when modhttp2 and modssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveragin...
K56237129: Linux kernel vulnerability in non-GENERIC_TIME systems CVE-2010-2243
Security Advisory Description A vulnerability exists in kernel/time/clocksource.c in the Linux kernel before 2.6.34 where on non-GENERICTIME systems GENERICTIME=n, accessing /sys/devices/system/clocksource/clocksource0/currentclocksource results in an OOPS. CVE-2010-2243 Impact There is no impact...
K15299: Linux kernel vulnerability CVE-2013-2888
Security Advisory Description Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device HID subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service heap memory corruption via a crafted device...
K15272: PHP Vulnerability CVE-2013-4636
Security Advisory Description The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service invalid pointer dereference and application crash via an MP3 file that triggers incorrect MIME type detection during...
K15260: Apache Struts vulnerability CVE-2014-0094
Security Advisory Description The ParametersInterceptor in Apache Struts before 2.3.16.1 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method. CVE-2014-0094 Impact None. F5 products do not use the affected Apache Struts version...
K15273: Apache vulnerability CVE-2012-0053
Security Advisory Description protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a 1 long o...
K15229: BIG-IQ / BIG-IP privilege escalation vulnerability CVE-2014-3220
Security Advisory Description F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in mgmt/shared/authz/users/. CVE-2014-3220 Impact An authenticated user with limited...
K15013: OpenSSH vulnerability CVE-2011-0539
Security Advisory Description The keycertify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents ...
K56480726: Linux kernel vulnerability CVE-2019-8980
Security Advisory Description A memory leak in the kernelreadfile function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service memory consumption by triggering vfsread failures. CVE-2019-8980 Impact There is no impact; F5 products are not affected by thi...
K3015: FIPS hardware vulnerability - nCipher Advisory #9 - CAN-2004-0320
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K74571223: Apache Struts vulnerability CVE-2016-8738
Security Advisory Description In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. CVE-2016-87...
K6795: ClamAV CHM Chunk Name Length DoS Vulnerability - CVE-2006-5295
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K46057232: Swift Mailer vulnerability CVE-2016-10074
Security Advisory Description The mail transport aka SwiftTransportMailTransport in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double quote in a crafted e-mail address in the 1 From,...
K1933: Multiple Vulnerabilities in OpenSSL - CAN-2002-23
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K1952: Trojan Horse OpenSSH Distribution - CA-2002-24
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K30409575: ISC DHCP vulnerability CVE-2016-2774
Security Advisory Description ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service INSIST assertion failure or request-processing outage by establishing many sessions...
K15313: Java SE vulnerabilities CVE-2014-0456, CVE-2014-0457, and CVE-2014-2421
Security Advisory Description CVE-2014-0456 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. CVE-2014-0457 Unspecified vulnerability in...
K15322: PHP vulnerability CVE-2014-0185
Security Advisory Description sapi/fpm/fpm/fpmunix.c in the FastCGI Process Manager FPM in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client. CVE-2014-0185 Impact None. No F5 products are...
K13463: FirePass SQL injection vulnerability CVE-2012-1777
Security Advisory Description F5 has identified a possible SQL injection vulnerability for FirePass. FirePass may not perform adequate user input validation of particular fields. CVE-2012-1777 Impact An unauthenticated attacker may be able to exploit the vulnerability via SQL injection. Security...
K6924: Insertion of special characters in URL path circumvents Accessibility Scope and Access Control Lists
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K6920: Cross-site scripting vulnerabilities
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K6922: Decimal-encoded IP address circumvents Accessibility Scope
Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...
K6923: LDAP and RADIUS authentication failures can reveal a valid FirePass username
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...
K31333705: BIG-IP APM portal access may potentially leak host name information for back-end servers
Security Advisory Description This issue occurs when all of the following conditions are met: You configure the BIG-IP APM system to provide portal access to back-end resources. Users accessing portal access resources receive redirect responses from the BIG-IP APM system due to DNS resolution...
K3082: Multiple vulnerabilities in OpenSSL - CAN-2004-0081, CAN-2004-0079, CAN-2004-0112
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K2593: Buffer overflow in zlib - CAN-2003-0107
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K2591: Linux kernel vulnerabilities CAN-2003-0244 and CAN-2003-0246
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K21125762: The BIG-IP CFE logs sensitive Azure storage account credentials
Security Advisory Description The BIG-IP Cloud Failover Extension CFE logs sensitive Azure storage account credentials in /var/log/restnoded/restnoded.log. This issue occurs when all of the following conditions are met: You configure the CFE to provide failover functionality for your BIG-IP syste...
K15404: OpenSSL vulnerability CVE-2009-3245
Security Advisory Description OpenSSL before 0.9.8m does not check for a NULL return value from bnwexpand function calls in 1 crypto/bn/bndiv.c, 2 crypto/bn/bngf2m.c, 3 crypto/ec/ec2smpl.c, and 4 engines/eubsec.c, which has unspecified impact and context-dependent attack vectors. CVE-2009-3245...
K14901: SASL vulnerability CVE-2013-4122
Security Advisory Description Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service thread crash and consumption via 1 an...
K14909: OpenSSL vulnerability CVE-2013-4248
Security Advisory Description The opensslx509parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle...
K14907: MySQL Server vulnerability CVE-2012-3163
Security Advisory Description Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema. CVE-2012-31...
K96639388: Overview of F5 vulnerabilities (April 2021)
Security Advisory Description On April 28th, 2021, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. The details of each issue can be found in the associate...
K41556648: CPU vulnerability CVE-2019-0184
Security Advisory Description Insufficient access control in protected memory subsystem for IntelR TXT for 6th, 7th, 8th and 9th Generation IntelR CoreTM Processor Families; IntelR XeonR Processor E3-1500 v5 and v6 Families; IntelR XeonR E-2100 and E-2200 Processor Families with IntelR Processor...
K93048305: Linux kernel vulnerability CVE-2021-20268
Security Advisory Description An out-of-bounds access flaw was found in the Linux kernel's implementation of the eBPF code verifier in the way a user running the eBPF script calls devmapinitmap or sockmapalloc. This flaw allows a local user to crash the system or possibly escalate their privilege...
K59957337: ASM Cloud Security Services authentication vulnerability CVE-2019-6687
Security Advisory Description The BIG-IP ASM Cloud Security Services profile uses a built-in verification mechanism that fails to properly authenticate the X.509 certificate of remote endpoints. CVE-2019-6687 Impact This vulnerability may allow man-in-the-middle attackers to intercept traffic...
K15629: Multiple GNU Bash vulnerabilities
Security Advisory Description CVE-2014-6271 GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand...
K15630: TLS in Mozilla NSS vulnerability CVE-2013-1620
Security Advisory Description The TLS implementation in Mozilla Network Security Services NSS does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attack...
K15640: GNU C Library (glibc) vulnerabilities CVE-2014-0475, CVE-2014-5119, CVE-2013-4458
Security Advisory Description CVE-2014-0475 Multiple directory traversal vulnerabilities in GNU C Library aka glibc or libc6 before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. dot dot in a 1 LC, 2 LANG, or other...
K44590877: PHP vulnerabilities CVE-2019-11034 and CVE-2019-11035
Security Advisory Description CVE-2019-11034 When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exifprocessIFDTAG function. This may lead to information disclosure or crash...
K8425: Linux Kernel Vulnerability - CVE-2008-0600
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K3568: DNS denial of service vulnerability - CAN-2004-0789
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K23453330: NTP vulnerability CVE-2016-4957
Security Advisory Description ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service daemon crash via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547. CVE-2016-4957 Impact There is no impact; F5 products are not affected ...
K16081: BIG-IP ASM cross-site scripting (XSS) vulnerability CVE-2015-1050
Security Advisory Description Cross-site scripting XSS vulnerability in F5 BIG-IP Application Security Manager ASM before 11.6.0 allows an authenticated user to inject arbitrary web script or HTML via the Response Body field. CVE-2015-1050 Impact Remote attackers may be able to inject arbitrary w...
K14446: OpenSSH vulnerability CVE-2012-0814
Security Advisory Description The authparseoptions function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorizedkeys command options. CVE-2012-0814 Impact This vulnerability may allow remotely-authenticated users to obtain potentially sensitive information...
K14741: OpenSSH vulnerability CVE-2010-5107
Security Advisory Description The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service connection-slot exhaustion by periodically making many n...