6413 matches found
K16351: Multiple Linux kernel vulnerabilities CVE-2009-0834, CVE-2009-0835, and CVE-2009-0859
Security Advisory Description CVE-2009-0834 The auditsyscallentry function in the Linux kernel 2.6.28.7 and earlier on the x8664 platform does not properly handle 1 a 32-bit process making a 64-bit syscall or 2 a 64-bit process making a 32-bit syscall, which allows local users to bypass certain...
K16350: Samba vulnerability CVE-2015-0240
Security Advisory Description The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code...
K16320: OpenSSL vulnerability CVE-2015-0289
Security Advisory Description Description The PKCS7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service NULL pointer dereference and...
K16334: Apache Struts vulnerability CVE-2013-4316
Security Advisory Description Description Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors. CVE-2013-4316 Impact None Status To determine if your release is known to be vulnerable, the components or features that are...
K15342: OpenSSL vulnerability CVE-2014-3470
Security Advisory Description The ssl3sendclientkeyexchange function in s3clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service NULL pointer dereference and client crash by...
K15343: OpenSSL vulnerability CVE-2014-0221
Security Advisory Description The dtls1getmessagefragment function in d1both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service recursion and client crash via a DTLS hello message in an invalid DTLS handshake. CVE-2014-02...
K9762: OpenSSL vulnerability - CVE-2008-5077
Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...
K35129173: GNU C Library (glibc) vulnerability CVE-2017-15670
Security Advisory Description The GNU C Library aka glibc or libc6 before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the operator followed by a long string. CVE-2017-15670 Impact...
K10417: BIG-IP ASM and PSM remote buffer overflow exploit
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K73200428: Linux kernel vulnerability CVE-2022-0185
Security Advisory Description A heap-based buffer overflow flaw was found in the way the legacyparseparam function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged in case of unprivileged user namespaces enabled, otherwise needs...
K71231825: Multiple MySQL vulnerabilities
Security Advisory Description CVE-2018-2776 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Group Replication GCS. Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via XCom to...
K7053: BIND 9 vulnerabilities - Dereferencing freed fetch context and DNSSEC Validation
Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...
K68120526: Linux kernel vulnerability CVE-2022-0742
Security Advisory Description Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc. CVE-2022-0742 Impact Ther...
K17461: OpenSSH vulnerability CVE-2015-5352
Security Advisory Description The x11openhelper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection...
K17475: Linux kernel vulnerability CVE-2015-5707
Security Advisory Description Integer overflow in the sgstartreq function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iovcount value in a write request. CVE-2015-5707...
K17061: Multiple PHP vulnerabilities
Security Advisory Description CVE-2015-4599 The SoapFault::toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service application crash, or possibly execute arbitrary code...
K17057: QEMU vulnerabilities CVE-2015-3214, CVE-2015-5154, and CVE-2015-5158
Security Advisory Description CVE-2015-3214 An out-of-bounds memory access flaw, leading to memory corruption or possibly an information leak, was found in QEMU's pitioportread function. A privileged guest user in a QEMU guest, which had QEMU PIT emulation enabled, could potentially, in rare case...
K05204103: F5 TMM vulnerability CVE-2020-5950
Security Advisory Description An early syncookie leaks forwarding flows if the virtual server has Clustered Multiprocessing CMP disabled and the BIG-IP AFM module is provisioned. CVE-2020-5950 Impact The BIG-IP system resources may be excessively consumed and potentially lead to a failover event...
K02230327: BIND vulnerability CVE-2017-3143
Security Advisory Description An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND...
K03551138: MySQL vulnerabilities CVE-2018-2817, CVE-2018-2818, CVE-2018-2819, CVE-2018-2839, and CVE-2018-2846
Security Advisory Description CVE-2018-2817 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DDL. Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with...
K87540800: Apache vulnerability CVE-2022-22719
Security Advisory Description A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. CVE-2022-22719 Impact There is no impact; F5 products are not affected by this vulnerability...
K68652018: iControl REST vulnerability CVE-2021-22974
Security Advisory Description An authenticated attacker with access to iControl REST over the control plane may be able to take advantage of a race condition to execute commands with an elevated privilege level. This vulnerability is due to an incomplete fix for CVE-2017-6167. CVE-2021-22974...
K17079: Java SE vulnerabilities CVE-2015-2590 and CVE-2015-4732
Security Advisory Description CVE-2015-2590 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than...
K17070: PHP vulnerability CVE-2015-4021
Security Advisory Description The pharparsetarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service...
K52136304: SCSI libsas driver vulnerability CVE-2019-15807
Security Advisory Description In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sasexpander.c when SAS expander discovery fails. This will cause a BUG and denial of service. CVE-2019-15807 Impact There is no impact; F5 products are not affected by this vulnerability...
K4743: Inadequate validation for TCP segments CVE-2005-0356
Security Advisory Description Note: Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K34701020: BIND vulnerability CVE-2017-3139
Security Advisory Description A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. CVE-2017-3139 Impact There is no impact; F5 products ar...
K30523121: BIG-IP TMM vulnerability CVE-2021-23034
Security Advisory Description When a DNS profile using a DNS cache resolver is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM process to terminate. CVE-2021-23034 Impact Traffic is disrupted while the TMM process restarts. This vulnerability...
K23101430: BIG-IQ services for stats vulnerability CVE-2019-6652
Security Advisory Description BIG-IQ services for stats do not require authentication nor do they implement any form of Transport Layer Security TLS. CVE-2019-6652 Impact BIG-IQ An attacker may have full access to the stats database on the BIG-IQ system when this vulnerability is exploited. BIG-I...
K24202220: OpenJDK vulnerability CVE-2019-2894
Security Advisory Description Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Security. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker wi...
K20622530: TMM vulnerability CVE-2020-5930
Security Advisory Description Unauthenticated attackers can cause disruption of service in non-TCP traffic via poisoning of the route metrics cache. This issue is caused by an incomplete fix for CVE-2004-1060. CVE-2020-5930 Impact An attacker may be able to cause a denial of service DoS on a...
K15739: BIND vulnerability CVE-2012-3868
Security Advisory Description Race condition in the nsclient structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote attackers to cause a denial of service memory consumption or process exit via a large volume of TCP queries. CVE-2012-3868 Impact None. No F5 products are affected by...
K15653: Multiple PHP vulnerabilities
Security Advisory Description Description Following are descriptions of various PHP gdImageCrop vulnerabilities: CVE-2013-7226 Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote attackers to cause a denial of service application crash or possibly...
K15641: Outdated or incorrect version vulnerability CVE-1999-0662
Security Advisory Description A system-critical program or library does not have the appropriate patch, hotfix, or service pack installed, or is outdated or obsolete. CVE-1999-0662 Impact This is a generic vulnerability that may be triggered by different types of scanning software, whenever a...
K15642: Samba vulnerability CVE-2013-4476
Security Advisory Description Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local...
K15652: SASL vulnerability CVE-2009-0688
Security Advisory Description Description Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service application crash via strings that are used as input to the saslencode64 function in lib/saslutil.c...
K15568: OpenSSL vulnerability CVE-2014-3510
Security Advisory Description The ssl3sendclientkeyexchange function in s3clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service NULL pointer dereference and client application crash via a crafted handshake...
K15622: wolfSSL CyaSSL vulnerability CVE-2013-1623
Security Advisory Description The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks...
K15552: MIT Kerberos 5 vulnerability CVE-2014-4341
Security Advisory Description MIT Kerberos 5 aka krb5 before 1.12.2 allows remote attackers to cause a denial of service buffer over-read and application crash by injecting invalid tokens into a GSSAPI application session. CVE-2014-4341 Impact A remote attacker may be able to cause a denial of...
K15541: OpenSSL vulnerability CVE-2014-3509
Security Advisory Description Race condition in the sslparseserverhellotlsext function in t1lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service memory overwrite and client...
K14261: OpenSSL OCSP vulnerability CVE-2013-0166
Security Advisory Description OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for Online Certificate Status Protocol OCSP responses, which allow remote attackers to cause a denial-of-service DoS NULL pointer dereference and...
K12130880: BIG-IP APM client for Linux and macOS vulnerability CVE-2018-15332
Security Advisory Description The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host in a race condition. CVE-2018-15332 Impact A...
K2888: DNS cache poisoning vulnerability CVE-2003-0914
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, see K4602: Overview of the F5...
K17270: OpenSSH vulnerability CVE-2015-6565
Security Advisory Description sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service terminal disruption or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence...
K16139: OpenSSL vulnerability CVE-2015-0204
Security Advisory Description The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORTRSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a...
K16124: OpenSSL vulnerability CVE-2015-0206
Security Advisory Description Memory leak in the dtls1bufferrecord function in d1pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service memory consumption by sending many duplicate records for the next epoch, leading to failure of replay...
K16126: OpenSSL vulnerability CVE-2014-3572
Security Advisory Description The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message...
K16136: OpenSSL vulnerability CVE-2014-8275
Security Advisory Description OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a...
K15787: BIND vulnerability CVE-2010-0382
Security Advisory Description ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified...
K16123: OpenSSL vulnerability CVE-2014-3571
Security Advisory Description OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted DTLS message that is processed with a different read operation for the handshake...