K89941125: mod_auth_openidc vulnerability CVE-2021-20718

Security Advisory Description modauthopenidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service DoS condition via unspecified vectors. CVE-2021-20718 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development ha...

K82350223: MySQL vulnerabilities CVE-2018-2766, CVE-2018-2769, CVE-2018-2771, CVE-2018-2773, and CVE-2018-2775

Security Advisory Description CVE-2018-2766 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via...

K16285: OpenSSL vulnerability CVE-2012-2110

Security Advisory Description The asn1d2ireadbio function in crypto/asn1/ad2ifp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service memory...

K50462644: Linux kernel vulnerability CVE-2016-5343

Security Advisory Description drivers/soc/qcom/qdsp6v2/voicesvc.c in the QDSP6v2 Voice Service driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, allows attackers to cause a denial of service memory corruption or...

K17120: Linux kernel vulnerability CVE-2014-8134

Security Advisory Description The paravirtopssetup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirtenabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that rea...

K6919: Cross-site scripting vulnerability in my.activation.php3 CVE-2007-3097

Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...

K6916: Case change in URL host name circumvents Accessibility Scope

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K17218: Libvirt vulnerability CVE-2014-8135

Security Advisory Description The storageVolUpload function in storage/storagedriver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service NULL pointer dereference and daemon crash via a crafted offset value in a "virsh vol-upload"...

K17213: Apache vulnerability CVE-2002-0392

Security Advisory Description Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size. CVE-2002-0392 Impact There is no impact; F...

K16983: PCRE library vulnerability CVE-2015-2325

Security Advisory Description PCRE library is prone to a heap overflow vulnerability. Due to insufficient bounds checking inside compilebranch, the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applicatio...

K16984: PCRE library vulnerability CVE-2015-2326

Security Advisory Description PCRE library is prone to a vulnerability which leads to Heap overflow. Without enough bound checking inside pcrecompile2, the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many...

K16429: Linux kernel vulnerability CVE-2015-0239

Security Advisory Description The emsysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service guest OS crash by triggering use of a 16-bit code...

K16442: MIT Kerberos 5 vulnerability CVE-2014-9422

Security Advisory Description The checkrpcsecauth function in kadmin/server/kadmrpcsvc.c in kadmind in MIT Kerberos 5 aka krb5 through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/ authorization check and obtain administrative access...

K15369: OpenSSL vulnerability CVE-2009-0591

Security Advisory Description The CMSverify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually...

K15702: SSLv3 vulnerability CVE-2014-3566

Security Advisory Description A flaw in the design of Secure Socket Layer SSL version 3.0 has been discovered that may allow a network attacker to force a client to negotiate an SSL handshake using SSL version 3.0 ciphers instead of Transport Layer Security TLS version 1.x ciphers. The attacker c...

K15358: OpenSSL vulnerability CVE-2009-0590

Security Advisory Description The ASN1STRINGprintex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service invalid memory access and application crash via vectors that trigger printing of a 1 BMPString or 2 UniversalString with an invalid encoded length...

K15350: OpenSSL vulnerability CVE-2008-1672

Security Advisory Description OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service crash via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference. CVE-2008-1672 Impact None. No F5 produc...

K15341: BIG-IP ASM Virtual Edition may run out of memory under certain DoS conditions

Security Advisory Description The BIG-IP ASM system limits the maximum number of concurrent requests with large payloads 10,000 bytes or larger by default to 100, using the maxconcurrentlongrequest internal parameter. The BIG-IP ASM system drops new requests with large payloads once this limit is...

K15300: Apache HTTP Server mod_dav DoS vulnerability CVE-2013-6438

Security Advisory Description The davxmlgetcdata function in main/util.c in the moddav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service daemon crash via a crafted DAV WRITE...

K30150004: The attack signature check may fail to detect and block malicious requests

Security Advisory Description The web application firewall attack signature check may fail to detect and block malicious request containing certain decimal-coded characters. This issue occurs when all of the following conditions are met: You are using one of the following web application firewall...

K72813580: glibc vulnerabilities CVE-2017-1000408 and CVE-2017-1000409

Security Advisory Description CVE-2017-1000408 A memory leak in glibc 2.1.1 released on May 24, 1999 can be reached and amplified through the LDHWCAPMASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366. CVE-2017-100040...

K6806: ClamAV UPX heap overflow Vulnerability - CVE-2006-4018

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K6365: Multiple DNS vulnerabilities VU#955777

Security Advisory Description Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5...

K14410: Multiple MySQL vulnerabilities

Security Advisory Description For BIG-IP systems using the MySQL database, the following MySQL vulnerabilities may allow local users to gain knowledge of sensitive information, manipulate certain data, or cause a Denial of Service DoS: CVE-2011-2262 CVE-2012-0075 CVE-2012-0087 CVE-2012-0101...

K51591999: Multiple Java vulnerabilities CVE-2020-14562, CVE-2020-14573, CVE-2020-14578, CVE-2020-14579, CVE-2020-14581, CVE-2020-14593

Security Advisory Description CVE-2020-14562 Vulnerability in the Java SE product of Oracle Java SE component: ImageIO. Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols ...

K48131150: Linux kernel vulnerability CVE-2019-19065

Security Advisory Description A memory leak in the sdmainit function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service memory consumption by triggering rhashtableinit failures, aka CID-34b3be18a04e. CVE-2019-19065 Impact There is n...

K4532: gzip vulnerabilities CAN-2005-0758, CAN-2005-0988, and CAN-2005-1228

Security Advisory Description Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5...

K8108: OpenSSL vulnerability CVE-2007-3108

Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...

K8106: OpenSSL SSL_get_shared_ciphers vulnerability CVE-2007-5135

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

K2452: Vulnerabilities in the HTTP TRACE method - VU#867593

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K16196: MCPQ vulnerability CVE-2014-6031

Security Advisory Description MCPQ has been found to suffer from a remote buffer overflow vulnerability. The vulnerability is available to authenticated administrative users only. CVE-2014-6031 Impact Exploitation of these vulnerabilities may allow a malicious, authenticated user to cause a...

K15722: OpenSSL DTLS SRTP Memory Leak CVE-2014-3513

Security Advisory Description A flaw in the DTLS SRTP extension parsing code allows an attacker, who ends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. This could be exploited in a Denial of Service attack. This issue affects...

K15730: OpenSSH vulnerability

Security Advisory Description The mmnewkeysfromblob function in monitorwrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-she...

K89096577: LibTIFF vulnerabilities CVE-2016-5314 and CVE-2015-8784

Security Advisory Description CVE-2016-5314 Buffer overflow in the PixarLogDecode function in tifpixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by...

K8837: OpenSSL DTLS off-by-one error - CVE-2007-4995

Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...

K43322910: Linux kernel vulnerability CVE-2017-6135

Security Advisory Description In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP management port or self IP addresses may lead to out of memory OOM...

K36361684: Apache Thrift vulnerability CVE-2018-1320

Security Advisory Description Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled i...

K37155600: BIG-IP RTSP profile vulnerability CVE-2022-28691

Security Advisory Description When a Real Time Streaming Protocol RTSP profile is configured on a virtual server, undisclosed traffic can cause an increase in Traffic Management Microkernel TMM resource utilization. CVE-2022-28691 Impact System performance can degrade until the process is either...

K02553911: Java vulnerabilities CVE-2020-14556, CVE-2020-14583, and CVE-2020-14664

Security Advisory Description CVE-2020-14556 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticate...

K23520761: BIG-IP ASM and BIG-IP AFM/BIG-IP Analytics vulnerability CVE-2018-5505

Security Advisory Description On F5 BIG-IP 13.1.0 - 13.1.0.3, when ASM and one or more of these modules AFM/AVR are provisioned, the Traffic Management Microkernel TMM may restart while processing DNS requests when the virtual server is configured with a DNS profile and the Protocol setting is se...

K21485342: Configuration utility CSRF vulnerability

Security Advisory Description When an authenticated Configuration utility user visits a specially crafted web page, the user's current session can be logged out and unknowingly logged in to the Configuration utility using a different user account. Impact When exploited, the authenticated...

K45164470: Linux kernel vulnerability CVE-2022-36946

Security Advisory Description nfqnlmangle in net/netfilter/nfnetlinkqueue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service panic because, in the case of an nfqueue verdict with a one-byte nftapayload attribute, an skbpull can encounter a negative skb-len...

K45212738: SNMP vulnerability CVE-2019-20892

Security Advisory Description net-snmp before 5.8.1.pre1 has a double free in usmfreeusmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release...

K80996302: Multiple NTP vulnerabilities

Security Advisory Description CVE-2016-7427 The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service reject broadcast mode packets via a crafted broadcast mode packet. CVE-2016-7428 ntpd in NTP before 4.2.8p9 allows remo...

K1518: Multiple SSH1 vulnerabilities - CA-2001-35

Security Advisory Description Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5...

K14445: Linux kernel vulnerability CVE-2013-2094

Security Advisory Description The perfsweventinit function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type. CVE-2013-2094 Impact Local users may be able to gain privileges through a crafted perfeventopen system call. Security Advisory Status F5 Product...

K17524: NTP vulnerability CVE-2015-7854

Security Advisory Description Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service daemon crash or possibly execute arbitrary code via a crafted key file. CVE-2015-7854 Impact...

K15172: BIND vulnerability CVE-2010-3762

Security Advisory Description Description ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, which allows remote attackers to cause a denial of service daemon crash via a DNS query...

K10550253: ImageMagick vulnerability CVE-2016-3715

Security Advisory Description The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. CVE-2016-3715 Note : This vulnerability is one of the series of vulnerabilities known as ImageTragick. Impact Exploiting...

K42875540: Enterprise Monitor component of Oracle MySQL vulnerability CVE-2016-5590

Security Advisory Description Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL subcomponent: Monitoring: Agent. Supported versions that are affected are 3.1.3.7856 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via TLS to...