6413 matches found
K15345: GnuTLS vulnerability CVE-2014-3466
Security Advisory Description Buffer overflow in the readserverhello function in lib/gnutlshandshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service memory corruption or possibly execute arbitrary code via a long session id...
K15349: OpenSSL 0.9.8t Denial of Service via S/MIME msg vulnerability CVE-2006-7250
Security Advisory Description The mimehdrcmp function in crypto/asn1/asnmime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted S/MIME message. CVE-2006-7250 Impact None. No F5 products are affected by...
K15348: OpenSSL DTLS Buffer vulnerability CVE-2009-1387
Security Advisory Description The dtls1retrievebufferedfragment function in ssl/d1both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via an out-of-sequence DTLS handshake message, related to a "fragment bug."...
K8874: OpenSSL packages contain a predictable random number generator - VU#925211
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K8869: OpenSSL TLS handshake Denial of Service VU#520586
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K71960814: OpenSSH vulnerability CVE-2016-1908
Security Advisory Description The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by...
K68942513: Java vulnerability CVE-2013-5780
Security Advisory Description Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via...
K61200338: NTP vulnerability CVE-2016-2517
Security Advisory Description NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service prevent subsequent authentication by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey,...
K58084500: Apache Tomcat 6.x vulnerabilities CVE-2016-0714
Security Advisory Description The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute...
K86221000: Bash vulnerability CVE-2019-18276
Security Advisory Description An issue was discovered in disableprivmode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly...
K12002065: BIG-IP ASM XSS vulnerability CVE-2020-5932
Security Advisory Description A cross-site scripting XSS vulnerability exists in the BIG-IP ASM Configuration utility response and blocking pages. An authenticated user with administrative privileges can specify a response page with any content, including JavaScript code that will be executed whe...
K01362377: Ghostscript vulnerability CVE-2017-8291
Security Advisory Description Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile %pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017...
K01043241: Linux kernel vulnerability CVE-2017-17448
Security Advisory Description net/netfilter/nfnetlinkcthelper.c in the Linux kernel through 4.14.4 does not require the CAPNETADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnlcthelperlist data structure is shared...
K01128223: PHP vulnerability CVE-2020-7061
Security Advisory Description In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or...
K24324390: OpenSSH vulnerability CVE-2016-10011
Security Advisory Description authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process. CVE-2016-10011 Impact...
K25719440: D-Bus vulnerability CVE-2019-12749
Security Advisory Description dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 and in some, less common, uses of dbus-daemon, allows cookie spoofing because of symlink mishandling in the reference implementation of...
K2232: checktrap.pl script may be vulnerable to remote command execution
Security Advisory Description Note: Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about F5 Networks' security policy regarding evaluating older and unsupported versions of F5 Networks products, see K4602: Overvie...
K3066: OpenSSH buffer management vulnerability CA-2003-24
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K22493037: The BIG-IP ASM system sends a received XML request with sensitive payload to the ICAP server
Security Advisory Description The BIG-IP ASM system sends a received XML request with sensitive payload to the Internet Content Adaptation Protocol ICAP server for inspection, regardless of any other settings. This issue occurs when all of the following conditions are met: The affected security...
K27205552: NGINX Controller vulnerability CVE-2020-5864
Security Advisory Description Communication between NGINX Controller and NGINX Plus instances skip TLS verification by default. CVE-2020-5864 Impact This vulnerability enables a man-in-the-middle MITM attack that can intercept the communication channel and read/modify data in transit. Security...
K40317110: MySQL vulnerabilities CVE-2017-10320, CVE-2017-10365, CVE-2017-10378, CVE-2017-10379, and CVE-2017-10384
Security Advisory Description CVE-2017-10320 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: InnoDB. Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...
K16821: Apache Axis vulnerability CVE-2014-3596
Security Advisory Description The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers v...
K16819: Linux kernel vulnerability CVE-2015-3331
Security Advisory Description The driverrfc4106decrypt function in arch/x86/crypto/aesni-intelglue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service buffer overflow an...
K04160444: Intel CPU vulnerability CVE-2020-0592
Security Advisory Description Out of bounds write in BIOS firmware for some IntelR Processors may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access. CVE-2020-0592 Impact There is no impact; F5 products are not affected by this...
K00091341: TMOS Shell privilege escalation vulnerability CVE-2020-5907
Security Advisory Description An authorized user provided with access only to the TMOS Shell tmsh may be able to conduct arbitrary file read/writes via the built-in sftp functionality. CVE-2020-5907 Impact A malicious actor who has gained access to a restricted account with tmsh access for exampl...
K7854: Web Applications Content Processing Scripts vulnerability
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K02705117: The BIG-IP ASM system may fail to properly mask the value of a configured sensitive parameter in the request event log
Security Advisory Description When you configure a sensitive parameter for a security policy, the BIG-IP ASM system may fail to properly mask the value in the request log. This issue occurs when all of the following conditions are met: You enabled the Cross-Site Request Forgery CSRF Protection...
K16970: TLS Finish Message vulnerability
Security Advisory Description The BIG-IP system does not verify every byte in the Finished message of a TLS handshake. Impact There is no impact; F5 does not consider this behavior a vulnerability. Security Advisory Status F5 Product Development has assigned ID 530963 to this issue, and has...
K26583415: MQTT vulnerability CVE-2018-15323
Security Advisory Description In certain circumstances, when processing traffic through a Virtual Server with an associated MQTT profile, the TMM process may produce a core file and take the configured HA action. CVE-2018-15323 Impact This vulnerability allows remote attackers to cause a...
K26555255: Multiple Java vulnerabilities CVE-2020-2781, CVE-2020-2800, CVE-2020-2803, CVE-2020-2805, CVE-2020-2830
Security Advisory Description CVE-2020-2781 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated...
K16967: XSS vulnerability in jQuery CVE-2011-4969
Security Advisory Description Cross-site scripting XSS vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag. CVE-2011-4969 Impact There is no impact; F5 products are not affected by this...
K16940: Multiple Wireshark vulnerabilities
Security Advisory Description CVE-2014-6423 The tvbrawtextadd function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service infinite loop via an empty line./ CVE-2014-6425 The 1...
K6736: OpenSSH vulnerabilities CAN-2006-5051, CAN-2006-4924
Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...
K6737: SHMAT vulnerabilities CVE-2004-0114
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K15480: PHP vulnerability CVE-2012-2688
Security Advisory Description Description Unspecified vulnerability in the phpstreamscandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow." CVE-2012-2688 Impact None. F5 products are not...
K15481: BIND vulnerability CVE-2012-1033
Security Advisory Description The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost...
K15482: Linux kernel vulnerability CVE-2014-4943
Security Advisory Description The PPPoL2TP feature in net/l2tp/l2tpppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. CVE-2014-4943 Impact None. No F5 products are affected by this...
K14613: BIND vulnerability CVE-2013-4854
Security Advisory Description The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial-of-service DoS through a query with a...
K83093212: The BIG-IP ASM system may stop enforcing attack signatures after applying a security policy that includes a new signature
Security Advisory Description This issue occurs when all of the following conditions are met: Your BIG-IP ASM system is running versions 12.1.2 through 12.1.3.6. You configure multiple security policies on the BIG-IP ASM system. One of the security policies includes a new attack signature not...
K8171: Linux kernel IA32 System Call vulnerability - CVE-2007-4573
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K10631282: Flip Feng Shui (FFS) vulnerability
Security Advisory Description Flip Feng Shui FFS a new exploitation vector that allows an attacker to induce bit flips over arbitrary physical memory in a fully controlled way. FFS relies on the following underlying primitives: The ability to induce bit flips in controlled but not predetermined...
K08383757: perl-XML-Twig vulnerability CVE-2016-9180
Security Advisory Description perl-XML-Twig: The option to expandexternalents, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's setting. CVE-2016-9180 Impact An authenticated user with a BIG-IP ASM...
K14046: FirePass input validation vulnerability
Security Advisory Description F5 FirePass SSL VPN contains an input validation vulnerability that may allow a remote attacker to compromise the FirePass controller. Impact An attacker may be able to exploit the vulnerability and retrieve arbitrary files, perform Denial of Service attacks, or...
K64124988: TMM IPv6 stack vulnerability CVE-2022-29479
Security Advisory Description When an IPv6 self IP address is configured and the ipv6.strictcompliance database key is enabled disabled by default on a BIG-IP system, undisclosed packets may cause decreased performance.CVE-2022-29479 Impact This vulnerability allows an unauthenticated attacker to...
K55354030: OpenJDK vulnerabilities CVE-2021-2341, CVE-2021-2369, CVE-2021-2388, CVE-2021-2432
Security Advisory Description CVE-2021-2341 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0...
K7529: Stack-based buffer overflow vulnerability in ActiveX control
Security Advisory Description Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5...
K54431371: BIG-IP APM client for Linux and macOS vulnerability CVE-2018-5546
Security Advisory Description The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. CVE-2018-5546 Impact A...
K37111863: NodeJS vulnerability CVE-2018-12120
Security Advisory Description Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with node --debug or node debug, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the...
K35981055: glibc vulnerability CVE-2018-11237
Security Advisory Description An AVX-512-optimized implementation of the mempcpy function in the GNU C Library aka glibc or libc6 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in mempcpyavx512novzeroupper. CVE-2018-11237 Impact There is no impact; F5...
K65292036: Linux kernel vulnerability CVE-2019-15791
Security Advisory Description In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfsbtrfsioctlfdreplace installs an fd referencing a file from the lower filesystem without taking an additional reference to that file. After the btrfs ioctl...