6294 matches found
K58304450: Multiple Intel Processor vulnerabilities: Spectre-NG
Security Advisory Description Eight new vulnerabilities in Intel processors have been mentioned in several sources and are referred to collectively as Spectre-NG. F5 is aware of these vulnerabilities and is investigating as information becomes available. As Intel officially recognizes and announc...
K54647543: Linux kernel vulnerability CVE-2019-25044
Security Advisory Description The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blkmqfreerqs and blkcleanupqueue. CVE-2019-25044 Impact There is...
K51494034: Intel NUC BIOS firmware vulnerability CVE-2021-33164
Security Advisory Description Improper access control in BIOS firmware for some IntelR NUCs before version INWHL357.0046 may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2021-33164 Impact There is no impact; F5 products are not affected by this...
K52102651: Linux Kernel vulnerability CVE-2021-23134
Security Advisory Description Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAPNETRAW capability. CVE-2021-23134 Impac...
K52259753: Intel Processor vulnerability CVE-2022-26373
Security Advisory Description Non-transparent sharing of return predictor targets between contexts in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access. CVE-2022-26373 Impact There is no impact; F5 products are not affected by this...
K59836191: GnuTLS vulnerabilities CVE-2017-5335, CVE-2017-5336, and CVE-2017-5337
Security Advisory Description CVE-2017-5335 The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service out-of-memory error and crash via a crafted OpenPGP certificate. CVE-2017-5336 Stack-based buffe...
K55462146: OpenSSL vulnerability CVE-2017-3733
Security Advisory Description During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake or vice-versa then this can cause OpenSSL 1.1.0 before 1.1.0e to crash dependent on ciphersuite. Both clients and servers are affected...
K15535113: MySQL vulnerability CVE-2016-5632
Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer. CVE-2016-5632 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...
K50315101: Linux kernel vulnerability CVE-2019-14898
Security Advisory Description The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with...
K13364192: Samba vulnerability CVE-2016-2119
Security Advisory Description libcli/smb/smbXclibase.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the 1 SMB2SESSIONFLAGISGUEST or 2...
K43429502: OpenSSL RSA key generation vulnerability CVE-2018-0737
Security Advisory Description The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL...
K41997459: BIG-IP APM XSS vulnerability CVE-2021-23054
Security Advisory Description A reflected cross-site scripting XSS vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system. CVE-2021-23054 Impact An attacker can craft a malicious URL and send it to an authenticated...
K45356577: Java vulnerability CVE-2022-21449
Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable...
K45816067: bzip2 vulnerability CVE-2016-3189
Security Advisory Description Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service crash via a crafted bzip2 file, related to block ends set to before the start of the block. CVE-2016-3189 Impact There is no impact; F5 products are not...
K45432295: BIG-IP APM logging disclosure vulnerability CVE-2017-6139
Security Advisory Description Under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk. CVE-2017-6139 Impact A vulnerable BIG-IP APM system may...
K57542514: Python vulnerabilities CVE-2019-9636 and CVE-2019-10160
Security Advisory Description Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization. The impact is: Information disclosure credentials, cookies, etc. that are cached against a given hostname. The...
K98121587: glibc vulnerability CVE-2021-35942
Security Advisory Description The wordexp function in the GNU C Library aka glibc through 2.33 may crash or read arbitrary memory in parseparam in posix/wordexp.c when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs...
K56215245: Intel CPU vulnerabilities CVE-2019-11136 and CVE-2019-11137
Security Advisory Description CVE-2019-11136 Insufficient access control in system firmware for IntelR XeonR Scalable Processors, 2nd Generation IntelR XeonR Scalable Processors and IntelR XeonR Processors D Family may allow a privileged user to potentially enable escalation of privilege, denial ...
K01311152: Linux kernel vulnerabilities CVE-2020-36322 and CVE-2021-28950
Security Advisory Description CVE-2020-36322 An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fusedogetattr calls makebadinode in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability w...
K50116122: Apache Tomcat vulnerability CVE-2016-6816
Security Advisory Description The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the...
K04450715: libxml2 vulnerability CVE-2015-8806
Security Advisory Description dict.c in libxml2 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via an unexpected character immediately after the " Identified Medium screen. To determine if your release is known to be vulnerable, the componen...
K30737254: Linux kernel vulnerability CVE-2017-2671
Security Advisory Description The pingunhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service panic by leveraging...
K48641455: QEMU buffer-overflow vulnerability CVE-2018-17962
Security Advisory Description Qemu has a Buffer Overflow in pcnetreceive in hw/net/pcnet.c because an incorrect integer data type is used. CVE-2018-17962 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated th...
K34508112: Pango vulnerability CVE-2019-1010238
Security Advisory Description Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pangolog2visgetembeddinglevels, assignment of nchars and the loop condition. The attack vecto...
K61002104: BIG-IP AFM and PEM TMUI XSS vulnerability CVE-2019-6639
Security Advisory Description Undisclosed TMUI pages for AFM and PEM Subscriber management are vulnerable to a stored cross-site scripting XSS issue. This is a control plane issue only and is not accessible from the data plane. The attack requires a malicious resource administrator to store the...
K31424926: BIG-IP APM XSS vulnerability CVE-2019-6595
Security Advisory Description Cross-site scripting XSS vulnerability in F5 BIG-IP Access Policy Manager APM 11.5.x and 11.6.x Admin Web UI. CVE-2019-6595 Impact A remote attacker may be able to access the BIG-IP APM logon page and inject arbitrary web script or HTML to launch a cross-site scripti...
K70992015: Linux kernel vulnerabilty CVE-2021-33200
Security Advisory Description kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. I...
K32380005: Linux kernel vulnerability CVE-2019-18282
Security Advisory Description The flowdissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash instead ...
K27238230: glibc vulnerability CVE-2020-29573
Security Advisory Description sysdeps/i386/ldbl2mpn.c in the GNU C Library aka glibc or libc6 before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a...
K28409184: Mozilla NSS vulnerability CVE-2020-12413
Security Advisory Description The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites. CVE-2020-12413 Impact This can lead to an attacker being able to compute the pre-master secret i...
K27053426: Spring data XML vulnerability CVE-2018-1259
Security Advisory Description Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library...
K29814751: Intel AMT vulnerabilities CVE-2020-0537, CVE-2020-0538, and CVE-2020-0540
Security Advisory Description CVE-2020-0537 Improper input validation in subsystem for IntelR AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow a privileged user to potentially enable denial of service via network access. CVE-2020-0538 Improper input validation in subsystem fo...
K30002521: GNU C Library vulnerability CVE-2018-19591
Security Advisory Description In the GNU C Library aka glibc or libc6 through 2.28, attempting to resolve a crafted hostname via getaddrinfo leads to the allocation of a socket descriptor that is not closed. This is related to the ifnametoindex function. CVE-2018-19591 Impact There is no impact; ...
K30215094: Ruby vulnerability CVE-2016-7798
Security Advisory Description The openssl gem for Ruby uses the same initialization vector IV in GCM Mode aes--gcm when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism. CVE-2016-7798 Impact There is no impact; F5...
K54501561: Apple Mac OS X Wiki Server vulnerability CVE-2008-1579
Security Advisory Description Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive information user names by reading the error message produced upon access to a nonexistent blog. CVE-2008-1579 Impact There is no impact; F5 products are not affected by this...
K25200948: Linux kernel vulnerability CVE-2021-33034
Security Advisory Description In the Linux kernel before 5.12.4, net/bluetooth/hcievent.c has a use-after-free when destroying an hcichan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. CVE-2021-33034 Impact There is no impact; F5 products are not affected by this vulnerability...
K06420357: PHP vulnerability CVE-2017-16642
Security Advisory Description In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelibmeridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related...
K52180214: MCPD vulnerability CVE-2016-7474
Security Advisory Description In some cases, the MCPD binary cache may allow a user with Advanced Shell access to temporarily obtain normally unrecoverable information. CVE-2016-7474 Impact A local user may have access to sensitive data such as passwords for recently created local user accounts a...
K10587158: MySQL vulnerability CVE-2016-8284
Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication. CVE-2016-8284 Impact There is no impact; F5 products are not affected by this vulnerability...
K52004282: Linux kernel vulnerability CVE-2021-32606
Security Advisory Description In the Linux kernel 5.11 through 5.12.2, isotpsetsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. This does not affect earlier versions that lack CAN ISOTP SFBROADCAST support. CVE-2021-32606 Impact There is no impact; F5...
K08037765: Qt vulnerabilities CVE-2018-19869, CVE-2018-19870, CVE-2018-19871, and CVE-2018-19873
Security Advisory Description CVE-2018-19869 An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. CVE-2018-19870 An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler...
K52285493: Multiple Intel CPU vulnerabilities
Security Advisory Description CVE-2020-8670 Race condition in the firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2020-8700 Improper input validation in the firmware for some IntelR Processors may allow a privileg...
K49921213: glibc vulnerability CVE-2020-1752
Security Advisory Description A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit thi...
K61267093: Multiple NSS vulnerabilities CVE-2020-6829, CVE-2020-12400, CVE-2020-12401, and CVE-2020-12402
Security Advisory Description CVE-2020-6829 When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the...
K23985340: Spring Integration Zip vulnerability CVE-2018-1261
Security Advisory Description Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z that holds path traversal filenames. So when the...
K45353544: SSL virtual server vulnerability CVE-2019-6605
Security Advisory Description An undisclosed sequence of packets received by an SSL virtual server and processed by an associated Client SSL or Server SSL profile may cause a denial of service. CVE-2019-6605 Impact This vulnerability allows an unauthorized disruption of service. Security Advisory...
K01512680: Linux kernel vulnerability CVE-2019-11811
Security Advisory Description An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmisi module is removed, related to drivers/char/ipmi/ipmisiintf.c, drivers/char/ipmi/ipmisimemio.c, and...
K21057235: libpng out-of-bounds read vulnerability CVE-2015-7981
Security Advisory Description The pngconverttorfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds...
K38893457: BIG-IP DNS TMUI vulnerability CVE-2022-33947
Security Advisory Description A vulnerability exists in undisclosed pages of the BIG-IP DNS Traffic Management User Interface TMUI that allows an authenticated attacker with at least operator role privileges to cause the Tomcat process to restart and perform unauthorized DNS requests and operatio...
K03685068: Linux kernel vulnerability CVE-2017-5972
Security Advisory Description The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service CPU consumption by sending many TCP SYN packets, as demonstrated ...