K10520421: Spring Security OAuth vulnerability CVE-2018-1260

Security Advisory Description Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the...

K03685068: Linux kernel vulnerability CVE-2017-5972

Security Advisory Description The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service CPU consumption by sending many TCP SYN packets, as demonstrated ...

K50112422: Linux kernel vulnerability CVE-2020-11884

Security Advisory Description In the Linux kernel through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enablesacfuaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. ...

K06015902: Intel AMT vulnerabilities CVE-2020-0531, CVE-2020-0532, and CVE-2020-0535

Security Advisory Description CVE-2020-0531 Improper input validation in IntelR AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an authenticated user to potentially enable information disclosure via network access. CVE-2020-0532 Improper input validation in subsystem for...

K05314769: BIG-IP Advanced WAF and ASM WebSocket vulnerability CVE-2021-23033

Security Advisory Description When a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. CVE-2021-23033 Impact Traffic is disrupted while the bd process restarts. This vulnerability allows a remote attacker to cause a denial-of-service DoS on the...

K76719230: PHP vulnerability CVE-2015-4116

Security Advisory Description Use-after-free vulnerability in the splptrheapinsert function in ext/spl/splheap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation.CVE-2015-4116 Impact There is no...

K44603900: BIG-IP Configuration utility vulnerability CVE-2019-6598

Security Advisory Description Malformed requests to the Traffic Management User Interface TMUI, also referred to as the BIG-IP Configuration utility, may lead to disruption of TMUI services. This attack requires an authenticated user with any role other than the No Access role. The No Access user...

K92665308: Apache Tomcat vulnerabilities CVE-2017-7674 and CVE-2017-7675

Security Advisory Description CVE-2017-7674 The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache...

K35750231: TMM vulnerability CVE-2020-5878

Security Advisory Description Traffic Management Microkernel TMM may restart on BIG-IP Virtual Edition VE while processing unusual IP traffic. CVE-2020-5878 Impact The BIG-IP VE system may temporarily fail to process traffic as it recovers from a TMM restart. If the BIG-IP VE system is configured...

K34360320: BIG-IP FastL4 vulnerability CVE-2022-23010

Security Advisory Description When a FastL4 profile and an HTTP profile are configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. CVE-2022-23010 Impact System performance can degrade until the process is either forced to restart or is manually...

K20451100: Apache vulnerability CVE-2022-22721

Security Advisory Description If LimitXMLRequestBody is set to allow request bodies larger than 350MB defaults to 1M on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. CVE-2022-22721 Impact There is no...

K43267483: PHP vulnerability CVE-2016-5766

Security Advisory Description Integer overflow in the gd2GetHeader function in gdgd2.c in the GD Graphics Library aka libgd before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service heap-based buffer overflow and...

K41020865: MySQL vulnerability CVE-2016-8286

Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges. CVE-2016-8286 Impact There is no impact; F5 products are not affected by this vulnerability...

K19473898: Expat vulnerabilities CVE-2022-23852, CVE-2022-25235, CVE-2022-25236, and CVE-2022-25315

Security Advisory Description CVE-2022-23852 Expat aka libexpat before 2.4.4 has a signed integer overflow in XMLGetBuffer, for configurations with a nonzero XMLCONTEXTBYTES. CVE-2022-25235 xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain validation of encoding, such as checks for...

K90011301: libssh2 vulnerabilities CVE-2019-3856, CVE-2019-3857, and CVE-2019-3863

Security Advisory Description CVE-2019-3856 An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system...

K81556107: Intel processors vulnerabilities CVE-2019-0123 and CVE-2019-0124

Security Advisory Description CVE-2019-0123 Insufficient memory protection in IntelR 6th Generation Core Processors and greater, supporting SGX, may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2019-0124 Insufficient memory protection in IntelR 6th...

K19356280: Cognito Software Moneyworks vulnerability CVE-2017-9615

Security Advisory Description Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file. CVE-2017-9615 Impact There is no impact; F5 products are...

K17959662: ImageMagick vulnerabilities CVE-2015-8897 and CVE-2016-5239

Security Advisory Description CVE-2015-8897 The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service application crash via a crafted png file. CVE-2016-5239 The gnuplot delegate functionality in ImageMagick before 6.9.4-...

K89105210: Multiple Intel Linux Wi-Fi Drivers vulnerabilities

Security Advisory Description CVE-2019-11151 Memory corruption issues in IntelR WIFI Drivers before version 21.40 may allow a privileged user to potentially enable escalation of privilege, denial of service, and information disclosure via local access. CVE-2019-11152 Memory corruption issues in...

K69124112: PostgreSQL JDBC vulnerability CVE-2022-21724

Security Advisory Description pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc...

K42910051: OpenSSL vulnerability CVE-2020-1971

Security Advisory Description The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERALNAMEcmp which compares different instances of a GENERALNAME to see if they are equal or not...

K51433470: MySQL vulnerability CVE-2017-10424

Security Advisory Description Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL subcomponent: Monitoring: Web. Supported versions that are affected are 3.2.8.2223 and earlier, 3.3.4.3247 and earlier and 3.4.2.4181 and earlier. Easily exploitable vulnerability allows...

K90412202: libarchive vulnerability CVE-2015-8932

Security Advisory Description The compressbidderinit function in archivereadsupportfiltercompress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service crash via a crafted tar file, which triggers an invalid left shift. CVE-2015-8932 Impact This functionality is expose...

K61112120: BIG-IP ASM and Advanced WAF TMUI vulnerability CVE-2022-23031

Security Advisory Description An XML External Entity XXE vulnerability exists in an undisclosed page of the F5 Advanced Web Application Firewall Advanced WAF and BIG-IP ASM Traffic Management User Interface TMUI, also referred to as the Configuration utility, that allows an authenticated...

K89621551: OpenSSH vulnerability CVE-2017-15906

Security Advisory Description The processopen function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. CVE-2017-15906 Impact BIG-IP, BIG-IQ, F5 iWorkflow, Enterprise Manager, LineRate, and ARX...

K42102650: MySQL vulnerability CVE-2017-10203

Security Advisory Description Vulnerability in the MySQL Connectors component of Oracle MySQL subcomponent: Connector/Net. Supported versions that are affected are 6.9.9 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to...

K91117041: Oracle Java SE vulnerability CVE-2019-2745, CVE-2019-2762

Security Advisory Description CVE-2019-2745 Vulnerability in the Java SE component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructu...

K05295469: Expat vulnerability CVE-2019-15903

Security Advisory Description In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber then resulted in a heap-based buffer over-read. CVE-2019-15903...

K09585151: BIND vulnerability CVE-2018-5734

Security Advisory Description While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn't conta...

K11464209: IP Intelligence Feed List vulnerability CVE-2017-6143

Security Advisory Description X509 certificate verification was not correctly implemented in the IP Intelligence Subscription and IP Intelligence feed-list features, and thus the remote server’s identity is not properly validated in certain versions of BIG-IP. CVE-2017-6143 Impact Affected BIG-IP...

K10107360: Apache Tomcat vulnerability CVE-2019-12418

Security Advisory Description When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a...

K11175903: Oracle Java SE vulnerability CVE-2019-2684

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker wi...

K51197241: ICU vulnerability CVE-2020-10531

Security Advisory Description An issue was discovered in International Components for Unicode ICU for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend function in common/unistr.cpp. CVE-2020-10531 Impact There is no impact; F5...

K58290051: BIG-IP AFM vulnerability CVE-2020-5937

Security Advisory Description The Traffic Management Microkernel TMM may produce a core file while processing layer 4 L4 behavioral denial-of-service DoS traffic. CVE-2020-5937 Impact The BIG-IP system may temporarily fail to process traffic as it recovers from a TMM restart, and devices configur...

K09376613: INTEL-SA-00249 - Intel i915 Graphics for Linux vulnerability CVE-2019-11085

Security Advisory Description Insufficient input validation in Kernel Mode Driver in IntelR i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2019-11085 Impact There is no impact; F5 products are not...

K44415301: Apache Tomcat vulnerability CVE-2020-17527

Security Advisory Description While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the...

K95343321: Linux kernel vulnerability CVE-2018-5390

Security Advisory Description Linux kernel versions 4.9+ can be forced to make very expensive calls to tcpcollapseofoqueue and tcppruneofoqueue for every incoming packet which can lead to a denial of service. CVE-2018-5390 also known as SegmentSmack Impact For products with vulnerable versions,...

K37442533: TMOS Shell vulnerability CVE-2018-5516

Security Advisory Description Authenticated users granted TMOS Shell tmsh access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be...

K46552732: Wget vulnerability CVE-2017-13089

Security Advisory Description The http.c:skipshortbody function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol to read each chunk's length, but doesn't check that the chunk length is a...

K05525310: INTEL-SA-00252 - Intel Driver & Support Assistant version 19.3.12.3 and before vulnerability CVE-2019-11095

Security Advisory Description Insufficient access control in IntelR Driver & Support Assistant version 19.3.12.3 and before may allow a privileged user to potentially enable information disclosure via local access. CVE-2019-11095 Impact There is no impact; F5 products are not affected by this...

K51444934: NTP vulnerability CVE-2016-7426

Security Advisory Description NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service prevent responses from the sources by sending responses with a spoofed source...

K55405388: NTP vulnerability CVE-2016-9311

Security Advisory Description ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted packet. CVE-2016-9311 Impact A remote attacker may be able to send a specially crafted packet to cause ...

K43312023: Grafana vulnerability CVE-2021-43798

Security Advisory Description Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 except for patched versions iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: /public/plugins//, where is...

K22572754: QEMU vulnerability CVE-2017-15289

Security Advisory Description The mode4and5 write functions in hw/display/cirrusvga.c in Qemu allow local OS guest privileged users to cause a denial of service out-of-bounds write access and Qemu process crash via vectors related to dst calculation. CVE-2017-15289 Impact There is no impact; F5...

K87922456: NTP vulnerability CVE-2016-9310

Security Advisory Description The control mode mode 6 functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet. CVE-2016-9310 Impact In default configurations, F5 products are not vulnerable. If you remove the default restrict...

K74374841: Linux kernel vulnerability CVE-2018-5391

Security Advisory Description The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various...

K00245734: INTEL-SA-00204 - Intel PROSet/Wireless WiFi Software vulnerability CVE-2018-3701

Security Advisory Description Improper directory permissions in the installer for IntelR PROSet/Wireless WiFi Software version 20.100 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2018-3701 Impact There is no impact; F5 products ar...

K28409053: Apache Tomcat vulnerability CVE-2022-23181

Security Advisory Description The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user...

K23406572: libjpeg vulnerabilities CVE-2016-3616 CVE-2018-11213 CVE-2018-11214 CVE-2018-11813 CVE-2018-14498

Security Advisory Description CVE-2016-3616 The cjpeg utility in libjpeg allows remote attackers to cause a denial of service NULL pointer dereference and application crash or execute arbitrary code via a crafted file. CVE-2018-11213 An issue was discovered in libjpeg 9a. The gettextgrayrow...

K30201296: SOCKS proxy vulnerability CVE-2017-0303

Security Advisory Description In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections handled by a Virtual Server with an associated SOCKS profile may not be...