6413 matches found
K64855220: F5 TMUI and iControl Rest vulnerability CVE-2019-6634
Security Advisory Description High volume of malformed analytics report requests leads to instability in restjavad process. This causes issues with both iControl REST and some portions of TMUI. The attack requires an authenticated user with any role. CVE-2019-6634 Note: The No Access user role is...
K65292036: Linux kernel vulnerability CVE-2019-15791
Security Advisory Description In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfsbtrfsioctlfdreplace installs an fd referencing a file from the lower filesystem without taking an additional reference to that file. After the btrfs ioctl...
K84084843: NGINX Controller installer vulnerability CVE-2020-5911
Security Advisory Description The NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system. CVE-2020-5911 Impact A man-in-the-middle MITM attacker can use this vulnerability to intercept the insecure HTTP channel and convincingly forge...
K75952001: QEMU vulnerability CVE-2019-15890
Security Advisory Description libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ipreass in ipinput.c. CVE-2019-15890 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently supported...
K04320238: MySQL vulnerabilities CVE-2018-3276, CVE-2018-3277, CVE-2018-3278, CVE-2018-3279, and CVE-2018-3280
Security Advisory Description CVE-2018-3276 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Memcached. Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attack...
K51975973: Eclipse Jetty vulnerability CVE-2021-34428
Security Advisory Description For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can...
K28464509: PHP vulnerability CVE-2018-7584
Security Advisory Description In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the phpstreamurlwraphttpex function in ext/standard/httpfopenwrapper.c. This subsequently results in...
K92052341: Linux kernel vulnerability CVE-2021-29266
Security Advisory Description An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free because v-configctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba0. CVE-2021-29266 Impact There is no impact; F5 products are not...
K34514540: TMM vulnerability CVE-2017-6138
Security Advisory Description Malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default "normalize URI" configuration options used in iRules...
K36228121: BIG-IP DHCPv6 vulnerability CVE-2019-6643
Security Advisory Description An attacker sending specifically crafted DHCPv6 requests through a BIG-IP virtual server configured with a DHCPv6 profile may be able to cause the Traffic Management Microkernel TMM process to produce a core file. CVE-2019-6643 Impact This vulnerability may allow an...
K30255576: MySQL vulnerability CVE-2016-5507
Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. CVE-2016-5507 Impact There is no impact; F5 products are not affected by this vulnerability...
K47605350: MySQL vulnerability CVE-2016-5631
Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached. CVE-2016-5631 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...
K49436091: MySQL vulnerabilities CVE-2018-2668, CVE-2018-2696, and CVE-2018-2703
Security Advisory Description CVE-2018-2668 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacke...
K50212906: MySQL vulnerability CVE-2016-8290
Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-2016-5633. CVE-2016-8290 Impact There is no impact; F5 products are...
K35408374: BIG-IP compression driver vulnerability CVE-2021-23044
Security Advisory Description When the Intel QuickAssist Technology QAT compression driver is used on affected BIG-IP hardware and BIG-IP Virtual Edition VE platforms, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. CVE-2021-23044 Impact Traffic is disrupted whi...
K73008537: Apache Tomcat vulnerability CVE-2018-1336
Security Advisory Description An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86...
K09417637: Samba vulnerability CVE-2015-3223
Security Advisory Description The ldbwildcardcompare function in ldbmatch.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service infini...
K67644055: PHP vulnerability CVE-2016-5772
Security Advisory Description Double free vulnerability in the phpwddxprocessdata function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via...
K26430555: MySQL vulnerability CVE-2016-5625
Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Packaging. CVE-2016-5625 Impact There is no impact; F5 products are not affected by this vulnerabilit...
K11220361: LibTIFF vulnerability CVE-2015-1547
Security Advisory Description The NeXTDecode function in tifnext.c in LibTIFF allows remote attackers to cause a denial of service uninitialized memory access via a crafted TIFF image, as demonstrated by libtiff5.tif. CVE-2015-1547 Impact This vulnerability allows a remote attacker to cause a...
K66782293: TMM vulnerability CVE-2021-23039
Security Advisory Description When IPSec is configured on a BIG-IP system, undisclosed requests from an authorized remote IPSec peer, which already has a negotiated Security Association, can cause the Traffic Management Microkernel TMM to terminate. CVE-2021-23039 Impact Traffic is disrupted whil...
K20226900: F5 WebSafe Dashboard vulnerability CVE-2018-5545
Security Advisory Description A malicious, authenticated user can execute code on the F5 WebSafe Alert Server by using a maliciously crafted payload. CVE-2018-5545 Impact F5 WebSafe Alert Server An attacker with an authenticated account may be able to perform a malicious remote code execution on...
K13201415: MySQL vulnerability CVE-2016-5616
Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: MyISAM. CVE-2016-5616 Impact There is no impact; F5...
K10754336: MySQL vulnerabilities CVE-2019-2808, CVE-2019-2810, CVE-2019-2811, CVE-2019-2812, and CVE-2019-2814
Security Advisory Description CVE-2019-2808 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...
K05415626: Apache HTTPD vulnerability CVE-2017-7659
Security Advisory Description A maliciously constructed HTTP/2 request could cause modhttp2 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process. CVE-2017-7659 Impact A remote attacker can use a maliciously crafted HTTP/2 request to cause an abnormal termination on the Apache...
K44453423: IP-in-IP Packet Processing vulnerability CVE-2020-10136
Security Advisory Description Multiple products that implement the IP Encapsulation within IP standard RFC 2003, STD 1 decapsulate and route IP-in-IP traffic without any validation, which could allow an unauthenticated remote attacker to route arbitrary traffic via an exposed network interface an...
K50974556: Overview of F5 vulnerabilities (August 2021)
Security Advisory Description On August 24, 2021, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associated...
K09092524: Binutils vulnerability CVE-2019-9074
Security Advisory Description An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfdgetl32 in libbfd.c, when called from pex64getruntimefunction in pei-x8664.c. CVE-2019-9074 Impact...
K59591931: Drupal vulnerability CVE-2018-7602
Security Advisory Description A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to...
K54095660: Linux kernel vulnerability CVE-2016-9555
Security Advisory Description The sctpsfootb function in net/sctp/smstatefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service out-of-bounds slab access or possibly have unspecified other impact via...
K94325657: BIG-IP restjavad vulnerability CVE-2020-5880
Security Advisory Description The restjavad process may expose a way for attackers to upload arbitrary files on the BIG-IP system, bypassing the authorization system. Resulting error messages may also reveal internal paths of the server. CVE-2020-5880 Impact A remote attacker may be able to fill...
K03251240: Multiple Apache OFBiz vulnerabilities CVE-2021-29200, CVE-2021-30128
Security Advisory Description CVE-2021-29200 Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack CVE-2021-30128 Apache OFBiz has unsafe deserialization prior to 17.12.07 version Impact There is no impact; F5 products are not affected...
K02884135: Binutils vulnerability CVE-2019-9071
Security Advisory Description An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in dcounttemplatesscopes in cp-demangle.c after many recursive calls. CVE-2019-9071 Impact There is no impact; F5 products are not affected by this...
K71581599: libgd vulnerability CVE-2016-6161
Security Advisory Description The output function in gdgifout.c in the GD Graphics Library aka libgd allows remote attackers to cause a denial of service out-of-bounds read via a crafted image. CVE-2016-6161 Impact When using PHP to generate GIF images, it is possible for a specially crafted GD2...
K85307687: cURL and libcurl vulnerabilities CVE-2014-3613, CVE-2014-3707, and CVE-2014-8150
Security Advisory Description CVE-2014-3613 cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site...
K84947349: OpenJDK vulnerabilities CVE-2015-2601, CVE-2015-2621, CVE-2015-2632, CVE-2015-4748, and CVE-2015-4749
Security Advisory Description CVE-2015-2601 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRockit R28.3.6, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE. CVE-2015-2621 Unspecified vulnerability in Oracle Java SE...
K36784855: Apache Tomcat vulnerability CVE-2016-0762
Security Advisory Description The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to...
K37012655: Linux kernel vulnerability CVE-2016-7042
Security Advisory Description The prockeysshow function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection gcc stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service stack...
K69734255: INTEL-SA-00251 - Intel NUC Firmware vulnerability CVE-2019-11094
Security Advisory Description Insufficient input validation in system firmware for Intel R NUC Kit may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access. CVE-2019-11094 Impact There is no impact; F5 product...
K54308010: PHP vulnerability CVE-2016-7124
Security Advisory Description ext/standard/varunserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a 1 destruct...
K52114338: systemd vulnerability CVE-2017-9445
Security Advisory Description In systemd through 233, certain sizes passed to dnspacketnew in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating ...
K44500413: Linux kernel vulnerability CVE-2016-2069
Security Advisory Description Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU. CVE-2016-2069 Impact There is no impact; F5 products are not affected by this vulnerability...
K53590702: BIG-IP engineering hotfix TMM vulnerability CVE-2020-5852
Security Advisory Description Undisclosed traffic patterns received may cause a disruption of service to the Traffic Management Microkernel TMM. This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts...
K41103561: libxml2 vulnerability CVE-2016-4448
Security Advisory Description Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. CVE-2016-4448 Impact Allows an attacker unauthorized disclosure of information, unauthorized modification, and disruption ...
K33245306: INTEL-SA-00244 - Intel Quartus Prime Software CVE-2019-0171
Security Advisory Description Improper directory permissions in the installer for IntelR QuartusR software may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2019-0171 Impact There is no impact; F5 products are not affected by this vulnerability...
K23030550: Linux kernel vulnerability CVE-2016-8399
Security Advisory Description An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged proce...
K35232053: PHP vulnerability CVE-2016-7125
Security Advisory Description ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by obje...
K41827200: MySQL vulnerabilities CVE-2018-2562, CVE-2018-2573, CVE-2018-2576, CVE-2018-2583, and CVE-2018-2590
Security Advisory Description CVE-2018-2562 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server : Partition. Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attack...
K24415506: BIG-IP APM portal access reflected XSS vulnerability CVE-2020-5889
Security Advisory Description In BIG-IP APM portal access, a specially crafted HTTP request can lead to reflected XSS after the BIG-IP APM system rewrites the HTTP response from the untrusted backend server and sends it to the client. CVE-2020-5889 Impact An attacker can craft a malicious URL and...
K23328310: TMM vulnerability CVE-2018-15330
Security Advisory Description When a virtual server uses the inflate functionality to process a gzip bomb as a payload, the BIG-IP system will experience a fatal error and may cause the Traffic Management Microkernel TMM to produce a core file. CVE-2018-15330 Impact An attacker may be able to...