6413 matches found
K43030517: Linux kernel BPF vulnerability CVE-2019-7308
Security Advisory Description kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks...
K21536299: Apache Fineract vulnerabilities CVE-2018-1289, CVE-2018-1290, and CVE-2018-1292
Security Advisory Description CVE-2018-1289 In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, the system exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' and 'sortOrder' which are appended directly with SQL...
K24715544: MySQL vulnerabilities CVE-2018-2591, CVE-2018-2600, CVE-2018-2612, CVE-2018-2622, and CVE-2018-2640
Security Advisory Description CVE-2018-2591 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server : Partition. Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network...
K44873550: Apache Storm vulnerability CVE-2021-38294
Security Advisory Description A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution RCE prior to authentication...
K42142782: Linux kernel vulnerability CVE-2017-15121
Security Advisory Description A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary. CVE-2017-15121 Impact An attacker can exploit this vulnerability to cause a denial of...
K37080719: NGINX Instance Manager vulnerability CVE-2022-35241
Security Advisory Description When NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. CVE-2022-35241 Impact System performance can degrade until system inodes become free. This vulnerability allows a remote, authenticated attacker to cause a...
K14713331: MySQL Optimizer vulnerabilities CVE-2017-3638, CVE-2017-3642, and CVE-2017-3645
Security Advisory Description CVE-2017-3638 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...
K95208524: jQuery vulnerability CVE-2016-7103
Security Advisory Description Cross-site scripting XSS vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. CVE-2016-7103 Impact This vulnerability allows a remote attacker to perform an...
K02405023: Apache Brooklyn vulnerability CVE-2017-3165
Security Advisory Description In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources. This is due to improper escaping of server-si...
K10751325: TMM vulnerability CVE-2021-23011
Security Advisory Description When the BIG-IP system is buffering packet fragments for reassembly, the Traffic Management Microkernel TMM may consume an excessive amount of resources, eventually leading to a restart and failover event. CVE-2021-23011 Impact BIG-IP The Traffic Management Microkern...
K04327352: Multiple MySQL data manipulation language vulnerabilities
Security Advisory Description CVE-2017-3634 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DML. Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network acces...
K07082049: NTP vulnerability CVE-2017-6462
Security Advisory Description Buffer overflow in the legacy Datum Programmable Time Server DPTS refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device. CVE-2017-6462 Impact This vulnerability allows local users ...
K54891070: Tomcat vulnerabilities CVE-2012-5885, CVE-2012-5886, and CVE-2012-5887
Security Advisory Description CVE-2012-5885 The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce aka client nonce values instead of nonce aka server nonce and nc...
K27638900: Apache Struts vulnerability CVE-2017-15707
Security Advisory Description In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload. CVE-2017-15707 Impact There is no impact; F5 products are not affecte...
K54635192: Linux kernel overlayfs vulnerability CVE-2021-3493
Security Advisory Description The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the...
K38453823: Apache vulnerability CVE-2021-31618
Security Advisory Description Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client...
K14363514: OpenSSL vulnerability CVE-2017-3736
Security Advisory Description There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perfo...
K43815022: BIG-IP crypto driver vulnerability CVE-2020-5882
Security Advisory Description Under certain conditions, the Intel QuickAssist Technology QAT cryptography driver may produce a Traffic Management Microkernel TMM core file. CVE-2020-5882 Impact The BIG-IP system temporarily fails to process traffic as it recovers from TMM restarting, and systems...
K15317: Linux kernel vulnerability CVE-2014-0101
Security Advisory Description The sctpsfdo51Dce function in net/sctp/smstatefuns.c in the Linux kernel through 3.13.6 does not validate certain authenable and authcapable fields before making an sctpsfauthenticate call, which allows remote attackers to cause a denial of service NULL pointer...
K59836191: GnuTLS vulnerabilities CVE-2017-5335, CVE-2017-5336, and CVE-2017-5337
Security Advisory Description CVE-2017-5335 The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service out-of-memory error and crash via a crafted OpenPGP certificate. CVE-2017-5336 Stack-based buffe...
K58304450: Multiple Intel Processor vulnerabilities: Spectre-NG
Security Advisory Description Eight new vulnerabilities in Intel processors have been mentioned in several sources and are referred to collectively as Spectre-NG. F5 is aware of these vulnerabilities and is investigating as information becomes available. As Intel officially recognizes and announc...
K51494034: Intel NUC BIOS firmware vulnerability CVE-2021-33164
Security Advisory Description Improper access control in BIOS firmware for some IntelR NUCs before version INWHL357.0046 may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2021-33164 Impact There is no impact; F5 products are not affected by this...
K52102651: Linux Kernel vulnerability CVE-2021-23134
Security Advisory Description Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAPNETRAW capability. CVE-2021-23134 Impac...
K52259753: Intel Processor vulnerability CVE-2022-26373
Security Advisory Description Non-transparent sharing of return predictor targets between contexts in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access. CVE-2022-26373 Impact There is no impact; F5 products are not affected by this...
K55462146: OpenSSL vulnerability CVE-2017-3733
Security Advisory Description During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake or vice-versa then this can cause OpenSSL 1.1.0 before 1.1.0e to crash dependent on ciphersuite. Both clients and servers are affected...
K54647543: Linux kernel vulnerability CVE-2019-25044
Security Advisory Description The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blkmqfreerqs and blkcleanupqueue. CVE-2019-25044 Impact There is...
K50315101: Linux kernel vulnerability CVE-2019-14898
Security Advisory Description The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with...
K13364192: Samba vulnerability CVE-2016-2119
Security Advisory Description libcli/smb/smbXclibase.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the 1 SMB2SESSIONFLAGISGUEST or 2...
K15535113: MySQL vulnerability CVE-2016-5632
Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer. CVE-2016-5632 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...
K43429502: OpenSSL RSA key generation vulnerability CVE-2018-0737
Security Advisory Description The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL...
K45356577: Java vulnerability CVE-2022-21449
Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable...
K45816067: bzip2 vulnerability CVE-2016-3189
Security Advisory Description Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service crash via a crafted bzip2 file, related to block ends set to before the start of the block. CVE-2016-3189 Impact There is no impact; F5 products are not...
K45432295: BIG-IP APM logging disclosure vulnerability CVE-2017-6139
Security Advisory Description Under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk. CVE-2017-6139 Impact A vulnerable BIG-IP APM system may...
K41997459: BIG-IP APM XSS vulnerability CVE-2021-23054
Security Advisory Description A reflected cross-site scripting XSS vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system. CVE-2021-23054 Impact An attacker can craft a malicious URL and send it to an authenticated...
K01311152: Linux kernel vulnerabilities CVE-2020-36322 and CVE-2021-28950
Security Advisory Description CVE-2020-36322 An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fusedogetattr calls makebadinode in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability w...
K50116122: Apache Tomcat vulnerability CVE-2016-6816
Security Advisory Description The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the...
K56215245: Intel CPU vulnerabilities CVE-2019-11136 and CVE-2019-11137
Security Advisory Description CVE-2019-11136 Insufficient access control in system firmware for IntelR XeonR Scalable Processors, 2nd Generation IntelR XeonR Scalable Processors and IntelR XeonR Processors D Family may allow a privileged user to potentially enable escalation of privilege, denial ...
K04450715: libxml2 vulnerability CVE-2015-8806
Security Advisory Description dict.c in libxml2 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via an unexpected character immediately after the " Identified Medium screen. To determine if your release is known to be vulnerable, the componen...
K57542514: Python vulnerabilities CVE-2019-9636 and CVE-2019-10160
Security Advisory Description Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization. The impact is: Information disclosure credentials, cookies, etc. that are cached against a given hostname. The...
K98121587: glibc vulnerability CVE-2021-35942
Security Advisory Description The wordexp function in the GNU C Library aka glibc through 2.33 may crash or read arbitrary memory in parseparam in posix/wordexp.c when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs...
K61002104: BIG-IP AFM and PEM TMUI XSS vulnerability CVE-2019-6639
Security Advisory Description Undisclosed TMUI pages for AFM and PEM Subscriber management are vulnerable to a stored cross-site scripting XSS issue. This is a control plane issue only and is not accessible from the data plane. The attack requires a malicious resource administrator to store the...
K30737254: Linux kernel vulnerability CVE-2017-2671
Security Advisory Description The pingunhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service panic by leveraging...
K31424926: BIG-IP APM XSS vulnerability CVE-2019-6595
Security Advisory Description Cross-site scripting XSS vulnerability in F5 BIG-IP Access Policy Manager APM 11.5.x and 11.6.x Admin Web UI. CVE-2019-6595 Impact A remote attacker may be able to access the BIG-IP APM logon page and inject arbitrary web script or HTML to launch a cross-site scripti...
K70992015: Linux kernel vulnerabilty CVE-2021-33200
Security Advisory Description kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. I...
K48641455: QEMU buffer-overflow vulnerability CVE-2018-17962
Security Advisory Description Qemu has a Buffer Overflow in pcnetreceive in hw/net/pcnet.c because an incorrect integer data type is used. CVE-2018-17962 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated th...
K34508112: Pango vulnerability CVE-2019-1010238
Security Advisory Description Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pangolog2visgetembeddinglevels, assignment of nchars and the loop condition. The attack vecto...
K32380005: Linux kernel vulnerability CVE-2019-18282
Security Advisory Description The flowdissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash instead ...
K30215094: Ruby vulnerability CVE-2016-7798
Security Advisory Description The openssl gem for Ruby uses the same initialization vector IV in GCM Mode aes--gcm when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism. CVE-2016-7798 Impact There is no impact; F5...
K54501561: Apple Mac OS X Wiki Server vulnerability CVE-2008-1579
Security Advisory Description Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive information user names by reading the error message produced upon access to a nonexistent blog. CVE-2008-1579 Impact There is no impact; F5 products are not affected by this...
K25200948: Linux kernel vulnerability CVE-2021-33034
Security Advisory Description In the Linux kernel before 5.12.4, net/bluetooth/hcievent.c has a use-after-free when destroying an hcichan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. CVE-2021-33034 Impact There is no impact; F5 products are not affected by this vulnerability...