6294 matches found
K16321: OpenSSL vulnerability CVE-2015-0293
Security Advisory Description The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service s2lib.c assertion failure and daemon exit via a crafted CLIENT-MASTER-KEY message. CVE-2015-0293...
K14560101: Wget vulnerability CVE-2019-5953
Security Advisory Description Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service DoS or may execute an arbitrary code via unspecified vectors. CVE-2019-5953 Impact There is no impact; F5 products are not affected by this vulnerability. Security...
K47455661: Linux kernel vulnerability CVE-2020-35499
Security Advisory Description A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 may be seen if scosockgetsockopt function in net/bluetooth/sco.c do not have a sanity check for a socket connection, when using BTSNDMTU/BTRCVMTU for SCO sockets. This could allow a local attacker...
K43404365: BIG-IP APM logs may contain random data after the APM session ID
Security Advisory Description The BIG-IP APM system may log random data after the APM session ID in the /var/log/apm logs. An additional 24 bytes of random information may be logged after the APM session ID. This issue occurs when the following condition is met: You use the ACCESS::log command in...
K13600: SSH vulnerability CVE-2012-1493
Security Advisory Description A platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using secure shell SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH...
K72423000: The BIG-IP AFM ACL and IPI features may not function as designed
Security Advisory Description This issue occurs when all of the following conditions are met: You have provisioned and configured the BIG-IP AFM module. Your system has active TCP half-open mitigations. Impact Some BIG-IP AFM features like access control lists ACLs and IP Intelligence IPI are not...
K70312000: BIG-IP ASM JSON websocket security exposure
Security Advisory Description The BIG-IP ASM system may fail to block bad JSON websocket requests. This issue occurs when all of the following conditions are met: In the JSON profile of the affected security policy, the Parse Parameters setting is enabled. Note: This setting is enabled by default...
K3144: Apache mod_alias buffer overflow vulnerability CAN-2003-0542
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K7593: Command injection into F5 ActiveX control
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K16365: glibc vulnerability CVE-2014-9402
Security Advisory Description The nssdns implementation of getnetbyname in GNU C Library aka glibc before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service infinite loop by sending a positive answer while a network...
K16364: GNU C Library (glibc) vulnerability CVE-2012-3406
Security Advisory Description The vfprintf function in stdio-common/vfprintf.c in GNU C Library aka glibc 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the...
K16342: GNU C Library (glibc) vulnerability CVE-2012-6656
Security Advisory Description iconvdata/ibm930.c in GNU C Library aka glibc before 2.16 allows context-dependent attackers to cause a denial of service out-of-bounds read via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8. CVE-2012-6656...
K16356: BIND vulnerability CVE-2015-1349
Security Advisory Description named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service assertion failure and daemon exit, or daemon crash by triggering a...
K16345: FreeBSD vulnerability CVE-2015-1414
Security Advisory Description Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote attackers to cause a denial of service crash via a crafted IGMP packet, which triggers an incorrect size calculation and allocation of insufficient memor...
K16319: OpenSSL vulnerability CVE-2015-0288
Security Advisory Description Description The X509toX509REQ function in crypto/x509/x509req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service NULL pointer dereference and application crash via an inval...
K16317: OpenSSL vulnerability CVE-2015-0286
Security Advisory Description The ASN1TYPEcmp function in crypto/asn1/atype.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform Boolean-type comparisons, which allows remote attackers to cause a denial of service invalid read...
K36212405: Apache Cassandra vulnerability CVE-2020-13946
Security Advisory Description In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and...
K33440533: BIG-IP ASM Bot Defense open redirection vulnerability CVE-2021-22984
Security Advisory Description When receiving a unauthenticated client request with a maliciously crafted URI, a BIG-IP Advanced WAF or ASM virtual server configured with a DoS profile with Proactive Bot Defense versions prior to 14.1.0, or a Bot Defense profile versions 14.1.0 and later, may...
K25160703: BIG-IP AFM vulnerability CVE-2020-5920
Security Advisory Description A vulnerability in the BIG-IP AFM Configuration utility may allow any authenticated BIG-IP user to perform a read-only blind SQL injection attack. CVE-2020-5920 Impact An attacker may be able to extract table name enumeration and user account names. All other data...
K17407: Datastor kernel vulnerability CVE-2015-7394
Security Advisory Description The datastor kernel module in F5 BIG-IP Analytics, APM, ASM, Link Controller, and LTM 11.1.0 before 12.0.0, BIG-IP AAM 11.4.0 before 12.0.0, BIG-IP AFM, PEM 11.3.0 before 12.0.0, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.1.0 through 11.3.0, BIG-IP GTM 11.1.0...
K15551553: OpenSSL vulnerability CVE-2017-3730
Security Advisory Description In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack...
K10248311: The apmd process logs clear the text password in an iRule when in debug mode
Security Advisory Description This issue occurs when all of the following conditions are met: You have licensed and provisioned the BIG-IP APM module. You have configured the apmd process to log at the debug level. You have configured the BIG-IP APM virtual server to run an access policy using an...
K17551: Linux kernel vulnerability CVE-2014-9419
Security Advisory Description The switchto function in arch/x86/kernel/process64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage TLS descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection...
K6669: Apache HTTP Expect header handling
Security Advisory Description Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...
K8508: Cross-site scripting vulnerability in installControl.php3 page
Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...
K15082: OpenSSH vulnerability CVE-2010-4755
Security Advisory Description The 1 remoteglob function in sftp-glob.c and the 2 processput function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service CPU and memory...
K24444803: Node.js vulnerabilities CVE-2015-8860, CVE-2015-8856, CVE-2016-7099, and CVE-2016-5325
Security Advisory Description CVE-2015-8860 The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive. CVE-2015-8856 Cross-site scripting XSS vulnerability in the serve-index package before 1.6.3 for Node.js allows remote...
K07702240: BIG-IP Resource Administrator vulnerability CVE-2019-6618
Security Advisory Description Users with the Resource Administrator role can modify sensitive portions of the file system if provided Advanced Shell access, such as editing /etc/passwd. This allows modifications to user objects and is contrary to our definition for the Resource Administrator role...
K06878231: LLDPD vulnerabilities CVE-2015-8011 and CVE-2015-8012
Security Advisory Description CVE-2015-8011 Buffer overflow in the lldpdecode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service daemon crash and possibly execute arbitrary code via vectors involving large management addresses and TLV...
K18657134: Linux kernel vulnerability CVE-2018-16871
Security Advisory Description A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic t...
K22854260: Drupal vulnerability CVE-2018-7600
Security Advisory Description Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations. CVE-2018-7600 Impact There is no impact;...
K93417064: MFC vulnerability CVE-2019-6681
Security Advisory Description Memory leak in Multicast Forwarding Cache MFC handling in tmrouted. CVE-2019-6681 Impact A BIG-IP system licensed with the ZebOS dynamic routing and multicast routing bundle, configured with static or dynamic multicast routes that use the Multicast Forwarding Cache...
K13074505: libarchive vulnerability CVE-2016-8687
Security Advisory Description Stack-based buffer overflow in the safefprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename. CVE-2016-8687 Impact For BIG-IP and VIPRION platforms that ar...
K65417229: Apache Struts vulnerability CVE-2017-7525
Security Advisory Description A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...
K21312421: Samba vulnerabilities CVE-2020-25718 and CVE-2021-23192
Security Advisory Description CVE-2020-25718 A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC read-only domain controller. This would allow an RODC to print administrator tickets. CVE-2021-23192 A flaw was found in the way samba implemented...
K15101402: iControl REST vulnerability CVE-2022-1468
Security Advisory Description An authenticated iControl REST user with at least guest role privileges can cause processing delays to iControl REST requests via undisclosed requests. CVE-2022-1468 Impact Processing delays to iControl REST requests can occur until the iControl REST daemon is either...
K12671141: Linux kernel vulnerability CVE-2019-8956
Security Advisory Description In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctpsendmsg" function net/sctp/socket.c when handling SCTPSENDALL flag can be exploited to corrupt memory. CVE-2019-8956 Impact There is no impact; F5 products are not affected by...
K43871899: binutils vulnerability CVE-2018-1000876
Security Advisory Description binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfdgetdynamicrelocupperbound,bfdcanonicalizedynamicreloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. Th...
K52171282: BIG-IP APM client for Linux and macOS vulnerability CVE-2018-5529
Security Advisory Description The svpn component of the F5 BIG-IP APM client prior to version 7.1.7 for Linux and Mac OS X runs as a privileged process and can allow an unprivileged user to assume super-user privileges on the local client host. A malicious local unprivileged user may gain knowled...
K44591505: Apache vulnerabilities CVE-2019-0196, CVE-2019-0197, and CVE-2019-0220
Security Advisory Description CVE-2019-0196 A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request...
K29691966: PHP vulnerability CVE-2016-5773
Security Advisory Description phpzip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service...
K95120415: NGINX Controller AVRD vulnerability CVE-2020-5895
Security Advisory Description AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault SIGSEGV by writing malformed messages to the...
K25434422: NGINX Controller vulnerability CVE-2020-5899
Security Advisory Description Recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset using the email address of...
K31447551: Xilinx Starbleed FPGA vulnerability
Security Advisory Description Design Advisory for 7 Series/Virtex-6 FPGAs: Defeating Bitstream Encryption AR 73541 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently supported releases for...
K66289873: Apache Tomcat vulnerability CVE-2019-17569
Security Advisory Description The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request...
K21571420: Multiple Samba vulnerabilities
Security Advisory Description CVE-2022-2031 A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this...
K55873574: BIG-IP ASM Configuration utility vulnerability CVE-2020-5927
Security Advisory Description BIG-IP ASM Configuration utility stored cross-site scripting. CVE-2020-5927 Impact An attacker may exploit this vulnerability by redirecting users to a malicious page. Security Advisory Status F5 Product Development has assigned ID 888489 BIG-IP to this vulnerability...
K42438635: Linux kernel vulnerability CVE-2019-19072
Security Advisory Description A memory leak in the predicateparse function in kernel/trace/traceeventsfilter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memory consumption, aka CID-96c5c6e6a5b6. CVE-2019-19072 Impact May allow attackers to overflow memory...
K23454411: DNS profile vulnerability CVE-2022-26372
Security Advisory Description When a DNS listener is configured on a virtual server with DNS queueing default, undisclosed requests can cause an increase in memory resource utilization. CVE-2022-26372 Impact System performance can degrade until the Traffic Management Microkernel TMM process is...
K40843345: BIG-IP ASM Configuration utility vulnerability CVE-2020-5928
Security Advisory Description An attacker may use the BIG-IP ASM Configuration utility cross-site request forgery CSRF protection token multiple times. CVE-2020-5928 Impact When the token is stolen, an attacker may be able to send POST requests to the affected BIG-IP ASM system to modify the...