6413 matches found
K05295469: Expat vulnerability CVE-2019-15903
Security Advisory Description In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber then resulted in a heap-based buffer over-read. CVE-2019-15903...
K09376613: INTEL-SA-00249 - Intel i915 Graphics for Linux vulnerability CVE-2019-11085
Security Advisory Description Insufficient input validation in Kernel Mode Driver in IntelR i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2019-11085 Impact There is no impact; F5 products are not...
K09585151: BIND vulnerability CVE-2018-5734
Security Advisory Description While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn't conta...
K10107360: Apache Tomcat vulnerability CVE-2019-12418
Security Advisory Description When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a...
K44415301: Apache Tomcat vulnerability CVE-2020-17527
Security Advisory Description While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the...
K05525310: INTEL-SA-00252 - Intel Driver & Support Assistant version 19.3.12.3 and before vulnerability CVE-2019-11095
Security Advisory Description Insufficient access control in IntelR Driver & Support Assistant version 19.3.12.3 and before may allow a privileged user to potentially enable information disclosure via local access. CVE-2019-11095 Impact There is no impact; F5 products are not affected by this...
K51444934: NTP vulnerability CVE-2016-7426
Security Advisory Description NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service prevent responses from the sources by sending responses with a spoofed source...
K43312023: Grafana vulnerability CVE-2021-43798
Security Advisory Description Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 except for patched versions iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: /public/plugins//, where is...
K46552732: Wget vulnerability CVE-2017-13089
Security Advisory Description The http.c:skipshortbody function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol to read each chunk's length, but doesn't check that the chunk length is a...
K95343321: Linux kernel vulnerability CVE-2018-5390
Security Advisory Description Linux kernel versions 4.9+ can be forced to make very expensive calls to tcpcollapseofoqueue and tcppruneofoqueue for every incoming packet which can lead to a denial of service. CVE-2018-5390 also known as SegmentSmack Impact For products with vulnerable versions,...
K37442533: TMOS Shell vulnerability CVE-2018-5516
Security Advisory Description Authenticated users granted TMOS Shell tmsh access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be...
K55405388: NTP vulnerability CVE-2016-9311
Security Advisory Description ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted packet. CVE-2016-9311 Impact A remote attacker may be able to send a specially crafted packet to cause ...
K87922456: NTP vulnerability CVE-2016-9310
Security Advisory Description The control mode mode 6 functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet. CVE-2016-9310 Impact In default configurations, F5 products are not vulnerable. If you remove the default restrict...
K00245734: INTEL-SA-00204 - Intel PROSet/Wireless WiFi Software vulnerability CVE-2018-3701
Security Advisory Description Improper directory permissions in the installer for IntelR PROSet/Wireless WiFi Software version 20.100 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2018-3701 Impact There is no impact; F5 products ar...
K28409053: Apache Tomcat vulnerability CVE-2022-23181
Security Advisory Description The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user...
K74374841: Linux kernel vulnerability CVE-2018-5391
Security Advisory Description The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various...
K23406572: libjpeg vulnerabilities CVE-2016-3616 CVE-2018-11213 CVE-2018-11214 CVE-2018-11813 CVE-2018-14498
Security Advisory Description CVE-2016-3616 The cjpeg utility in libjpeg allows remote attackers to cause a denial of service NULL pointer dereference and application crash or execute arbitrary code via a crafted file. CVE-2018-11213 An issue was discovered in libjpeg 9a. The gettextgrayrow...
K30201296: SOCKS proxy vulnerability CVE-2017-0303
Security Advisory Description In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections handled by a Virtual Server with an associated SOCKS profile may not be...
K16321: OpenSSL vulnerability CVE-2015-0293
Security Advisory Description The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service s2lib.c assertion failure and daemon exit via a crafted CLIENT-MASTER-KEY message. CVE-2015-0293...
K22572754: QEMU vulnerability CVE-2017-15289
Security Advisory Description The mode4and5 write functions in hw/display/cirrusvga.c in Qemu allow local OS guest privileged users to cause a denial of service out-of-bounds write access and Qemu process crash via vectors related to dst calculation. CVE-2017-15289 Impact There is no impact; F5...
K47455661: Linux kernel vulnerability CVE-2020-35499
Security Advisory Description A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 may be seen if scosockgetsockopt function in net/bluetooth/sco.c do not have a sanity check for a socket connection, when using BTSNDMTU/BTRCVMTU for SCO sockets. This could allow a local attacker...
K14560101: Wget vulnerability CVE-2019-5953
Security Advisory Description Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service DoS or may execute an arbitrary code via unspecified vectors. CVE-2019-5953 Impact There is no impact; F5 products are not affected by this vulnerability. Security...
K43404365: BIG-IP APM logs may contain random data after the APM session ID
Security Advisory Description The BIG-IP APM system may log random data after the APM session ID in the /var/log/apm logs. An additional 24 bytes of random information may be logged after the APM session ID. This issue occurs when the following condition is met: You use the ACCESS::log command in...
K13600: SSH vulnerability CVE-2012-1493
Security Advisory Description A platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using secure shell SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH...
K70312000: BIG-IP ASM JSON websocket security exposure
Security Advisory Description The BIG-IP ASM system may fail to block bad JSON websocket requests. This issue occurs when all of the following conditions are met: In the JSON profile of the affected security policy, the Parse Parameters setting is enabled. Note: This setting is enabled by default...
K72423000: The BIG-IP AFM ACL and IPI features may not function as designed
Security Advisory Description This issue occurs when all of the following conditions are met: You have provisioned and configured the BIG-IP AFM module. Your system has active TCP half-open mitigations. Impact Some BIG-IP AFM features like access control lists ACLs and IP Intelligence IPI are not...
K3144: Apache mod_alias buffer overflow vulnerability CAN-2003-0542
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K7593: Command injection into F5 ActiveX control
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K16364: GNU C Library (glibc) vulnerability CVE-2012-3406
Security Advisory Description The vfprintf function in stdio-common/vfprintf.c in GNU C Library aka glibc 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the...
K16365: glibc vulnerability CVE-2014-9402
Security Advisory Description The nssdns implementation of getnetbyname in GNU C Library aka glibc before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service infinite loop by sending a positive answer while a network...
K16345: FreeBSD vulnerability CVE-2015-1414
Security Advisory Description Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote attackers to cause a denial of service crash via a crafted IGMP packet, which triggers an incorrect size calculation and allocation of insufficient memor...
K16342: GNU C Library (glibc) vulnerability CVE-2012-6656
Security Advisory Description iconvdata/ibm930.c in GNU C Library aka glibc before 2.16 allows context-dependent attackers to cause a denial of service out-of-bounds read via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8. CVE-2012-6656...
K16356: BIND vulnerability CVE-2015-1349
Security Advisory Description named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service assertion failure and daemon exit, or daemon crash by triggering a...
K16319: OpenSSL vulnerability CVE-2015-0288
Security Advisory Description Description The X509toX509REQ function in crypto/x509/x509req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service NULL pointer dereference and application crash via an inval...
K16317: OpenSSL vulnerability CVE-2015-0286
Security Advisory Description The ASN1TYPEcmp function in crypto/asn1/atype.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform Boolean-type comparisons, which allows remote attackers to cause a denial of service invalid read...
K36212405: Apache Cassandra vulnerability CVE-2020-13946
Security Advisory Description In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and...
K33440533: BIG-IP ASM Bot Defense open redirection vulnerability CVE-2021-22984
Security Advisory Description When receiving a unauthenticated client request with a maliciously crafted URI, a BIG-IP Advanced WAF or ASM virtual server configured with a DoS profile with Proactive Bot Defense versions prior to 14.1.0, or a Bot Defense profile versions 14.1.0 and later, may...
K25160703: BIG-IP AFM vulnerability CVE-2020-5920
Security Advisory Description A vulnerability in the BIG-IP AFM Configuration utility may allow any authenticated BIG-IP user to perform a read-only blind SQL injection attack. CVE-2020-5920 Impact An attacker may be able to extract table name enumeration and user account names. All other data...
K17407: Datastor kernel vulnerability CVE-2015-7394
Security Advisory Description The datastor kernel module in F5 BIG-IP Analytics, APM, ASM, Link Controller, and LTM 11.1.0 before 12.0.0, BIG-IP AAM 11.4.0 before 12.0.0, BIG-IP AFM, PEM 11.3.0 before 12.0.0, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.1.0 through 11.3.0, BIG-IP GTM 11.1.0...
K15551553: OpenSSL vulnerability CVE-2017-3730
Security Advisory Description In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack...
K17551: Linux kernel vulnerability CVE-2014-9419
Security Advisory Description The switchto function in arch/x86/kernel/process64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage TLS descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection...
K10248311: The apmd process logs clear the text password in an iRule when in debug mode
Security Advisory Description This issue occurs when all of the following conditions are met: You have licensed and provisioned the BIG-IP APM module. You have configured the apmd process to log at the debug level. You have configured the BIG-IP APM virtual server to run an access policy using an...
K6669: Apache HTTP Expect header handling
Security Advisory Description Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...
K8508: Cross-site scripting vulnerability in installControl.php3 page
Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...
K15082: OpenSSH vulnerability CVE-2010-4755
Security Advisory Description The 1 remoteglob function in sftp-glob.c and the 2 processput function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service CPU and memory...
K18657134: Linux kernel vulnerability CVE-2018-16871
Security Advisory Description A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic t...
K06878231: LLDPD vulnerabilities CVE-2015-8011 and CVE-2015-8012
Security Advisory Description CVE-2015-8011 Buffer overflow in the lldpdecode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service daemon crash and possibly execute arbitrary code via vectors involving large management addresses and TLV...
K07702240: BIG-IP Resource Administrator vulnerability CVE-2019-6618
Security Advisory Description Users with the Resource Administrator role can modify sensitive portions of the file system if provided Advanced Shell access, such as editing /etc/passwd. This allows modifications to user objects and is contrary to our definition for the Resource Administrator role...
K24444803: Node.js vulnerabilities CVE-2015-8860, CVE-2015-8856, CVE-2016-7099, and CVE-2016-5325
Security Advisory Description CVE-2015-8860 The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive. CVE-2015-8856 Cross-site scripting XSS vulnerability in the serve-index package before 1.6.3 for Node.js allows remote...
K22854260: Drupal vulnerability CVE-2018-7600
Security Advisory Description Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations. CVE-2018-7600 Impact There is no impact;...