6413 matches found
K93417064: MFC vulnerability CVE-2019-6681
Security Advisory Description Memory leak in Multicast Forwarding Cache MFC handling in tmrouted. CVE-2019-6681 Impact A BIG-IP system licensed with the ZebOS dynamic routing and multicast routing bundle, configured with static or dynamic multicast routes that use the Multicast Forwarding Cache...
K21312421: Samba vulnerabilities CVE-2020-25718 and CVE-2021-23192
Security Advisory Description CVE-2020-25718 A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC read-only domain controller. This would allow an RODC to print administrator tickets. CVE-2021-23192 A flaw was found in the way samba implemented...
K65417229: Apache Struts vulnerability CVE-2017-7525
Security Advisory Description A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...
K13074505: libarchive vulnerability CVE-2016-8687
Security Advisory Description Stack-based buffer overflow in the safefprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename. CVE-2016-8687 Impact For BIG-IP and VIPRION platforms that ar...
K12671141: Linux kernel vulnerability CVE-2019-8956
Security Advisory Description In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctpsendmsg" function net/sctp/socket.c when handling SCTPSENDALL flag can be exploited to corrupt memory. CVE-2019-8956 Impact There is no impact; F5 products are not affected by...
K52171282: BIG-IP APM client for Linux and macOS vulnerability CVE-2018-5529
Security Advisory Description The svpn component of the F5 BIG-IP APM client prior to version 7.1.7 for Linux and Mac OS X runs as a privileged process and can allow an unprivileged user to assume super-user privileges on the local client host. A malicious local unprivileged user may gain knowled...
K43871899: binutils vulnerability CVE-2018-1000876
Security Advisory Description binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfdgetdynamicrelocupperbound,bfdcanonicalizedynamicreloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. Th...
K44591505: Apache vulnerabilities CVE-2019-0196, CVE-2019-0197, and CVE-2019-0220
Security Advisory Description CVE-2019-0196 A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request...
K15101402: iControl REST vulnerability CVE-2022-1468
Security Advisory Description An authenticated iControl REST user with at least guest role privileges can cause processing delays to iControl REST requests via undisclosed requests. CVE-2022-1468 Impact Processing delays to iControl REST requests can occur until the iControl REST daemon is either...
K95120415: NGINX Controller AVRD vulnerability CVE-2020-5895
Security Advisory Description AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault SIGSEGV by writing malformed messages to the...
K25434422: NGINX Controller vulnerability CVE-2020-5899
Security Advisory Description Recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset using the email address of...
K66289873: Apache Tomcat vulnerability CVE-2019-17569
Security Advisory Description The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request...
K29691966: PHP vulnerability CVE-2016-5773
Security Advisory Description phpzip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service...
K31447551: Xilinx Starbleed FPGA vulnerability
Security Advisory Description Design Advisory for 7 Series/Virtex-6 FPGAs: Defeating Bitstream Encryption AR 73541 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently supported releases for...
K55873574: BIG-IP ASM Configuration utility vulnerability CVE-2020-5927
Security Advisory Description BIG-IP ASM Configuration utility stored cross-site scripting. CVE-2020-5927 Impact An attacker may exploit this vulnerability by redirecting users to a malicious page. Security Advisory Status F5 Product Development has assigned ID 888489 BIG-IP to this vulnerability...
K21571420: Multiple Samba vulnerabilities
Security Advisory Description CVE-2022-2031 A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this...
K23454411: DNS profile vulnerability CVE-2022-26372
Security Advisory Description When a DNS listener is configured on a virtual server with DNS queueing default, undisclosed requests can cause an increase in memory resource utilization. CVE-2022-26372 Impact System performance can degrade until the Traffic Management Microkernel TMM process is...
K17530: NTP vulnerabilities CVE-2015-7691, CVE-2015-7692, and CVE-2015-7702
Security Advisory Description CVE-2015-7691 The cryptoxmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service crash via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an...
K42438635: Linux kernel vulnerability CVE-2019-19072
Security Advisory Description A memory leak in the predicateparse function in kernel/trace/traceeventsfilter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memory consumption, aka CID-96c5c6e6a5b6. CVE-2019-19072 Impact May allow attackers to overflow memory...
K94504224: Apache ZooKeeper vulnerability CVE-2019-0201
Security Advisory Description An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeepers getACL command doesnt check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string...
K40843345: BIG-IP ASM Configuration utility vulnerability CVE-2020-5928
Security Advisory Description An attacker may use the BIG-IP ASM Configuration utility cross-site request forgery CSRF protection token multiple times. CVE-2020-5928 Impact When the token is stolen, an attacker may be able to send POST requests to the affected BIG-IP ASM system to modify the...
K49000195: Apache Tomcat vulnerability CVE-2017-5647
Security Advisory Description A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the...
K83058481: Perl vulnerabilities CVE-2011-1487, CVE-2011-2939, and CVE-2011-3597
Security Advisory Description CVE-2011-1487 The 1 lc, 2 lcfirst, 3 uc, and 4 ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent...
K94375254: LibTIFF vulnerability CVE-2016-3991
Security Advisory Description Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service out-of-bounds write or execute arbitrary code via a crafted TIFF image with zero tiles. CVE-2016-3991 Impact...
K41190253: Multiple RTOS vulnerabilities
Security Advisory Description CVE-2019-12255 Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the TCP component issue 1 of 4. This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow. CVE-2019-12256 Wind River VxWorks 6.9 and vx7 has a Buffer...
K11936401: Java SE vulnerability CVE-2017-10102
Security Advisory Description Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with...
K58102101: BIG-IP ASM vulnerability CVE-2020-27718
Security Advisory Description When the BIG-IP ASM system processes requests with JSON payload, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process. CVE-2020-27718 Impact When this vulnerability is exploited, the BIG-IP ASM system may take longer than...
K05940857: Apache Tomcat vulnerabilities CVE-2017-5650 and CVE-2017-5651
Security Advisory Description CVE-2017-5650 In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOWUPDATE before allowing the application to...
K24554520: Apache Log4j Remote Code Execution vulnerability CVE-2021-4104
Security Advisory Description JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JN...
K17296065: Apache mod_userdir vulnerability CVE-2016-4975
Security Advisory Description Possible CRLF injection allowing HTTP response splitting attacks for sites which use moduserdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache...
K13551136: Samba remote code execution vulnerability CVE-2017-7494
Security Advisory Description All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. CVE-2017-7494 Impact There is no impact; F5...
K75111593: BIG-IP VE network interface vulnerability CVE-2020-5939
Security Advisory Description BIG-IP Virtual Edition VE systems on VMware, with an Intel-based 85299 Network Interface Controller NIC card and Single Root I/O Virtualization SR-IOV enabled on vSphere, may fail and leave the Traffic Management Microkernel TMM in a state where it cannot transmit...
K32562936: Intel CPU vulnerabilities CVE-2020-24511 and CVE-2020-24512
Security Advisory Description CVE-2020-24511 Improper isolation of shared resources in some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2020-24512 Observable timing discrepancy in some IntelR Processors may allow an...
K32115847: Linux kernel vulnerability CVE-2017-2647
Security Advisory Description The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service NULL pointer dereference and system crash via vectors involving a NULL value for a certain match field, related to the keyringsearchiterator function...
K21042153: XSS vulnerability in undisclosed TMUI page CVE-2018-15313
Security Advisory Description A reflected Cross-Site Scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the current logged-in user. CVE-2018-15313 Impact BIG-IP A remote unauthenticated...
K23605346: BIG-IP iControl REST vulnerability CVE-2022-1388
Security Advisory Description Undisclosed requests may bypass iControl REST authentication. CVE-2022-1388 Impact This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system...
K37661551: Unbound DNS Cache vulnerabilities CVE-2020-12662 and CVE-2020-12663
Security Advisory Description CVE-2020-12662 Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records. CVE-2020-12663 Unbound before 1.10.1 has an infinite loop via malformed DNS answer...
K21274200: Linux kernel vulnerability CVE-2017-16914
Security Advisory Description The "stubsendretsubmit" function drivers/usb/usbip/stubtx.c in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service NULL pointer dereference via a specially crafted USB over IP packet. CVE-2017-16914 Impact...
K44233515: F5OS-A vulnerability CVE-2022-25990
Security Advisory Description Systems running F5OS-A software may expose certain registry ports externally. CVE-2022-25990 Impact An attacker may be able to exploit this vulnerability to gain read-only access to the Docker registry. Security Advisory Status F5 Product Development has assigned ID...
K24465120: iControl REST vulnerability CVE-2017-6167
Security Advisory Description Race conditions in iControl REST may lead to commands executed with different privilege levels than expected. CVE-2017-6167 Impact Sending asynchronous tasks using the iControl REST API may be processed as the wrong user and result in an error. Security Advisory Stat...
K17309: Linux kernel vulnerability CVE-2015-5366
Security Advisory Description The 1 udprecvmsg and 2 udpv6recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service EPOLLET epoll application read outage via an incorrect checksum in a UDP packet, a...
K19361245: BIG-IP TMM vulnerability CVE-2017-6158
Security Advisory Description The Traffic Management Microkernel TMM has a vulnerability related to the handling of invalid IP addresses. CVE-2017-6158 This issue is exposed only when all of the following conditions are met: You have disabled the Auto Last Hop setting at the Virtual Server, VLAN,...
K35012672: PHP vulnerability CVE-2014-9705
Security Advisory Description Heap-based buffer overflow in the enchantbrokerrequestdict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries...
K65355492: Apache vulnerability CVE-2018-5506
Security Advisory Description Apache modules apacheauthtokenmod and modauthf5authtoken.cpp allow possible unauthenticated bruteforce on the emserverip authorization parameter to obtain which SSL client certificates used for mutual authentication between BIG-IQ or Enterprise Manager EM and managed...
K35239571: PHP vulnerability CVE-2015-3329
Security Advisory Description Multiple stack-based buffer overflows in the pharsetinode function in pharinternal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a 1 tar, 2 phar, or 3 ZIP archive...
K37404773: TMM vulnerability CVE-2017-6134
Security Advisory Description An undisclosed sequence of packets, sourced from an adjacent network may cause TMM to crash. CVE-2017-6134 Impact This issue is exposed in the default configuration. Traffic processing is disrupted while the Traffic Management Microkernel TMM restarts. If the affecte...
K65372933: BIG-IP HTTP/2 vulnerability CVE-2020-5875
Security Advisory Description Under certain conditions, the Traffic Management Microkernel TMM may generate a core file and restart while processing SSL traffic with an HTTP/2 full proxy. CVE-2020-5875 Impact If you have enabled HTTP/2, Message Routing Framework MRF, and SSL, a certain request...
K14716852: Apache Traffic Server vulnerability CVE-2020-1944
Security Advisory Description There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers. Upgrade to versions 7.1.9 and 8.0.6 or later versions. CVE-2020-1944 Impact There is no...
K71522481: Java vulnerability CVE-2021-2163
Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition:...
K60344652: BIG-IP AFM vulnerability CVE-2020-27714
Security Advisory Description On the BIG-IP AFM, when a Protocol Inspection Profile is attached to a FastL4 virtual server with the protocol field configured to either Other or All Protocols, the TMM may experience a restart if the profile processes non-TCP traffic. CVE-2020-27714 Impact The...