6402 matches found
K15405135: GO vulnerability CVE-2021-3114
Security Advisory Description In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field. CVE-2021-3114 Impact There is no impact; F5 products are not...
K75133288: Linux kernel vulnerability CVE-2021-33909
Security Advisory Description fs/seqfile.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. CVE-2021-33909 Impact...
K08044291: OpenSSL vulnerability CVE-2018-0739
Security Advisory Description Constructed ASN.1 types with a recursive definition such as can be found in PKCS7 could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that...
K05428062: pcregrep in PCRE vulnerability CVE-2015-8393
Security Advisory Description pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. CVE-2015-8393 Impact A local,...
K03644631: Samba vulnerability CVE-2016-2126
Security Advisory Description Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC Privilege Attribute Certificate checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local...
K65720640: BIG-IP SSL state mirroring vulnerability CVE-2020-5886
Security Advisory Description BIG-IP systems setup for connection mirroring in a High Availability HA pair transfers sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring...
K07335610: SNMP vulnerability CVE-2020-15861
Security Advisory Description Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link symlink following. CVE-2020-15861 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the...
K06045217: TMM vulnerability CVE-2016-5022
Security Advisory Description F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and...
K12132951: Linux kernel vulnerability CVE-2022-0812
Security Advisory Description An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpcrdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information. CVE-2022-0812 Impact There is no impact; F5 products are not affected by...
K57390658: miniigd SOAP service in Realtek SDK vulnerability CVE-2014-8361
Security Advisory Description The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request. CVE-2014-8361 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...
K31300402: Virtual Machine Manager L1 Terminal Fault vulnerability CVE-2018-3646
Security Advisory Description Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a...
K16101409: BIG-IP AFM vulnerability CVE-2022-23028
Security Advisory Description When global AFM SYN cookie protection TCP Half Open flood vector is activated in the AFM Device Dos or DOS profile, certain types of TCP connections will fail. CVE-2022-23028 Impact This vulnerability allows a remote attacker to cause a denial-of-service DoS on the...
K56715231: TMM buffer-overflow vulnerability CVE-2021-22991
Security Advisory Description Undisclosed requests to a virtual server may be incorrectly handled by Traffic Management Microkernel TMM URI normalization, which may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it theoretically may allow bypass of URL based access...
K35263486: libarchive vulnerability CVE-2016-8688
Security Advisory Description The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service crash via a crafted file, which triggers an invalid read in the 1 detectform or 2 bidentry function in...
K29215970: Linux kernel vulnerability CVE-2019-10125
Security Advisory Description An issue was discovered in aiopoll in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aiopollwake if an expected event is triggered immediately e.g., by the close of a pair of pipes after the return of vfspoll, and this will cause a...
K90233102: MySQL vulnerabilities CVE-2017-10294, CVE-2017-10296, CVE-2017-10311, CVE-2017-10313, and CVE-2017-10314
Security Advisory Description CVE-2017-10294 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with netwo...
K65615624: BIG-IP FastL4 TMM vulnerability CVE-2017-6166
Security Advisory Description In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel TMM may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server...
K73217235: pppd vulnerability CVE-2020-8597
Security Advisory Description eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eaprequest and eapresponse functions. CVE-2020-8597 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has...
K73710094: XSS vulnerability in undisclosed page of the NGINX Swagger UI
Security Advisory Description An issue in the swagger-ui, the third-party component bundled in the NGINX Plus packages, may expose an XSS security risk. The purpose of the swagger-ui is to provide interactive documentation for the API specification supplied in a swagger YAML file and used in the...
K12109859: Mozilla NSS vulnerability CVE-2017-5461
Security Advisory Description Mozilla Network Security Services NSS before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service out-of-bounds write or possibly have unspecified other impact by leveraging...
K33606035: OpenJDK vulnerability CVE-2020-14792
Security Advisory Description Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Hotspot. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker wit...
K05342145: Linux kernel vulnerability CVE-2007-6762
Security Advisory Description In the Linux kernel before 2.6.20, there is an off-by-one bug in net/netlabel/netlabelcipsov4.c where it is possible to overflow the doidef-tags array. CVE-2007-6762 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Stat...
K64292204: OpenSSH vulnerability CVE-2016-10010
Security Advisory Description sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c. CVE-2016-10010 Impact In the default configuration,...
K62201745: OpenSSH vulnerability CVE-2016-10012
Security Advisory Description The shared memory manager associated with pre-authentication compression in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allow local users to gain privileges by leveraging access to a sandboxed...
K22503522: Linux kernel vulnerability CVE-2018-7757
Security Advisory Description Memory leak in the sassmpgetphyevents function in drivers/scsi/libsas/sasexpander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service memory consumption via many read accesses to files in the /sys/class/sasphy directory, as demonstrat...
K60156735: MySQL vulnerabilities CVE-2017-10276, CVE-2017-10279, CVE-2017-10283, CVE-2017-10284, and CVE-2017-10286
Security Advisory Description CVE-2017-10276 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: FTS. Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network acce...
K23033557: Intel software vulnerabilities CVE-2020-8746, CVE-2020-8747, CVE-2020-8749, CVE-2020-8752, CVE-2020-8753
Security Advisory Description CVE-2020-8746 Integer overflow in subsystem for IntelR AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable denial of service via adjacent access. CVE-2020-8747 Out-of-bounds read in subsystem fo...
K23432135: Apache Struts 2 vulnerability CVE-2016-3093
Security Advisory Description Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service block access to a web site via unspecified vectors. CVE-2016-3093 Impact The Object-Graph...
K08006936: Apache Commons Configuration vulnerability CVE-2022-33980
Security Advisory Description Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of...
K63131370: Linux kernel vulnerability CVE-2017-1000251
Security Advisory Description The native Bluetooth stack in the Linux Kernel BlueZ, starting at the Linux kernel version 3.3-rc1 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution i...
K61095244: Intel software vulnerabilities CVE-2020-8705, CVE-2020-8744, CVE-2020-8745, CVE-2020-8756
Security Advisory Description CVE-2020-8705 Insecure default initialization of resource in IntelR Boot Guard in IntelR CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, IntelR TXE versions before 3.1.80 and 4.0.30, IntelR SPS versions before...
K18015201: Linux kernel vulnerability CVE-2017-2636
Security Advisory Description Race condition in drivers/tty/nhdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service double free by setting the HDLC line discipline. CVE-2017-2636 Impact This vulnerability may allow locally authenticated users ...
K78234183: Linux SACK Panic vulnerability CVE-2019-11477
Security Advisory Description Jonathan Looney discovered that the TCPSKBCBskb-tcpgsosegs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments SACKs. A remote attacker could use this to cause a denial of service. This has been fixed in stable...
K61294700: Linux kernel vulnerability CVE-2020-27777
Security Advisory Description A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down usually due to Secure Boot guest system running on top of PowerVM or KVM hypervisors pseries platform a root like local user could use this flaw to further...
K75521003: FreeBSD SACK Slowness vulnerability CVE-2019-5599
Security Advisory Description In FreeBSD 12.0-STABLE before r349197 and 12.0-RELEASE before 12.0-RELEASE-p6, a bug in the non-default RACK TCP stack can allow an attacker to cause several linked lists to grow unbounded and cause an expensive list traversal on every packet being processed, leading...
K13815051: Apache vulnerability CVE-2021-30641
Security Advisory Description Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF' CVE-2021-30641 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently...
K15605622: MySQL vulnerability CVE-2016-6664
Security Advisory Description mysqldsafe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and...
K28042514: BIG-IP TMM and DNS profile vulnerability CVE-2022-23017
Security Advisory Description When a virtual server is configured with a DNS profile with the Rapid Response Mode setting enabled and is configured on a BIG-IP system, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-23017 Impact System performance can...
K68562154: MySQL vulnerability CVE-2005-0004
Security Advisory Description The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files. CVE-2005-0004 Impact There ...
K12492858: Appliance mode authenticated F5 BIG-IP Guided Configuration third-party lodash and jQuery vulnerabilities CVE-2021-23337, CVE-2020-28500, and CVE-2016-7103
Security Advisory Description When running in Appliance mode, the BIG-IP Guided Configuration GUI menu is vulnerable through the following third-party CVEs: CVE-2021-23337 Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. CVE-2020-28500 Lodash version...
K89509323: REST Framework vulnerability CVE-2019-6651
Security Advisory Description The BIG-IP/BIG-IQ Configuration utility login page may not follow best security practices when handling a malicious request. CVE-2019-6651 Impact The Configuration utility login page returns an inconsistent HTTP response when processing modified requests which may...
K25544541: PHP vulnerabilities CVE-2019-9638, CVE-2019-9639, CVE-2019-9640, and CVE-2019-9641
Security Advisory Description CVE-2019-9638 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exifprocessIFDinMAKERNOTE because of mishandling the makernote-offset relationship to valuelen...
K25573437: TMM vulnerability CVE-2018-5517
Security Advisory Description Malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs. CVE-2018-5517 Impact This vulnerability...
K23200408: reposync vulnerability CVE-2018-10897
Security Advisory Description A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the...
K23439402: Debian package management system vulnerability CVE-2022-1664
Security Advisory Description Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a...
K23374214: Apache Shiro vulnerability CVE-2016-4437
Security Advisory Description Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter. CVE-2016-4437 Impact There is no impact;...
K24301698: TMUI XSS vulnerability CVE-2021-23027
Security Advisory Description A DOM based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. CVE-2021-23027 Impact An attacker may exploit this...
K59904248: iControl SOAP vulnerability CVE-2022-29474
Security Advisory Description A directory traversal vulnerability exists in iControl SOAP that allows an authenticated attacker with at least guest role privileges to read wsdl files in the BIG-IP file system. CVE-2022-29474 Impact An authenticated attacker with at least guest role privileges may...
K25400442: TMM vulnerability CVE-2020-5931
Security Advisory Description Virtual servers with a OneConnect profile may incorrectly handle WebSockets related HTTP response headers, causing the Traffic Management Microkernel TMM to restart. CVE-2020-5931 Impact An attacker may be able to perform a denial-of-service DoS attack on a BIG-IP...
K61367237: BIG-IP HTTP/3 QUIC vulnerability CVE-2020-5859
Security Advisory Description Specially formatted HTTP/3 messages may cause the Traffic Management Microkernel TMM to produce a core file. CVE-2020-5859 Impact TMM may restart and temporarily fail to process traffic on BIG-IP hosts with the HTTP/3 QUIC profile configured. High availability HA...