K51011533: Expat XML parser vulnerability CVE-2018-20843

Security Advisory Description In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing enough to be usable for denial-of-service attacks. CVE-2018-20843 Impact...

K05122252: Bash vulnerability CVE-2012-6711

Security Advisory Description A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LCCTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the...

K04265252: MySQL vulnerabilities CVE-2019-2502, CVE-2019-2503, CVE-2019-2507, CVE-2019-2510, and CVE-2019-2528

Security Advisory Description CVE-2019-2502 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

K20127031: Apache Struts vulnerability CVE-2012-0391

Security Advisory Description The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted...

K21423526: Intel CSME and TXE vulnerability CVE-2019-0091

Security Advisory Description Code injection vulnerability in installer for IntelR CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and IntelR TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access. CVE-2019-0091 Impact A locally...

K22025917: Apache CXF vulnerability CVE-2018-8038

Security Advisory Description Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations DTDs when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters. CVE-2018-8038...

K17386005: MySQL vulnerabilities CVE-2019-2420, CVE-2019-2434, CVE-2019-2435, CVE-2019-2436, and CVE-2019-2455

Security Advisory Description CVE-2019-2420 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network...

K21882212: Intel software vulnerabilities CVE-2020-8750 CVE-2020-12355

Security Advisory Description CVE-2020-8750 Use after free in Kernel Mode Driver for IntelR TXE versions before 3.1.80 and 4.0.30 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2020-12355 Authentication bypass by capture-replay in RPMB protocol...

K55922302: XSS in F5 WebSafe Dashboard vulnerability CVE-2016-5236

Security Advisory Description Cross-Site-Scripting XSS vulnerabilities in F5 WebSafe Dashboard allow privileged authenticated users to inject arbitrary web script or HTML when creating a new user, account or signature. CVE-2016-5236 Impact An attacker with a privileged account may be able to inje...

K56331254: Apache HTTP server vulnerability CVE-2021-41524

Security Advisory Description While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No...

K32616738: Linux kernel vulnerability CVE-2017-15265

Security Advisory Description Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service use-after-free or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seqclientmgr.c and...

K25401610: OpenJDK vulnerability CVE-2021-2161

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition:...

K24084759: Linux kernel vulnerability CVE-2018-9517

Security Advisory Description In pppol2tpconnect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel...

K27129140: mod_auth_digest vulnerability CVE-2020-35452

Security Advisory Description Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or...

K24593421: Oracle Java SE vulnerability CVE-2018-2798

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: AWT. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows...

K17462: Linux kernel vulnerability CVE-2015-2830

Security Advisory Description arch/x86/kernel/entry64.S in the Linux kernel before 3.19.2 does not prevent the TSCOMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the 1 fork or 2 close...

K16472: glibc vulnerability CVE-2013-7424

Security Advisory Description The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AIIDN flag is used, allows context-dependent attackers to cause a denial of service invalid free and possibly execute arbitrary code via unspecified vectors, as demonstrated by an...

K18364001: Node.js vulnerability CVE-2017-15896

Security Advisory Description Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSLread due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS...

K19473400: Linux Kernel vulnerability CVE-2018-9516

Security Advisory Description In hiddebugeventsread of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product...

K23124150: GeoIP vulnerability CVE-2018-5521

Security Advisory Description Carefully crafted URLs can be used to reflect arbitrary content into GeoIP lookup responses, potentially exposing clients to XSS. CVE-2018-5521 Impact BIG-IP Clients accessing the affected system may be exposed to cross-site scripting XSS attacks. This vulnerability...

K20176943: Linux kernel vulnerability CVE-2019-25045

Security Advisory Description An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an xfrmstatefini panic, aka CID-dbb2483b2a46. CVE-2019-25045 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisor...

K56105136: BIND vulnerability CVE-2022-0396

Security Advisory Description BIND 9.16.11 - 9.16.26, 9.17.0 - 9.18.0 and versions 9.16.11-S1 - 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSEWAIT status for an indefinite period of time, even after the client ha...

K92254835: Binutils vulnerability CVE-2018-12641

Security Advisory Description An issue was discovered in armpt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demanglearmhptemplate, demangleclassname,...

K96223611: BIND vulnerability CVE-2021-25215

Security Advisory Description In BIND 9.0.0 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 - 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named...

K52145254: TMUI RCE vulnerability CVE-2020-5902

Security Advisory Description The Traffic Management User Interface TMUI, also referred to as the Configuration utility, has a Remote Code Execution RCE vulnerability in undisclosed pages. CVE-2020-5902 Impact This vulnerability allows for unauthenticated attackers, or authenticated users, with...

K98155950: Linux kernel vulnerability CVE-2018-19824

Security Advisory Description In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device with zero interfaces that is mishandled in usbaudioprobe in sound/usb/card.c. CVE-2018-19824 Impact There is no impact; F5...

K83181523: PHP vulnerability CVE-2018-10546

Security Advisory Description An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences. CVE-2018-10546 Impact There is no...

K67213091: Zlib vulnerability CVE-2022-37434

Security Advisory Description zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but ma...

K54252492: Side-channel processor vulnerability CVE-2018-3693

Security Advisory Description Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. CVE-2018-3693 also known as Spectre ...

K43638305: BIG-IP TMUI XSS vulnerability CVE-2020-5903

Security Advisory Description A Cross-Site Scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. CVE-2020-5903 Impact An attacker can exploit this vulnerability to run JavaScript in the context of the currently logged-in user. In the case of an...

K43470422: BIG-IP MPTCP vulnerability CVE-2021-23003

Security Advisory Description The Traffic Management Microkernel TMM process may produce a core file when undisclosed MPTCP traffic passes through a standard virtual server. CVE-2021-23003 Impact A remote attacker may be able to cause the BIG-IP system to produce a core file, disrupting the flow ...

K54143451: Java SE JRockit Vulnerability CVE-2018-2794

Security Advisory Description Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to...

K45012029: OpenJDK vulnerability CVE-2020-14796, CVE-2020-14798, CVE-2020-14803

Security Advisory Description CVE-2020-14796 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows...

K60350722: Java SE Embedded vulnerability CVE-2018-2814

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Hotspot. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker...

K33151296: SNMP vulnerability CVE-2007-5846

Security Advisory Description The SNMP agent snmpagent.c in net-snmp before 5.4.1 allows remote attackers to cause a denial of service CPU and memory consumption via a GETBULK request with a large max-repeaters value. CVE-2007-5846 Impact An attacker may be able to cause a CPU and memory...

K98201023: PostgreSQL vulnerability CVE-2018-16850

Security Advisory Description postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pgupgrade and pgdump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges...

K43523962: BIG-IP APM XSS vulnerability CVE-2016-9257

Security Advisory Description BIG-IP APM 12.0.0 through 12.1.2 is vulnerable to Cross Site Scripting XSS injection due to rendering of not escaped/not encoded content of session variables in Access Reports. CVE-2016-9257 Impact A malicious non-authenticated user may be able to inject JavaScript...

K32582354: Multiple dnsmasq vulnerabilities

Security Advisory Description CVE-2017-14491 Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service crash or execute arbitrary code via a crafted DNS response. CVE-2017-14492 Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers ...

K31510510: OpenSSH vulnerability CVE-2016-6515

Security Advisory Description The authpassword function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service crypt CPU consumption via a long string. CVE-2016-6515 Impact This...

K62477129: MySQL vulnerability CVE-2016-5584

Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption. CVE-2016-5584 Impact There is no impact; F5 products a...

K63326092: NTP vulnerability CVE-2016-7434

Security Advisory Description The readmrulist function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service crash via a crafted mrulist query. CVE-2016-7434 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...

K54039800: MatrixSSL vulnerability CVE-2016-6883

Security Advisory Description MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack. CVE-2016-6883 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status...

K54747614: Java SE and JRockit vulnerability CVE-2017-10243

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JAX-WS. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows...

K93278412: Python and Jython vulnerabilities CVE-2014-1912 and CVE-2014-4650

Security Advisory Description CVE-2014-1912 Buffer overflow in the socket.recvfrominto function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. CVE-2014-4650 It was discovered...

K92616530: Samba vulnerability CVE-2015-5296

Security Advisory Description Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream...

K51428664: QEMU vulnerability CVE-2018-11806

Security Advisory Description mcat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. CVE-2018-11806 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently...

K88251614: GNU Finger vulnerability CVE-1999-0612

Security Advisory Description A version of finger is running that exposes valid user information to any entity on the network. CVE-1999-0612 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently...

K30215839: F5 iRules vulnerability CVE-2019-6685

Security Advisory Description Users with access to edit iRules are able to create iRules which can lead to an elevation of privilege, configuration modification, and arbitrary system command execution. CVE-2019-6685 Impact BIG-IP iRules manager roles are able to access data stored on other...

K26244025: BIG-IP HTTP compression profile vulnerability CVE-2020-5933

Security Advisory Description When a BIG-IP system that has a virtual server configured with an HTTP compression profile processes compressed HTTP message payloads that require deflation, a Slowloris-style attack can trigger an out-of-memory condition on the BIG-IP system. CVE-2020-5933 Impact Th...

K04572666: systemd vulnerability CVE-2020-13776

Security Advisory Description systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete...