6402 matches found
K16015326: libtar vulnerability CVE-2013-4397
Security Advisory Description Multiple integer overflows in the thread function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long 1 name or 2 link in an archive, which triggers a heap-based buffer...
K53593534: BIG-IP ASM and F5 Advanced WAF attack signature check failure on certain HTTP requests
Security Advisory Description The BIG-IP ASM and F5 Advanced Web Application Firewall Advanced WAF attack signature check may fail to detect and block certain HTTP requests. Impact The attack signature check fails to detect and block such requests, as expected of a security policy. Symptoms As a...
K41412302: Jetty vulnerability CVE-2019-10247
Security Advisory Description In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not...
K51025656: Linux kernel vulnerability CVE-2016-10229
Security Advisory Description udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSGPEEK flag. CVE-2016-10229 Impact There is no impact; F5...
K50222414: Linux kernel vulnerability CVE-2019-11486
Security Advisory Description The Siemens R3964 line discipline driver in drivers/tty/nr3964.c in the Linux kernel before 5.0.8 has multiple race conditions. CVE-2019-11486 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Developme...
K34162192: Apache log4j2 denial-of-service vulnerability CVE-2021-45105
Security Advisory Description Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string...
K40356136: systemd vulnerability CVE-2018-15686
Security Advisory Description A vulnerability in unitdeserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are...
K41242221: QEMU vulnerability CVE-2017-2615
Security Advisory Description Quick emulator QEMU built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU...
K39204079: GNU C Library vulnerability CVE-2015-8983
Security Advisory Description Integer overflow in the IOwstroverflow function in libio/wstrops.c in the GNU C Library aka glibc or libc6 before 2.22 allows context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via vectors related to computin...
K40084114: Overview of F5 vulnerabilities (January 2022)
Security Advisory Description On January 19, 2022, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associate...
K85796417: Samba vulnerability CVE-2018-16860
Security Advisory Description A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the...
K35421172: Excess resource consumption due to low MSS values vulnerability CVE-2019-11479
Security Advisory Description Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This...
K88628547: glibc vulnerability CVE-2019-6488
Security Advisory Description The string component in the GNU C Library aka glibc or libc6 through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for sizet in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as...
K73370428: Linux kernel vulnerability CVE-2021-34866
Security Advisory Description This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...
K26618426: Linux SACK Slowness vulnerability CVE-2019-11478
Security Advisory Description Jonathan Looney discovered that the TCP retransmission queue implementation in tcpfragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment SACK sequences. A remote attacker could use this to cause a denial of service. This h...
K28241423: Linux kernel vulnerability CVE-2018-18559
Security Advisory Description In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanoutadd from setsockopt and bind on an AFPACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The...
K30911244: Advanced WAF, BIG-IP ASM, and NGINX App Protect attack signature check failure
Security Advisory Description The F5 Advanced Web Application Firewall Advanced WAF, BIG-IP ASM, and NGINX App Protect attack signature check may fail to detect and block certain HTTP requests when some signatures are disabled on the security policy and wildcard header. Impact The attack signatur...
K75501541: MySQL vulnerabilities CVE-2019-2481, CVE-2019-2482, CVE-2019-2486, CVE-2019-2494, and CVE-2019-2495
Security Advisory Description CVE-2019-2481 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attack...
K75432956: BIG-IP ASM vulnerability CVE-2018-5539
Security Advisory Description Under certain conditions, on F5 BIG-IP ASM 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, 11.5.1-11.5.6, or 11.2.1, when processing CSRF protections, the BIG-IP ASM bd process may restart and produce a core file. CVE-2018-5539 Impact BIG-IP The affected BIG-IP AS...
K71265658: Intel CSME vulnerability CVE-2019-0153
Security Advisory Description Buffer overflow in subsystem in IntelR CSME 12.0.0 through 12.0.34 may allow an unauthenticated user to potentially enable escalation of privilege via network access. CVE-2019-0153 Impact An attacker can exploit this vulnerability with Converged Security and Manageme...
K12685114: BIG-IP REST vulnerability CVE-2016-6249
Security Advisory Description F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these file...
K71249196: Python-Pillow vulnerability CVE-2021-25288
Security Advisory Description An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2kugrayi. CVE-2021-25288 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the...
K11718033: TMM WebSocket vulnerability CVE-2018-5504
Security Advisory Description In some circumstances, the Traffic Management Microkernel TMM does not properly handle certain malformed WebSocket requests/responses, which allows remote attackers to cause a denial of service DoS or possible remote code execution on the BIG-IP system. CVE-2018-5504...
K05263202: BIG-IP IPsec tunnel endpoint vulnerability CVE-2017-6156
Security Advisory Description When the BIG-IP system is configured with a wildcard IPsec tunnel endpoint, it may allow a remote attacker to disrupt or impersonate the tunnels that have completed phase 1 IPsec negotiations. The attacker must possess the necessary credentials to negotiate the phase...
K92451315: OpenSSL vulnerability CVE-2020-1968
Security Advisory Description The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman DH based ciphersuite. In such a case this would result in the attacker being able to...
K04826822: Intel Software Vulnerability CVE-2020-8766
Security Advisory Description Improper conditions check in the IntelR SGX DCAP software before version 1.6 may allow an unauthenticated user to potentially enable denial of service via adjacent access. CVE-2020-8766 Impact There is no impact; F5 products are not affected by this vulnerability...
K92327553: BlueZ and Intel Smart Sound Technology vulnerabilities CVE-2020-0556 and CVE-2020-0583
Security Advisory Description CVE-2020-0556 Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access CVE-2020-0583 Improper access control in the subsystem for Intel...
K79609038: Linux kernel vulnerability CVE-2016-10907
Security Advisory Description An issue was discovered in drivers/iio/dac/ad5755.c in the Linux kernel before 4.8.6. There is an out of bounds write in the function ad5755parsedt. CVE-2016-10907 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status...
K91021753: Apache MINA vulnerability CVE-2022-45047
Security Advisory Description Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD = 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can...
K90059138: Oracle WebLogic Deserialization Remote Code Execution CVE-2019-2725
Security Advisory Description Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Services. Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via...
K6701: Possible logon through native RSA SecurID authentication without valid passcode
Security Advisory Description Important: Only customers using native RSA SecurID authentication are affected by this issue. No other forms of authentication, including authentication of SecurID using the RADIUS protocol non-native SecurID authentication are affected by this issue. Note : Versions...
K63312282: BIG-IP LTM HTTP/2 desync attacks: request line injection
Security Advisory Description Multiple desync attacks have been discovered. For more information refer to the following related articles: K27144609: Overview of HTTP/2 desync attacks K30341203: BIG-IP LTM and NGINX are not exposed to certain desync attacks K97045220: BIG-IP LTM HTTP/2 desync...
K15439: Samba vulnerability CVE-2014-0244
Security Advisory Description The sysrecvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a malformed UDP packet. CVE-2014-0244 Impact None. No F5 products are...
K58192514: NSS vulnerability CVE-2017-7805
Security Advisory Description During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new...
K13275: PHP vulnerability CVE-2009-3293
Security Advisory Description Unspecified vulnerability in the imagecolortransparent function in PHP prior to version 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index." CVE-2009-3293 Impact None Security Advisory Status F5 Product Development...
K55518036: GO vulnerability CVE-2021-31525
Security Advisory Description net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations. CVE-2021-31525 Impact There...
K53437580: Apache vulnerabilities CVE-2016-0736 and CVE-2016-2161
Security Advisory Description CVE-2016-0736 In Apache HTTP Server versions 2.4.0 to 2.4.23, modsessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation AES256-CBC by default, hence no selectable or builtin authenticated encryptio...
K13231: PHP vulnerability CVE-2009-2626
Security Advisory Description In PHP 5.3.0 and PHP 5.2.10 and earlier, the zendrestoreinientrycb function in zendini.c allows context-specific attackers to obtain sensitive information memory contents and causes PHP to fail by using the iniset function to declare a variable, and then using the...
K44808538: BIG-IP APM SAML SLO vulnerability CVE-2020-5934
Security Advisory Description When multiple HTTP requests from the same client to configured SAML Single Logout SLO URL are passing through a TCP Keep-Alive connection, traffic to the Traffic Management Microkernel TMM can be disrupted. CVE-2020-5934 Impact A remote attacker may be able to cause ...
K89002224: PHP vulnerability CVE-2016-7127
Security Advisory Description The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service out-of-bounds write or possibly have unspecified other impact by providing...
K90603426: TMM with HTTP/2 vulnerability (CVE-2021-23009)
Security Advisory Description Malformed HTTP/2 requests may cause an infinite loop which causes a Denial of Service for Data Plane traffic. TMM takes the configured HA action when the TMM process is aborted. There is no control plane exposure, this is a data plane issue only.CVE-2021-23009 Impact...
K67397230: BIG-IP ASM, F5 Advanced WAF, and NGINX App Protect normalizing security exposure
Security Advisory Description The BIG-IP ASM, F5 Advanced Web Application Firewall Advanced WAF, and NGINX App Protect systems incorrectly normalize undisclosed strings. Impact The attack signature check fails to detect and block such requests, as expected of a security policy. Symptoms As a resu...
K70191975: Apache Xerces vulnerability CVE-2016-4463
Security Advisory Description Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD. CVE-2016-4463 Impact An attacker requires privileged access to a dynamically generated XML file to exploit one of th...
K68816502: A BIG-IP LTM policy referencing an external data group may not match traffic
Security Advisory Description A BIG-IP LTM policy referencing an external data group may not match traffic. This issue occurs when the following conditions are met: The virtual server is configured with a BIG-IP LTM policy and an external data group. The BIG-IP system reboots or the Traffic...
K08641512: glibc vulnerability CVE-2020-27618
Security Advisory Description The iconv function in the GNU C Library aka glibc or libc6 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in...
K37681312: PHP vulnerability CVE-2019-9020
Security Advisory Description An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpcdecode can lead to an invalid memory access heap out of bounds read or read after free. This is related to xmlelemparsebu...
K10204425: PHP vulnerability CVE-2018-5712
Security Advisory Description An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file. CVE-2018-5712 Impact There is no impact; F5 products are not...
K97521840: logback vulnerability CVE-2021-42550
Security Advisory Description In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers. CVE-2021-42550 Impact There is no impact; F5 products...
K30315990: OpenVPN vulnerability CVE-2016-6329
Security Advisory Description OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attac...
K15747621: Linux kernel vulnerability CVE-2020-28374
Security Advisory Description In drivers/target/targetcorexcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, ...