6294 matches found
K61968355: Linux kernel vulnerability CVE-2017-7374
Security Advisory Description Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service NULL pointer dereference or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing...
K04831884: MySQL vulnerabilities CVE-2019-2800, CVE-2019-2801, CVE-2019-2802, CVE-2019-2803, and CVE-2019-2805
Security Advisory Description CVE-2019-2800 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Replication. Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple...
K54423555: PHP vulnerability CVE-2015-4147
Security Advisory Description The SoapClient::call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that defaultheaders is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an...
K54843525: BIG-IP AAM DCDB vulnerability CVE-2018-15331
Security Advisory Description The dcdbconvert utility used by BIG-IP AAM fails to drop group permissions when executing helper scripts, which could be used to leverage attacks against the BIG-IP system. CVE-2018-15331 Impact This issue does not have a direct exploit, but may be used to leverage...
K55792317: BIG-IP management vulnerability CVE-2016-9250
Security Advisory Description In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism. CVE-2016-9250 Impact An unauthenticated user with access to the...
K39512927: tcpdump vulnerabilities CVE-2016-7928, CVE-2016-7929, CVE-2016-7930, CVE-2016-7931, and CVE-2016-7933
Security Advisory Description CVE-2016-7928 The IPComp parser in tcpdump before 4.9.0 has a buffer overflow in print-ipcomp.c:ipcompprint. CVE-2016-7929 The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-juniper.c:juniperparseheader. CVE-2016-7930 The LLC/SNAP...
K04225025: tcpdump vulnerabilities CVE-2017-5202, CVE-2017-5203, CVE-2017-5204, CVE-2017-5205, and CVE-2017-5342
Security Advisory Description CVE-2017-5202 The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnpprint. CVE-2017-5203 The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootpprint. CVE-2017-5204 The IPv6 parser in tcpdump before 4.9...
K53225395: Node.js vulnerabilities CVE-2021-3672 and CVE-2021-22931
Security Advisory Description CVE-2021-3672 Missing input validation of host names returned by Domain Name Servers DNS in the c-ares library can lead to output of wrong hostnames which may lead to Domain Hijacking. CVE-2021-22931 Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote...
K53082045: Linux kernel Vulnerability CVE-2021-32399
Security Advisory Description net/bluetooth/hcirequest.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. CVE-2021-32399 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has...
K38424406: Intel RST vulnerability CVE-2019-14568
Security Advisory Description Improper permissions in the executable for IntelR RST before version 17.7.0.1006 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2019-14568 Impact There is no impact; F5 products are not affected by this...
K72752002: BIG-IP SSL/TLS CRL vulnerability CVE-2020-5913
Security Advisory Description The BIG-IP Client or Server SSL profile ignores revoked certificates, even when a valid CRL is present. This impacts SSL/TLS connections and may result in a man-in-the-middle attack on the connections. CVE-2020-5913 Impact The BIG-IP system does not enforce Transport...
K54337315: Linux kernel vulnerability CVE-2019-12614
Security Advisory Description An issue was discovered in dlparparseccproperty in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop-name, which might allow an attacker to cause a denial of service NULL pointer dereference and system...
K72403108: tcpdump vulnerabilities CVE-2016-7926, CVE-2016-7932, and CVE-2016-7938
Security Advisory Description CVE-2016-7926 The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in print-ether.c:ethertypeprint. CVE-2016-7932 The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print-pim.c:pimv2checkchecksum. CVE-2016-7938 The ZeroMQ parser in tcpdump...
K44070243: OpenSSL vulnerability CVE-2019-1549
Security Advisory Description OpenSSL 1.1.1 introduced a rewritten random number generator RNG. This was intended to include protection in the event of a fork system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being...
K34120074: PostgreSQL vulnerability CVE-2020-1720
Security Advisory Description A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to...
K62318311: glibc vulnerability CVE-2017-17426
Security Advisory Description The malloc function in the GNU C Library aka glibc or libc6 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZEMAX, potentially leading to a subsequent heap overflow. This occurs because the...
K13255123: glibc vulnerability CVE-2017-18269
Security Advisory Description An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library aka glibc or libc6 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of t...
K54358225: BIG-IP APM Portal Access vulnerability CVE-2017-0301
Security Advisory Description In F5 BIG-IP APM software versions 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 and 12.1.2 BIG-IP APM portal access requests do not return the intended resources in some cases. This may allow access to internal BIG-IP APM resources,...
K63104801: OpenVPN vulnerabilities CVE-2017-7508, CVE-2017-7520, CVE-2017-7521, and CVE-2017-7522
Security Advisory Description CVE-2017-7508 OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. CVE-2017-7520 OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive...
K43625118: TMM vulnerability CVE-2018-15317
Security Advisory Description In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.2.1-11.6.3.2, an attacker sending specially crafted SSL records to a SSL Virtual Server will cause corruption in the SSL data structures leading to intermittent decrypt BADRECORDMAC errors. Clients...
K46641512: FreeType vulnerability CVE-2015-9382
Security Advisory Description FreeType before 2.6.1 has a buffer over-read in skipcomment in psaux/psobjs.c because psparserskipPStoken is mishandled in an FTNewMemoryFace operation. CVE-2015-9382 Impact An attacker may be able to use a maliciously crafted file to create a buffer overflow and...
K47009044: FreeBSD vulnerability CVE-2016-1887
Security Advisory Description Integer signedness error in the sockargs function in sys/kern/uipcsyscalls.c in FreeBSD 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to cause a denial of service memory overwrite and kernel panic or gain privileges via a negative buflen...
K00103182: Oniguruma vulnerability CVE-2019-13224
Security Advisory Description A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and...
K55102004: BIG-IP Edge Client for Windows vulnerability CVE-2020-5855
Security Advisory Description When the Windows Logon Integration feature is configured for BIG-IP Edge Client, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user. CVE-2020-5855 Impact Attackers may be able to bypass...
K00498403: Libgcrypt vulnerability CVE-2021-3345
Security Advisory Description gcrymdblockwrite in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later. CVE-2021-3345 Impact There is no impact; F5 products are not...
K25595031: zxfrd vulnerability CVE-2020-27725
Security Advisory Description zxfrd leaks memory when listing DNS zones. Zones can be listed via TMSH, iControl or SNMP; only users with access to those services can trigger this vulnerability. CVE-2020-27725 Impact The memory leak by the zxfrd process eventually causes the system to experience a...
K16506: NTP vulnerability CVE-2015-1799
Security Advisory Description The symmetric-key feature in the receive function in ntpproto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service...
K22715344: PolicyKit vulnerability CVE-2019-6133
Security Advisory Description In PolicyKit aka polkit 0.115, the "start time" protection mechanism can be bypassed because fork is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c...
K12542008: Apache Struts vulnerabilities CVE-2017-9793 and CVE-2017-9804
Security Advisory Description CVE-2017-9793 The REST Plugin in Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload. CVE-2017-9804 In Apache Stru...
K00334558: OpenSSL vulnerability CVE-2022-1473
Security Advisory Description The OPENSSLLHflush function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or...
K26738102: BIG-IP APM SSO vulnerability CVE-2016-3687
Security Advisory Description Insufficient validation of the SSOORIGURI parameter occurs when using multi-domain single sign-on SSO. CVE-2016-3687 Impact An attacker may be able to tamper with the URL used to redirect the user in a multi-domain SSO environment by using BIG-IP APM. Systems that do...
K04311751: Tcpdump vulnerability CVE-2018-19519
Security Advisory Description In tcpdump 4.9.2, a stack-based buffer over-read exists in the printprefix function of print-hncp.c via crafted packet data because of missing initialization. CVE-2018-19519 Impact There is no impact; F5 products are not affected by this vulnerability. Security...
K44020030: BIG-IP Client SSL Security Advisory CVE-2020-5936
Security Advisory Description The Traffic Management Microkernel TMM process may consume excessive resources when processing SSL traffic and client authentication are enabled on the client SSL profile. Impact TMM memory may eventually become exhausted and may result in the system producing a core...
K34369533: Node.js vulnerability CVE-2018-7161
Security Advisory Description All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service DoS by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner th...
K15402727: cURL vulnerability CVE-2020-8286
Security Advisory Description curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. CVE-2020-8286 Impact An attacker could provide a forged OCSP response to the F5 product that has made the request with curl...
K86783800: LibTIFF vulnerability CVE-2016-3945
Security Advisory Description Multiple integer overflows in the 1 cvtbystrip and 2 cvtbytile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service crash or execute arbitrary code via a crafted TIFF image, which...
K02771314: Oracle Java SE vulnerability CVE-2019-2699
Security Advisory Description Vulnerability in the Java SE component of Oracle Java SE subcomponent: Windows DLL. The supported version that is affected is Java SE: 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...
K10280318: Zend Framework vulnerability CVE-2016-6233
Security Advisory Description The 1 order and 2 group methods in ZendDbSelect in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern \w in a regular expression. CVE-2016-6233 Impact There is no impact;...
K72376285: Poppler vulnerability CVE-2017-18267
Security Advisory Description The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service infinite recursion via a crafted PDF file, as demonstrated by pdftops. CVE-2017-18267 Impact There is no impact; F5 products are not...
K06844177: PHP vulnerability CVE-2017-9229
Security Advisory Description An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in leftadjustcharhead during regular expression compilation. Invalid handling of reg-dmax in forwardsearchrange could result...
K14510263: IPv6 Neighbor Discovery crafted packet vulnerability CVE-2016-1409
Security Advisory Description The Neighbor Discovery ND protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service packet-processing outage via crafted ND messages, aka Bug ID CSCuz66542, ...
K81674333: Ruby vulnerabilities CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325
Security Advisory Description CVE-2019-8322 An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur. CVE-2019-8323 An issue was...
K76434343: gdk-pixbuf vulnerability CVE-2015-4491
Security Advisory Description Integer overflow in the makefiltertable function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary...
K82814400: Appliance mode tmsh vulnerability CVE-2019-6616
Security Advisory Description On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, administrative users with TMSH access can overwrite critical system files on BIG-IP which can result in bypass of whitelist / blacklist restrictions enforced by appliance...
K43520321: NGINX Controller API Vulnerability CVE-2020-5901
Security Advisory Description Undisclosed API endpoints may allow for a reflected Cross Site Scripting XSS attack. If the victim user is logged in as admin this could result in a complete compromise of the system. CVE-2020-5901 Impact For the attack to occur, a user must visit a specially crafted...
K80173446: Multiple Ruby vulnerabilities
Security Advisory Description CVE-2017-17742 Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick...
K80159635: Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12130
Security Advisory Description Microarchitectural Fill Buffer Data Sampling MFBDS: Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. CVE-2018-12130 Impact MDS...
K43292324: PHP vulnerability CVE-2017-9228
Security Advisory Description An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitsetsetrange during regular expression compilation due to an uninitialized variable from an incorrect...
K63525058: cURL vulnerability CVE-2020-8284
Security Advisory Description A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doin...
K97035296: Microarchitectural Load Port Data Sampling - Information Leak (MLPDS) CVE-2018-12127
Security Advisory Description Microarchitectural Load Port Data Sampling MLPDS: Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. CVE-2018-12127 Impact MDS...