6401 matches found
K10204425: PHP vulnerability CVE-2018-5712
Security Advisory Description An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file. CVE-2018-5712 Impact There is no impact; F5 products are not...
K08641512: glibc vulnerability CVE-2020-27618
Security Advisory Description The iconv function in the GNU C Library aka glibc or libc6 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in...
K61705126: BIG-IP APM apd vulnerability CVE-2019-6661
Security Advisory Description When the BIG-IP APM system processes certain requests, the apd/apmd process may consume excessive resources. CVE-2019-6661 Impact BIG-IP APM When this vulnerability is exploited, the BIG-IP APM system may experience excessive resource consumption, which may cause one...
K10522033: Intel CSME and TXE vulnerability CVE-2019-0098
Security Advisory Description Logic bug vulnerability in subsystem for IntelR CSME before version 12.0.35, IntelR TXE before 3.1.65, 4.0.15 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. CVE-2019-0098 Impact An attacker with physical access to...
K35925420: Intel software vulnerabilities CVE-2020-8754, CVE-2020-8757, CVE-2020-8760, CVE-2020-12356
Security Advisory Description CVE-2020-8754 Out-of-bounds read in subsystem for IntelR AMT, IntelR ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access. CVE-2020-8757 Out-of-bounds re...
K22441651: BIG-IP TMUI XSS vulnerability CVE-2019-6657
Security Advisory Description A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface TMUI, also known as the BIG-IP Configuration utility. CVE-2019-6657 Impact An attacker may exploit this vulnerability using a crafted URL ...
K51011533: Expat XML parser vulnerability CVE-2018-20843
Security Advisory Description In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing enough to be usable for denial-of-service attacks. CVE-2018-20843 Impact...
K05122252: Bash vulnerability CVE-2012-6711
Security Advisory Description A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LCCTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the...
K67317871: Python Pillow vulnerability CVE 2016-4009
Security Advisory Description Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow. CVE-2016-4009 Impact There ...
K04265252: MySQL vulnerabilities CVE-2019-2502, CVE-2019-2503, CVE-2019-2507, CVE-2019-2510, and CVE-2019-2528
Security Advisory Description CVE-2019-2502 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...
K22025917: Apache CXF vulnerability CVE-2018-8038
Security Advisory Description Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations DTDs when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters. CVE-2018-8038...
K21423526: Intel CSME and TXE vulnerability CVE-2019-0091
Security Advisory Description Code injection vulnerability in installer for IntelR CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and IntelR TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access. CVE-2019-0091 Impact A locally...
K21882212: Intel software vulnerabilities CVE-2020-8750 CVE-2020-12355
Security Advisory Description CVE-2020-8750 Use after free in Kernel Mode Driver for IntelR TXE versions before 3.1.80 and 4.0.30 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2020-12355 Authentication bypass by capture-replay in RPMB protocol...
K17386005: MySQL vulnerabilities CVE-2019-2420, CVE-2019-2434, CVE-2019-2435, CVE-2019-2436, and CVE-2019-2455
Security Advisory Description CVE-2019-2420 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network...
K20127031: Apache Struts vulnerability CVE-2012-0391
Security Advisory Description The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted...
K56331254: Apache HTTP server vulnerability CVE-2021-41524
Security Advisory Description While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No...
K55922302: XSS in F5 WebSafe Dashboard vulnerability CVE-2016-5236
Security Advisory Description Cross-Site-Scripting XSS vulnerabilities in F5 WebSafe Dashboard allow privileged authenticated users to inject arbitrary web script or HTML when creating a new user, account or signature. CVE-2016-5236 Impact An attacker with a privileged account may be able to inje...
K24593421: Oracle Java SE vulnerability CVE-2018-2798
Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: AWT. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows...
K24084759: Linux kernel vulnerability CVE-2018-9517
Security Advisory Description In pppol2tpconnect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel...
K25401610: OpenJDK vulnerability CVE-2021-2161
Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition:...
K32616738: Linux kernel vulnerability CVE-2017-15265
Security Advisory Description Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service use-after-free or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seqclientmgr.c and...
K27129140: mod_auth_digest vulnerability CVE-2020-35452
Security Advisory Description Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or...
K23124150: GeoIP vulnerability CVE-2018-5521
Security Advisory Description Carefully crafted URLs can be used to reflect arbitrary content into GeoIP lookup responses, potentially exposing clients to XSS. CVE-2018-5521 Impact BIG-IP Clients accessing the affected system may be exposed to cross-site scripting XSS attacks. This vulnerability...
K16472: glibc vulnerability CVE-2013-7424
Security Advisory Description The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AIIDN flag is used, allows context-dependent attackers to cause a denial of service invalid free and possibly execute arbitrary code via unspecified vectors, as demonstrated by an...
K20176943: Linux kernel vulnerability CVE-2019-25045
Security Advisory Description An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an xfrmstatefini panic, aka CID-dbb2483b2a46. CVE-2019-25045 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisor...
K17462: Linux kernel vulnerability CVE-2015-2830
Security Advisory Description arch/x86/kernel/entry64.S in the Linux kernel before 3.19.2 does not prevent the TSCOMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the 1 fork or 2 close...
K18364001: Node.js vulnerability CVE-2017-15896
Security Advisory Description Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSLread due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS...
K19473400: Linux Kernel vulnerability CVE-2018-9516
Security Advisory Description In hiddebugeventsread of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product...
K92254835: Binutils vulnerability CVE-2018-12641
Security Advisory Description An issue was discovered in armpt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demanglearmhptemplate, demangleclassname,...
K96223611: BIND vulnerability CVE-2021-25215
Security Advisory Description In BIND 9.0.0 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 - 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named...
K52145254: TMUI RCE vulnerability CVE-2020-5902
Security Advisory Description The Traffic Management User Interface TMUI, also referred to as the Configuration utility, has a Remote Code Execution RCE vulnerability in undisclosed pages. CVE-2020-5902 Impact This vulnerability allows for unauthenticated attackers, or authenticated users, with...
K67213091: Zlib vulnerability CVE-2022-37434
Security Advisory Description zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but ma...
K98155950: Linux kernel vulnerability CVE-2018-19824
Security Advisory Description In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device with zero interfaces that is mishandled in usbaudioprobe in sound/usb/card.c. CVE-2018-19824 Impact There is no impact; F5...
K83181523: PHP vulnerability CVE-2018-10546
Security Advisory Description An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences. CVE-2018-10546 Impact There is no...
K56105136: BIND vulnerability CVE-2022-0396
Security Advisory Description BIND 9.16.11 - 9.16.26, 9.17.0 - 9.18.0 and versions 9.16.11-S1 - 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSEWAIT status for an indefinite period of time, even after the client ha...
K33151296: SNMP vulnerability CVE-2007-5846
Security Advisory Description The SNMP agent snmpagent.c in net-snmp before 5.4.1 allows remote attackers to cause a denial of service CPU and memory consumption via a GETBULK request with a large max-repeaters value. CVE-2007-5846 Impact An attacker may be able to cause a CPU and memory...
K43470422: BIG-IP MPTCP vulnerability CVE-2021-23003
Security Advisory Description The Traffic Management Microkernel TMM process may produce a core file when undisclosed MPTCP traffic passes through a standard virtual server. CVE-2021-23003 Impact A remote attacker may be able to cause the BIG-IP system to produce a core file, disrupting the flow ...
K43638305: BIG-IP TMUI XSS vulnerability CVE-2020-5903
Security Advisory Description A Cross-Site Scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. CVE-2020-5903 Impact An attacker can exploit this vulnerability to run JavaScript in the context of the currently logged-in user. In the case of an...
K54143451: Java SE JRockit Vulnerability CVE-2018-2794
Security Advisory Description Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to...
K45012029: OpenJDK vulnerability CVE-2020-14796, CVE-2020-14798, CVE-2020-14803
Security Advisory Description CVE-2020-14796 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows...
K60350722: Java SE Embedded vulnerability CVE-2018-2814
Security Advisory Description Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Hotspot. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker...
K54252492: Side-channel processor vulnerability CVE-2018-3693
Security Advisory Description Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. CVE-2018-3693 also known as Spectre ...
K63326092: NTP vulnerability CVE-2016-7434
Security Advisory Description The readmrulist function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service crash via a crafted mrulist query. CVE-2016-7434 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...
K43523962: BIG-IP APM XSS vulnerability CVE-2016-9257
Security Advisory Description BIG-IP APM 12.0.0 through 12.1.2 is vulnerable to Cross Site Scripting XSS injection due to rendering of not escaped/not encoded content of session variables in Access Reports. CVE-2016-9257 Impact A malicious non-authenticated user may be able to inject JavaScript...
K32582354: Multiple dnsmasq vulnerabilities
Security Advisory Description CVE-2017-14491 Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service crash or execute arbitrary code via a crafted DNS response. CVE-2017-14492 Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers ...
K31510510: OpenSSH vulnerability CVE-2016-6515
Security Advisory Description The authpassword function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service crypt CPU consumption via a long string. CVE-2016-6515 Impact This...
K54039800: MatrixSSL vulnerability CVE-2016-6883
Security Advisory Description MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack. CVE-2016-6883 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status...
K98201023: PostgreSQL vulnerability CVE-2018-16850
Security Advisory Description postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pgupgrade and pgdump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges...
K62477129: MySQL vulnerability CVE-2016-5584
Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption. CVE-2016-5584 Impact There is no impact; F5 products a...
K54747614: Java SE and JRockit vulnerability CVE-2017-10243
Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JAX-WS. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows...