6294 matches found
K17515: NTP vulnerability CVE-2015-7855
Security Advisory Description The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service assertion failure via a 6 or mode 7 packet containing a long data value. CVE-2015-7855 Impact A locally authenticated user may ...
K15254040: Linux kernel vulnerability CVE-2018-1130
Security Advisory Description Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccpwritexmit function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls. CVE-2018-1130 Impact There is no...
K16213320: Python Pillow vulnerabilities CVE-2020-5312 and CVE-2020-5313
Security Advisory Description CVE-2020-5312 libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow. CVE-2020-5313 libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow. Impact There is no impact; F5 products are not affected by this vulnerability. Securi...
K17516: NTP vulnerability CVE-2015-7852
Security Advisory Description ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service crash via crafted mode 6 response packets. CVE-2015-7852 Impact While the scope of the impact is limited, an attacker may be able to craft response packets...
K21512823: MySQL vulnerabilities CVE-2018-2645, CVE-2018-2646, CVE-2018-2647, CVE-2018-2665, and CVE-2018-2667
Security Advisory Description CVE-2018-2645 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Performance Schema. Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with...
K08478022: Linux kernel vulnerability CVE-2017-7616
Security Advisory Description Incorrect error handling in the setmempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation...
K17238: Node.js vulnerability CVE-2015-5380
Security Advisory Description The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that there is memory available for a UTF-16 surrogate pair, which allows...
K16562029: Linux kernel vulnerability CVE-2016-3841
Security Advisory Description The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service use-after-free and system crash via a crafted sendmsg system call.CVE-2016-3841 Impact There is no impact; F5 products ar...
K17241: Linux kernel vulnerability CVE-2014-9585
Security Advisory Description The vdsoaddr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD...
K08441753: Multiple Intel Ethernet 700 Series Controllers vulnerabilities
Security Advisory Description CVE-2019-0139 Insufficient access control in firmware for IntelR Ethernet 700 Series Controllers before version 7.0 may allow a privileged user to potentially enable an escalation of privilege, denial of service, or information disclosure via local access...
K57255643: libssh vulnerability CVE-2016-0739
Security Advisory Description libssh before 0.7.3 improperly truncates ephemeral secrets generated for the 1 diffie-hellman-group1 and 2 diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via...
K04524282: XSS vulnerability in undisclosed TMUI page CVE-2018-15314
Security Advisory Description A reflected Cross-Site Scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the current logged-in user. CVE-2018-15314 Impact BIG-IP A remote unauthenticated...
K13351036: DPDK vulnerabilities CVE-2020-10722 and CVE-2020-10723
Security Advisory Description CVE-2020-10722 A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhostusersetlogbase could result in a smaller memory map than requested, possibly allowing memory corruption. CVE-2020-10723 A memory corruption issu...
K04337527: Linux kernel vulnerability CVE-2018-5803
Security Advisory Description In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "sctpmakechunk" function net/sctp/smmakechunk.c when handling SCTP packets length can be exploited to cause a kernel crash. CVE-2018-5803 Impact An attacker can...
K41774512: Intel CPU vulnerabilities CVE-2020-0528, CVE-2020-0529
Security Advisory Description CVE-2020-0528 Improper buffer restrictions in BIOS firmware for 7th, 8th, 9th and 10th Generation IntelR CoreTM Processor families may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access. CVE-2020-0529...
K20134942: SSL Forward Proxy vulnerability CVE-2018-5527
Security Advisory Description A remote attacker using undisclosed methods against virtual servers configured with a Client SSL or Server SSL profile that has the SSL Forward Proxy feature enabled can force the Traffic Management Microkernel TMM to leak memory. As a result, system memory usage...
K51396437: Apache vulnerability CVE-2022-23943
Security Advisory Description Out-of-bounds Write vulnerability in modsed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. CVE-2022-23943 Impact There is no impact; ...
K51182024: libxml2 2.7.8 vulnerability CVE-2010-4494
Security Advisory Description Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling...
K17457324: PHP vulnerability CVE-2020-7066
Security Advisory Description In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using getheaders with user-supplied URL, if the URL contains zero \0 character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions...
K18535734: BIG-IP Secure Vault vulnerability CVE-2019-6609
Security Advisory Description This vulnerability impacts only the iSeries platforms. On these platforms, the secureKeyCapable attribute is not set, which causes the Secure Vault feature to not use F5 hardware support to store the unit key. Instead, the unit key is stored in plaintext on disk, as ...
K34425791: Intel processor vulnerabilities CVE-2019-0151, CVE-2019-0152
Security Advisory Description CVE-2019-0151 Insufficient memory protection in IntelR TXT for certain IntelR Core Processors and IntelR XeonR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2019-0152 Insufficient memory protection in Syste...
K85113405: Adobe Flash Player vulnerability CVE-2020-9746
Security Advisory Description Adobe Flash Player version 32.0.0.433 and earlier are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. Exploitation of this issue requires an attacker to insert malicious strings in an HTTP...
K31603170: Linux kernel vulnerability CVE-2016-7097
Security Advisory Description The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. CVE-2016-7097...
K17525: NTP vulnerability CVE-2015-7853
Security Advisory Description The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service crash via a negative input value. CVE-2015-7853 Impact Running a custom refclock driver in...
K32305110: mod_session vulnerability CVE-2021-26691
Security Advisory Description In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow CVE-2021-26691 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...
K17526: NTP vulnerability CVE-2015-7848
Security Advisory Description An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed b...
K63163637: BIG-IP TMUI vulnerability CVE-2021-23043
Security Advisory Description A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to access arbitrary files. CVE-2021-23043 Impact An authenticated attacker may exploit this vulnerability by sending a crafted request to the...
K64119434: GNU C Library vulnerability CVE-2009-5155
Security Advisory Description In the GNU C Library aka glibc or libc6 before 2.28, parseregexp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service assertion failure and application exit or trigger an incorrect result by attempting a regular-expression...
K30845195: Linux kernel vulnerability CVE-2018-5703
Security Advisory Description The tcpv6synrecvsock function in net/ipv6/tcpipv6.c in the Linux kernel through 4.14.11 allows attackers to cause a denial of service slab out-of-bounds write or possibly have unspecified other impact via vectors involving TLS. CVE-2018-5703 Impact Traffix SDC When...
K75547109: Samba vulnerability CVE-2020-25717
Security Advisory Description A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. CVE-2020-25717 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...
K70134152: BIG-IP ASM, F5 Advanced WAF, and NGINX App Protect encoded directory traversal security exposure
Security Advisory Description The BIG-IP ASM, F5 Advanced Web Application Firewall Advanced WAF, and NGINX App Protect systems may fail to detect encoded directory traversal in the URL. This issue occurs when the following condition is met: The affected security policy is enabled with an evasion...
K30314331: glibc vulnerability CVE-2017-15671
Security Advisory Description The glob function in glob.c in the GNU C Library aka glibc or libc6 before 2.27, when invoked with GLOBTILDE, could skip freeing allocated memory when processing the operator with a long user name, potentially leading to a denial of service memory leak. CVE-2017-1567...
K04107324: Linux kernel vulnerability CVE-2019-3900
Security Advisory Description An infinite loop issue was found in the vhostnet kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handlerx. It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote on...
K70652532: F5 BIG-IP Guided Configuration logging vulnerability CVE-2021-23046
Security Advisory Description When a configuration that contains secure properties is created and deployed from BIG-IP Guided Configuration AGC, secure properties are logged in restnoded logs. CVE-2021-23046 Impact Users with access to restnoded logs may gain access to sensitive information from...
K63714476: Linux kernel vulnerabilities CVE-2022-26353 and CVE-2021-3748
Security Advisory Description CVE-2022-26353 A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEM...
K01251345: OpenSSL vulnerability CVE-2020-1967
Security Advisory Description Server or client applications that call the SSLcheckchain function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signaturealgorithmscert" TLS extension. The crash occurs if an invalid or...
K02620788: OpenJDK vulnerabilities CVE-2019-2977, CVE-2019-2996, and CVE-2019-2975
Security Advisory Description CVE-2019-2977 Vulnerability in the Java SE product of Oracle Java SE component: Hotspot. Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...
K82392041: Apache Commons FileUpload vulnerability CVE-2016-3092
Security Advisory Description The MultipartStream class in Apache Commons Filepload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial-of-service CPU consumption via...
K82034427: BIG-IP FTP profile vulnerability CVE-2022-26130
Security Advisory Description When an Active mode-enabled FTP profile is configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing active FTP data channel connections. CVE-2022-26130 Impact Traffic is disrupted for active FTP data channel connections. Thi...
K83713003: RetBleed CPU vulnerability CVE-2022-29901
Security Advisory Description There are two RetBleed vulnerabilities. This article applies to CVE-2022-29901. For information about CVE-2022-29900 refer to the following article: K57185580: RetBleed CPU vulnerability CVE-2022-29900 Intel microprocessor generations 6 to 8 are affected by a new...
K80055530: NGINX NJS vulnerability CVE-2022-43286
Security Advisory Description Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njsjsonparseiteratorcall at njsjson.c. CVE-2022-43286 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...
K50401227: Linux kernel vulnerability CVE-2022-26354
Security Advisory Description A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions = 6.2.0. CVE-2022-26354 Impact There...
K59313410: OpenSSL vulnerability CVE-2022-2274
Security Advisory Description The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X8664 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during...
K62506335: libgxps vulnerability CVE-2018-10733
Security Advisory Description There is a heap-based buffer over-read in the function ftfontfacehash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack. CVE-2018-10733 Impact There is no impact; F5 products are not affected by this vulnerabilit...
K57185580: RetBleed CPU vulnerability CVE-2022-29900
Security Advisory Description There are two RetBleed vulnerabilities. This article applies to CVE-2022-29900. For information about CVE-2022-29901, refer to the following article: K83713003: RetBleed CPU vulnerability CVE-2022-29901 Mis-trained branch predictions for return instructions may allow...
K53825211: PHP vulnerability CVE-2019-9637
Security Advisory Description An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus...
K50459349: Expat XML library vulnerability CVE-2015-2716
Security Advisory Description Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283...
K30363030: PHP vulnerability CVE-2016-5771
Security Advisory Description splarray.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and...
K27992001: MySQL vulnerabilities CVE-2018-2805, CVE-2018-2810, CVE-2018-2812, CVE-2018-2813, and CVE-2018-2816
Security Advisory Description CVE-2018-2805 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: GIS Extension. Supported versions that are affected are 5.6.39 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocol...
K32702281: Oracle MySQL vulnerabilities CVE-2018-2782, CVE-2018-2784, CVE-2018-2786, and CVE-2018-2787
Security Advisory Description CVE-2018-2782 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via...