6398 matches found
K11758085: OpenSSL vulnerability CVE-2016-6305
Security Advisory Description The ssl3readbytes function in record/reclayers3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service infinite loop by triggering a zero-length record in an SSLpeek call. CVE-2016-6305 Impact There is no impact; F5 products are not...
K91025336: Linux kernel vulnerability CVE-2019-13272
Security Advisory Description In the Linux kernel before 5.1.17, ptracelink in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child...
K82508682: Linux kernel vulnerability CVE-2017-6074
Security Advisory Description The dccprcvstateprocess function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCPPKTREQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service double free via an applicatio...
K82300604: Linux Kernel vulnerability CVE-2017-8831
Security Advisory Description The saa7164busget function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service out-of-bounds array access or possibly have unspecified other impact by changing a certain sequence-number value,...
K04831884: MySQL vulnerabilities CVE-2019-2800, CVE-2019-2801, CVE-2019-2802, CVE-2019-2803, and CVE-2019-2805
Security Advisory Description CVE-2019-2800 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Replication. Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple...
K61968355: Linux kernel vulnerability CVE-2017-7374
Security Advisory Description Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service NULL pointer dereference or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing...
K39512927: tcpdump vulnerabilities CVE-2016-7928, CVE-2016-7929, CVE-2016-7930, CVE-2016-7931, and CVE-2016-7933
Security Advisory Description CVE-2016-7928 The IPComp parser in tcpdump before 4.9.0 has a buffer overflow in print-ipcomp.c:ipcompprint. CVE-2016-7929 The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-juniper.c:juniperparseheader. CVE-2016-7930 The LLC/SNAP...
K04225025: tcpdump vulnerabilities CVE-2017-5202, CVE-2017-5203, CVE-2017-5204, CVE-2017-5205, and CVE-2017-5342
Security Advisory Description CVE-2017-5202 The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnpprint. CVE-2017-5203 The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootpprint. CVE-2017-5204 The IPv6 parser in tcpdump before 4.9...
K55792317: BIG-IP management vulnerability CVE-2016-9250
Security Advisory Description In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism. CVE-2016-9250 Impact An unauthenticated user with access to the...
K54843525: BIG-IP AAM DCDB vulnerability CVE-2018-15331
Security Advisory Description The dcdbconvert utility used by BIG-IP AAM fails to drop group permissions when executing helper scripts, which could be used to leverage attacks against the BIG-IP system. CVE-2018-15331 Impact This issue does not have a direct exploit, but may be used to leverage...
K54423555: PHP vulnerability CVE-2015-4147
Security Advisory Description The SoapClient::call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that defaultheaders is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an...
K54337315: Linux kernel vulnerability CVE-2019-12614
Security Advisory Description An issue was discovered in dlparparseccproperty in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop-name, which might allow an attacker to cause a denial of service NULL pointer dereference and system...
K53082045: Linux kernel Vulnerability CVE-2021-32399
Security Advisory Description net/bluetooth/hcirequest.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. CVE-2021-32399 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has...
K72403108: tcpdump vulnerabilities CVE-2016-7926, CVE-2016-7932, and CVE-2016-7938
Security Advisory Description CVE-2016-7926 The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in print-ether.c:ethertypeprint. CVE-2016-7932 The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print-pim.c:pimv2checkchecksum. CVE-2016-7938 The ZeroMQ parser in tcpdump...
K38424406: Intel RST vulnerability CVE-2019-14568
Security Advisory Description Improper permissions in the executable for IntelR RST before version 17.7.0.1006 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2019-14568 Impact There is no impact; F5 products are not affected by this...
K72752002: BIG-IP SSL/TLS CRL vulnerability CVE-2020-5913
Security Advisory Description The BIG-IP Client or Server SSL profile ignores revoked certificates, even when a valid CRL is present. This impacts SSL/TLS connections and may result in a man-in-the-middle attack on the connections. CVE-2020-5913 Impact The BIG-IP system does not enforce Transport...
K53225395: Node.js vulnerabilities CVE-2021-3672 and CVE-2021-22931
Security Advisory Description CVE-2021-3672 Missing input validation of host names returned by Domain Name Servers DNS in the c-ares library can lead to output of wrong hostnames which may lead to Domain Hijacking. CVE-2021-22931 Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote...
K43625118: TMM vulnerability CVE-2018-15317
Security Advisory Description In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.2.1-11.6.3.2, an attacker sending specially crafted SSL records to a SSL Virtual Server will cause corruption in the SSL data structures leading to intermittent decrypt BADRECORDMAC errors. Clients...
K44070243: OpenSSL vulnerability CVE-2019-1549
Security Advisory Description OpenSSL 1.1.1 introduced a rewritten random number generator RNG. This was intended to include protection in the event of a fork system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being...
K54358225: BIG-IP APM Portal Access vulnerability CVE-2017-0301
Security Advisory Description In F5 BIG-IP APM software versions 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 and 12.1.2 BIG-IP APM portal access requests do not return the intended resources in some cases. This may allow access to internal BIG-IP APM resources,...
K62318311: glibc vulnerability CVE-2017-17426
Security Advisory Description The malloc function in the GNU C Library aka glibc or libc6 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZEMAX, potentially leading to a subsequent heap overflow. This occurs because the...
K13255123: glibc vulnerability CVE-2017-18269
Security Advisory Description An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library aka glibc or libc6 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of t...
K63104801: OpenVPN vulnerabilities CVE-2017-7508, CVE-2017-7520, CVE-2017-7521, and CVE-2017-7522
Security Advisory Description CVE-2017-7508 OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. CVE-2017-7520 OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive...
K34120074: PostgreSQL vulnerability CVE-2020-1720
Security Advisory Description A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to...
K00103182: Oniguruma vulnerability CVE-2019-13224
Security Advisory Description A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and...
K55102004: BIG-IP Edge Client for Windows vulnerability CVE-2020-5855
Security Advisory Description When the Windows Logon Integration feature is configured for BIG-IP Edge Client, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user. CVE-2020-5855 Impact Attackers may be able to bypass...
K47009044: FreeBSD vulnerability CVE-2016-1887
Security Advisory Description Integer signedness error in the sockargs function in sys/kern/uipcsyscalls.c in FreeBSD 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to cause a denial of service memory overwrite and kernel panic or gain privileges via a negative buflen...
K46641512: FreeType vulnerability CVE-2015-9382
Security Advisory Description FreeType before 2.6.1 has a buffer over-read in skipcomment in psaux/psobjs.c because psparserskipPStoken is mishandled in an FTNewMemoryFace operation. CVE-2015-9382 Impact An attacker may be able to use a maliciously crafted file to create a buffer overflow and...
K22715344: PolicyKit vulnerability CVE-2019-6133
Security Advisory Description In PolicyKit aka polkit 0.115, the "start time" protection mechanism can be bypassed because fork is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c...
K00498403: Libgcrypt vulnerability CVE-2021-3345
Security Advisory Description gcrymdblockwrite in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later. CVE-2021-3345 Impact There is no impact; F5 products are not...
K16506: NTP vulnerability CVE-2015-1799
Security Advisory Description The symmetric-key feature in the receive function in ntpproto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service...
K25595031: zxfrd vulnerability CVE-2020-27725
Security Advisory Description zxfrd leaks memory when listing DNS zones. Zones can be listed via TMSH, iControl or SNMP; only users with access to those services can trigger this vulnerability. CVE-2020-27725 Impact The memory leak by the zxfrd process eventually causes the system to experience a...
K12542008: Apache Struts vulnerabilities CVE-2017-9793 and CVE-2017-9804
Security Advisory Description CVE-2017-9793 The REST Plugin in Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload. CVE-2017-9804 In Apache Stru...
K44020030: BIG-IP Client SSL Security Advisory CVE-2020-5936
Security Advisory Description The Traffic Management Microkernel TMM process may consume excessive resources when processing SSL traffic and client authentication are enabled on the client SSL profile. Impact TMM memory may eventually become exhausted and may result in the system producing a core...
K04311751: Tcpdump vulnerability CVE-2018-19519
Security Advisory Description In tcpdump 4.9.2, a stack-based buffer over-read exists in the printprefix function of print-hncp.c via crafted packet data because of missing initialization. CVE-2018-19519 Impact There is no impact; F5 products are not affected by this vulnerability. Security...
K34369533: Node.js vulnerability CVE-2018-7161
Security Advisory Description All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service DoS by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner th...
K00334558: OpenSSL vulnerability CVE-2022-1473
Security Advisory Description The OPENSSLLHflush function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or...
K26738102: BIG-IP APM SSO vulnerability CVE-2016-3687
Security Advisory Description Insufficient validation of the SSOORIGURI parameter occurs when using multi-domain single sign-on SSO. CVE-2016-3687 Impact An attacker may be able to tamper with the URL used to redirect the user in a multi-domain SSO environment by using BIG-IP APM. Systems that do...
K15402727: cURL vulnerability CVE-2020-8286
Security Advisory Description curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. CVE-2020-8286 Impact An attacker could provide a forged OCSP response to the F5 product that has made the request with curl...
K72376285: Poppler vulnerability CVE-2017-18267
Security Advisory Description The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service infinite recursion via a crafted PDF file, as demonstrated by pdftops. CVE-2017-18267 Impact There is no impact; F5 products are not...
K02771314: Oracle Java SE vulnerability CVE-2019-2699
Security Advisory Description Vulnerability in the Java SE component of Oracle Java SE subcomponent: Windows DLL. The supported version that is affected is Java SE: 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...
K86783800: LibTIFF vulnerability CVE-2016-3945
Security Advisory Description Multiple integer overflows in the 1 cvtbystrip and 2 cvtbytile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service crash or execute arbitrary code via a crafted TIFF image, which...
K06844177: PHP vulnerability CVE-2017-9229
Security Advisory Description An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in leftadjustcharhead during regular expression compilation. Invalid handling of reg-dmax in forwardsearchrange could result...
K10280318: Zend Framework vulnerability CVE-2016-6233
Security Advisory Description The 1 order and 2 group methods in ZendDbSelect in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern \w in a regular expression. CVE-2016-6233 Impact There is no impact;...
K81674333: Ruby vulnerabilities CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325
Security Advisory Description CVE-2019-8322 An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur. CVE-2019-8323 An issue was...
K14510263: IPv6 Neighbor Discovery crafted packet vulnerability CVE-2016-1409
Security Advisory Description The Neighbor Discovery ND protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service packet-processing outage via crafted ND messages, aka Bug ID CSCuz66542, ...
K80159635: Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12130
Security Advisory Description Microarchitectural Fill Buffer Data Sampling MFBDS: Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. CVE-2018-12130 Impact MDS...
K43292324: PHP vulnerability CVE-2017-9228
Security Advisory Description An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitsetsetrange during regular expression compilation due to an uninitialized variable from an incorrect...
K82814400: Appliance mode tmsh vulnerability CVE-2019-6616
Security Advisory Description On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, administrative users with TMSH access can overwrite critical system files on BIG-IP which can result in bypass of whitelist / blacklist restrictions enforced by appliance...
K80173446: Multiple Ruby vulnerabilities
Security Advisory Description CVE-2017-17742 Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick...