K31757417: The BIG-IP APM system may log passwords in plaintext when the Debug log level is enabled

Security Advisory Description This issue occurs when all of the following conditions are met: You enable the Debug log level for the access policy. You configure the access policy on the BIG-IP APM system with either of the following: Citrix Login prompt with two-factor authentication Logon page...

K16010: GNU C Library (glibc) vulnerability CVE-2014-7817

Security Advisory Description The wordexp function in GNU C Library aka glibc 2.21 does not enforce the WRDENOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$...". CVE-2014-7817 Impact An attacker with local access and...

K15571: OpenSSL vulnerability CVE-2014-3508

Security Advisory Description Description The OBJobj2txt function in crypto/objects/objdat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to...

K15573: OpenSSL DTLS vulnerabilities CVE-2014-3505, CVE-2014-3506, and CVE-2014-3507

Security Advisory Description CVE-2014-3505 Double free vulnerability in d1both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service application crash via crafted DTLS packets that trigger a...

K15548: Rsync sender.c vulnerability CVE-2007-4091

Security Advisory Description Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the fname function. CVE-2007-4091 Impact There is no impact; F5 products are not affected b...

K14933: Apache Struts vulnerability CVE-2013-2251

Security Advisory Description Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted 1 action:, 2 redirect:, or 3 redirectAction: prefix. CVE-2013-2251 Impact None Security Advisory Status To determine if your release is kno...

K73202036: Configuring SSL Forward Proxy and an OCSP stapling profile may allow a connection to a website with a revoked certificate

Security Advisory Description When you have configured the BIG-IP system for SSL Forward Proxy and have also configured an Online Certificate Status Protocol OCSP stapling profile, under certain conditions, the client could connect to a website with a revoked certificate without knowing it, despi...

K15732489: When authentication is set to require, the Client SSL or Server SSL profile does not report an error when it has an associated invalid CRL

Security Advisory Description When authentication is set to require , the Client SSL or Server SSL profile does not report an error when it has an associated invalid Certificate Revocation List CRL. This issue occurs when all of the following conditions are met: The Client SSL or Server SSL profi...

K04246541: MySQL vulnerabilities CVE-2019-2689, CVE-2019-2691, CVE-2019-2693, CVE-2019-2694, and CVE-2019-2695

Security Advisory Description CVE-2019-2689 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

K20902096: Linux kernel vulnerability CVE-2016-6786

Security Advisory Description kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 30955111. CVE-2016-6786 Impact This...

K25370250: Linux kernel vulnerability CVE-2020-10690

Security Advisory Description There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptpclock and cdev while resource deallocation. When a high privileged process allocates a ptp device file like /dev/ptpX and voluntarily goes to sleep. During this...

K03126093: TMOS vulnerability CVE-2019-6664

Security Advisory Description On BIG-IP 15.0.0 and 14.1.0-14.1.0.6, under certain conditions, network protections on the management port do not follow current best practices. CVE-2019-6664 Impact BIG-IP The default firewall rules for the management interface are not reliably reinstalled after fir...

K22148713: BIND vulnerability CVE-1999-0184

Security Advisory Description When compiled with the -DALLOWUPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records. CVE-1999-0184 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5...

K01049383: BIG-IP restjavad vulnerability CVE-2019-6662

Security Advisory Description Sensitive information is logged into the local log files and/or remote logging targets when restjavad processes an invalid request. Users with access to the log files would be able to view that data. CVE-2019-6662 Impact When logging invalid requests, such as HTTP co...

K20072454: Linux kernel vulnerability CVE-2021-43267

Security Advisory Description An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication TIPC functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSGCRYPTO message type...

K86162657: Intel Linux Bluetooth Drivers vulnerabilities CVE-2020-12321, CVE-2020-12322

Security Advisory Description CVE-2020-12321 Improper buffer restriction in some IntelR Wireless BluetoothR products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. CVE-2020-12322 Improper input validation in some IntelR...

K00374275: Apache Traffic Server vulnerability CVE-2021-43082

Security Advisory Description Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory. This issue affects Apache Traffic Server 9.1.0. CVE-2021-43082 Impact There is no impact;...

K02613439: Linux kernel vulnerability CVE-2017-9076

Security Advisory Description The dccpv6requestrecvsock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890...

K81172534: Linux kernel vulnerability CVE-2017-2583

Security Advisory Description The loadsegmentdescriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" instruction, which allows guest OS users to cause a denial of service guest OS crash or gain guest OS privileges via a...

K14812883: BIG-IP ASM XSS vulnerability CVE-2019-6607

Security Advisory Description This is a stored cross-site scripting XSS vulnerability in an ASM violation viewed in the Configuration utility. In the worst case, an attacker can store a CSRF, which results in code execution as the admin user. CVE-2019-6607 The user levels that can store this atta...

K84940705: cURL and libcurl vulnerability CVE-2016-8623

Security Advisory Description A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure. CVE-2016-8623 Impact A use-after-free can occur with shared cookies, allowing a user or process...

K11818407: REST Framework vulnerability CVE-2019-6602

Security Advisory Description The Configuration utility login page may not follow best security practices when handling a malicious request. CVE-2019-6602 Impact BIG-IP The Configuration utility login page returns an inconsistent HTTP response when processing modified requests; this may provide...

K81211720: Linux kernel vulnerability CVE-2017-6214

Security Advisory Description The tcpspliceread function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service infinite loop and soft lockup via vectors involving a TCP packet with the URG flag. CVE-2017-6214 Impact An attacker, using a specially...

K80622270: Linux kernel vulnerability CVE-2020-10742

Security Advisory Description A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this...

K85633044: Linux kernel vulnerability CVE-2019-3459

Security Advisory Description A heap address information leak while using L2CAPGETCONFOPT was discovered in the Linux kernel before 5.1-rc1. CVE-2019-3459 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated t...

K42793451: MySQL vulnerabilities CVE-2019-2634, CVE-2019-2635, CVE-2019-2636, CVE-2019-2644, and CVE-2019-2681

Security Advisory Description CVE-2019-2634 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Replication. Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure...

K57397944: Linux kernel vulnerability CVE-2019-19807

Security Advisory Description In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to sndtimeropen and sndtimercloselocked. The timeri variable was originally intended to be for a newly created timer...

K58541692: Linux kernel vulnerability CVE-2019-20054

Security Advisory Description In the Linux kernel before 5.0.6, there is a NULL pointer dereference in dropsysctltable in fs/proc/procsysctl.c, related to putlinks, aka CID-23da9588037e. CVE-2019-20054 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisor...

K60104355: Linux kernel vulnerability CVE-2017-5970

Security Advisory Description The ipv4pktinfoprepare function in net/ipv4/ipsockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service system crash via 1 an application that makes crafted system calls or possibly 2 IPv4 traffic with invalid IP options. CVE-2017-597...

K64343470: Linux kernel vulnerability CVE-2017-6874

Security Advisory Description Race condition in kernel/ucount.c in the Linux kernel through 4.10.2 allows local users to cause a denial of service use-after-free and system crash or possibly have unspecified other impact via crafted system calls that leverage certain decrement behavior that cause...

K64928095: Java SE vulnerability CVE-2019-2983

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attack...

K69232741: Linux kernel vulnerability CVE-2019-20934

Security Advisory Description An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in shownumastats because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c. CVE-2019-20934 Impact There is no impact; F5...

K01152385: Binutils vulnerabilities CVE-2018-8945, CVE-2018-12697, CVE-2018-12698, CVE-2018-12699, and CVE-2018-12700

Security Advisory Description CVE-2018-8945 The bfdsectionfromshdr function in elf.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service segmentation fault via a large attribute section. CVE-2018-12697 A...

K11443432: Linux kernel vulnerability CVE-2018-19406

Security Advisory Description kvmpvsendipi in arch/x86/kvm/lapic.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service NULL pointer dereference and BUG via crafted system calls that reach a situation where the apic map is uninitialized. CVE-2018-19406 Impact There i...

K45593826: LibTIFF vulnerabilities CVE-2015-8870, CVE-2016-5652, CVE-2016-9536, CVE-2016-9537, and CVE-2016-9540

Security Advisory Description CVE-2015-8870 Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service heap-based buffer over-read, or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or...

K00958787: NGINX Controller vulnerability CVE-2020-5867

Security Advisory Description The NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages. CVE-2020-5867 Impact A man-in-the-middle MITM attacker can use this vulnerability to intercept the insecure HTTP channel and convincingly forge any...

K01051400: Linux kernel vulnerability CVE-2020-14356

Security Advisory Description A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system. CVE-2020-14356 Impact There ...

K54193041: Java SE vulnerability CVE-2019-2999

Security Advisory Description Vulnerability in the Java SE product of Oracle Java SE component: Javadoc. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...

K61429540: Linux kernel vulnerability CVE-2017-9077

Security Advisory Description The tcpv6synrecvsock function in net/ipv6/tcpipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890...

K93000310: Apache Tomcat vulnerability CVE-2019-0199

Security Advisory Description The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for...

K18129121: Linux kernel vulnerability CVE-2019-19767

Security Advisory Description The Linux kernel before 5.4.2 mishandles ext4expandextraisize, as demonstrated by use-after-free errors in ext4expandextraisize and ext4xattrsetentry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163. CVE-2019-19767 Impact There is no impact; F5...

K46603852: Intel CPU vulnerability CVE-2017-5691

Security Advisory Description Incorrect check in Intel processors from 6th and 7th Generation Intel Core Processor Families, Intel Xeon E3-1500M v5 and v6 Product Families, and Intel Xeon E3-1200 v5 and v6 Product Families allows compromised system firmware to impact SGX security via incorrect...

K03314397: libcurl vulnerability CVE-2018-16890

Security Advisory Description libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages lib/vauth/ntlm.c:ntlmdecodetype2target does not validate incoming data correctly and is subject to an integer overflow...

K47096851: Apache Tomcat vulnerability CVE-2022-29885

Security Advisory Description The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the...

K50301222: PHP EXIF extension vulnerabilities CVE-2019-11047 and CVE-2019-11050

Security Advisory Description CVE-2019-11047 When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated...

K28902827: Apache mod_http2 vulnerability CVE-2018-11763

Security Advisory Description In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not...

K58235223: BIG-IP APM access policy vulnerability CVE-2022-35245

Security Advisory Description When a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-35245 Impact Traffic is disrupted while TMM restarts. This vulnerability allows an attacker to cause a...

K01106224: Java SE vulnerability CVE-2019-2964

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Concurrency. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker...

K00539290: Linux kernel vulnerability CVE-2019-19534

Security Advisory Description In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peakusb/pcanusbcore.c driver, aka CID-f7a1337f0d29. CVE-2019-19534 Impact There is no impact; F5 products are not affected by this...

K78825687: Python and Jython vulnerability CVE-2014-7185

Security Advisory Description Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. CVE-2014-7185 Impact An attacker that is able to control arguments in...