K21054458: Eclipse Jetty vulnerability CVE-2017-7656

Security Advisory Description In Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration with RFC2616 compliance enabled, HTTP/0.9 is handled poorly. An HTTP/1 style request line i.e. method space URI space version that declares a version of HTTP/0.9...

K11023978: Linux kernel vulnerability CVE-2017-6346

Security Advisory Description Race condition in net/packet/afpacket.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service use-after-free or possibly have unspecified other impact via a multithreaded application that makes PACKETFANOUT setsockopt system calls...

K12044607: TMM vulnerability CVE-2017-6132

Security Advisory Description In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners...

K08464741: Bash vulnerability CVE-2017-5932

Security Advisory Description The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " double quote character and a command substitution metacharacter. CVE-2017-5932 Impact There is no impact; F5 products are not affected by this...

K09413574: OpenSSL vulnerability CVE-2022-1434

Security Advisory Description The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one...

K08832573: DHCP vulnerability CVE-2021-25217

Security Advisory Description In ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16, ISC DHCP 4.4.0 - 4.4.2 Other branches of ISC DHCP i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series are beyond their End-of-Life EOL and no longer supported by ISC. From inspection it is clear that the...

K47204506: BIG-IP Advanced WAF and ASM bd vulnerability CVE-2022-41836

Security Advisory Description When an "Attack Signature False Positive Mode" enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. CVE-2022-41836 Impact Traffic is disrupted while the bd process restarts. This vulnerability allows a...

K04665443: OpenSSH vulnerability CVE-2021-36368

Security Advisory Description DISPUTED An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cann...

K05328500: MySQL vulnerability CVE-2022-21490

Security Advisory Description Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged...

K44923228: Oracle Java SE vulnerability CVE-2018-2783

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u161 and 8u152; Java SE Embedded: 8u152; JRockit: R28.3.17. Difficult to exploit vulnerability allows...

K44512851: OpenSSL vulnerability CVE-2017-3732

Security Advisory Description There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to...

K22113693: Linux kernel vulnerability CVE-2021-42739

Security Advisory Description The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avccapmt mishandles bounds checking. CVE-2021-42739 Impact There is no impact; F5 product...

K44994972: Linux kernel vulnerability CVE-2020-25704

Security Advisory Description A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERFEVENTIOCSETFILTER. A local user could use this flaw to starve the resources causing denial of service. CVE-2020-25704 Impact This vulnerability may allow a local...

K44305703: NTP vulnerability CVE-2020-11868

Security Advisory Description The ntpd daemon in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid orig...

K35513527: Oracle Java SE vulnerability CVE-2018-2800

Security Advisory Description Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access vi...

K39573629: jackson-mapper-asl vulnerability CVE-2019-10172

Security Advisory Description A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes. CVE-2019-10172 Impact There is no impact; F5 products a...

K09081535: QEMU vulnerability CVE-2020-14364

Security Advisory Description An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setuplen' exceeds its 'databuf4096' in the dotokenin, dotokenout routines. This fla...

K04253390: Apache Xerces vulnerability CVE-2016-2099

Security Advisory Description Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier does not properly handle exceptions raised in the XMLReader class, which allows context-dependent attackers to have unspecified impact via an invalid character in an...

K32615023: Linux kernel vulnerability CVE-2022-2588

Security Advisory Description It was discovered that the clsroute filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. CVE-2022-2588 Impact This flaw allows a local user to cause a denial-of-service DoS on the...

K91327225: Linux sudo process vulnerability CVE-2019-18634

Security Advisory Description In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many othe...

K31902105: OpenSSH vulnerability CVE-2016-20012

Security Advisory Description DISPUTED OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination...

K90803619: Linux kernel vulnerability CVE-2016-6136

Security Advisory Description Race condition in the auditlogsingleexecvearg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerabilit...

K54225343: libxml2 vulnerabilities CVE-2016-3627 and CVE-2016-3705

Security Advisory Description CVE-2016-3627 The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service infinite recursion, stack consumption, and application crash via a crafted XML document...

K11426315: BIND vulnerability CVE-2021-25214

Security Advisory Description In BIND 9.8.5 - 9.8.8, 9.9.3 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 - 9.17.11 of the BIND 9.17 development branch, when a vulnerable versi...

K50242910: Intel CSME vulnerabilities CVE-2020-0533, CVE-2020-0534, CVE-2020-0536, and CVE-2020-0539

Security Advisory Description CVE-2020-0533 Reversible one-way hash in IntelR CSME versions before 11.8.76, 11.12.77 and 11.22.77 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access. CVE-2020-0534 Improper input...

K16576941: ISC BIND vulnerability CVE-2018-5737

Security Advisory Description A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching...

K13655013: Java vulnerabilities CVE-2018-2825 and CVE-2018-2826

Security Advisory Description CVE-2018-2825 Vulnerability in the Java SE component of Oracle Java SE subcomponent: Libraries. The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...

K05544642: BIND vulnerability CVE-2020-8617

Security Advisory Description Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows or successfully guesses the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on...

K04463175: SNMPv2 vulnerability CVE-1999-0517

Security Advisory Description When the non-default configuration allowing remote SNMPv2 access is set, attackers may be able to access the BIG-IP system SNMPv2 service using a guessed community string. CVE-1999-0517 Note : This vulnerability does not affect SNMPv3. Impact When configured to allow...

K11853211: Multiple Linux kernel vulnerabilities

Security Advisory Description CVE-2015-1339 Memory leak in the cusechannelrelease function in fs/fuse/cuse.c in the Linux kernel before 4.4 allows local users to cause a denial of service memory consumption or possibly have unspecified other impact by opening /dev/cuse many times. CVE-2016-2384...

K33552735: BIG-IP Edge Client for Windows vulnerability CVE-2022-29263

Security Advisory Description The BIG-IP Edge Client Component Installer Service does not use best practice while saving temporary files. CVE-2022-29263 Impact This vulnerability can be exploited to allow a low privileged attacker to gain privilege escalation on the client Windows system. Securit...

K85585101: Intel UEFI vulnerability CVE-2019-0119

Security Advisory Description Buffer overflow vulnerability in system firmware for IntelR XeonR Processor D Family, IntelR XeonR Scalable Processor, IntelR Server Board, IntelR Server System and IntelR Compute Module may allow a privileged user to potentially enable escalation of privilege and/or...

K18484125: Eclipse Jetty vulnerability CVE-2020-27216

Security Advisory Description In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of...

K87416818: TMM vulnerability CVE-2016-7476

Security Advisory Description The Traffic Management Microkernel TMM may suffer from a memory leak while handling certain types of TCP traffic. CVE-2016-7476 Impact Remote attackers may cause a denial of service DoS by way of a crafted TCP packet. Security Advisory Status F5 Product Development h...

K68755210: BIG-IP SYN Cookie Protection vulnerability CVE-2022-23011

Security Advisory Description On certain hardware BIG-IP platforms, virtual servers may stop responding while processing TCP traffic due to an issue in the SYN Cookie Protection feature. CVE-2022-23011 Impact On certain hardware BIG-IP platforms, traffic is disrupted for new client connections...

K02236463: Linux kernel vulnerability CVE-2017-9075

Security Advisory Description The sctpv6createacceptsk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890...

K62463634: glibc vulnerability CVE-2018-6485

Security Advisory Description An integer overflow in the implementation of the posixmemalign in memalign functions in the GNU C Library aka glibc or libc6 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption...

K32512431: Linux kernel vulnerabilities CVE-2020-8694 and CVE-2020-8695

Security Advisory Description CVE-2020-8694 Insufficient access control in the Linux kernel driver for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2020-8695 Observable discrepancy in the RAPL interface for some IntelR...

K31856317: BIG-IP Packet Filters vulnerability CVE-2022-27182

Security Advisory Description When BIG-IP packet filters are enabled and a virtual server is configured with the type set to Reject, undisclosed requests can cause an increase in memory resource utilization. CVE-2022-27182 Impact System performance can degrade until the process is either forced t...

K73828041: MySQL vulnerability CVE-2016-6663

Security Advisory Description Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before...

K05441360: Oracle Java SE vulnerability CVE-2018-2797

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JMX. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows...

K10002140: Eclipse Jetty vulnerabilities CVE-2017-7657 and CVE-2017-7658

Security Advisory Description In Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration with RFC2616 compliance enabled, transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk...

K25075696: Oracle Java vulnerability CVE-2016-3500

Security Advisory Description Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508. CVE-2016-3500 Impact An attacker...

K28222050: Linux kernel vulnerability CVE-2019-15505

Security Advisory Description drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic which may be remote via usbip or usbredir. CVE-2019-15505 Impact F5 Product Development has evaluated the currently supported release...

K27400151: SNMP vulnerability CVE-2019-6613

Security Advisory Description SNMP may expose sensitive configuration objects over insecure transmission channels. This issue is exposed when a passphrase is used with various profile types and is accessed using SNMPv2. CVE-2019-6613 Impact An attacker with direct SNMP access to a BIG-IP system o...

K28112382: NGINX ngx_http_mp4_module vulnerability CVE-2022-41742

Security Advisory Description NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to cause a work...

K08827426: Vim vulnerability CVE-2022-0359

Security Advisory Description Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVE-2022-0359 Impact This vulnerability allows an attacker to input a specially crafted file, leading to arbitrary execution of code or potentially causing services to stop responding. Security...

K19707805: glibc vulnerability CVE-2017-15804

Security Advisory Description The glob function in glob.c in the GNU C Library aka glibc or libc6 before 2.27 contains a buffer overflow during unescaping of user names with the operator. CVE-2017-15804 Impact BIG-IP, BIG-IQ, F5 iWorkflow, Enterprise Manager, LineRate, and ARX There is no impact;...

K02333782: BIG-IP HTTP/2 vulnerability CVE-2021-22999

Security Advisory Description The BIG-IP system provides an option to connect HTTP/2 clients to HTTP/1.x servers. When a client is slow to accept responses and it closes a connection prematurely, the BIG-IP system may indefinitely retain some streams unclosed. CVE-2021-22999 Impact A remote...

K97002210: NGINX Controller vulnerability CVE-2021-23018

Security Advisory Description Intra-cluster communication does not use TLS. The services within the NGINX Controller namespace are using cleartext protocols inside the cluster. CVE-2021-23018 Impact Attackers with access to cluster may have the ability to read and modify the data being sent betwe...