K54184111: Kibana vulnerability CVE-2019-7609

Security Advisory Description Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker...

K40977030: glibc vulnerability CVE-2020-6096

Security Advisory Description An exploitable signed comparison vulnerability exists in the ARMv7 memcpy implementation of GNU glibc 2.30.9000. Calling memcpy on ARMv7 targets that utilize the GNU glibc implementation with a negative value for the 'num' parameter results in a signed comparison...

K95117754: TMM vulnerability CVE-2019-6684

Security Advisory Description Under certain conditions, a multi-bladed BIG-IP Virtual Clustered Multiprocessing vCMP may drop broadcast packets when they are rebroadcast to the vCMP guest secondary blades. An attacker can leverage the fragmented broadcast IP packets to perform any type of...

K05087544: Linux kernel vulnerability CVE-2018-1000028

Security Advisory Description Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+ contains a Incorrect Access Control vulnerability in NFS server nfsd that can result in remote users reading or writing files they should not be able to via NFS. This attack appear...

K32553170: OpenSSL vulnerability CVE-2022-3358

Security Advisory Description OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom...

K01730454: Ruby vulnerabilities CVE-2017-0899, CVE-2017-0900, CVE-2017-0901, and CVE-2017-0902

Security Advisory Description CVE-2017-0899 RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences. CVE-2017-0900 RubyGems version 2.6.12 and earlie...

K14969: BIG-IP Edge and FirePass client information leakage vulnerability CVE-2013-6024

Security Advisory Description The Edge Client components in F5 BIG-IP APM, BIG-IP Edge Gateway, and FirePass allow attackers to obtain sensitive information from process memory via unspecified vectors. CVE-2013-6024 Impact An attacker with sufficient local privileges on a client machine running...

K57108702: Apache Tika XML External Entity vulnerability CVE-2016-4434

Security Advisory Description Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity XXE attacks via vectors involving 1 spreadsheets in OOXML files and 2 XMP metadata in PDF and other file formats,...

K04185528: LibTIFF vulnerabilities CVE-2016-3186 CVE-2018-10779 CVE-2018-10963 CVE-2018-12900 CVE-2018-17100 CVE-2018-17101 CVE-2018-18661 CVE-2018-7456 CVE-2018-8905

Security Advisory Description CVE-2016-3186 Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service application crash via a crafted GIF file. CVE-2018-10779 TIFFWriteScanline in tifwrite.c in LibTIFF 3.8.2 has a heap-based...

K21430012: Linux kernel vulnerability CVE-2018-16884

Security Advisory Description A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bcsvcprocess use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host...

K26710120: Intel microprocessors vulnerability CVE-2019-0162

Security Advisory Description Memory access in virtual memory mapping for some microprocessors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2019-0162 Impact There is no impact; F5 products are not affected by this vulnerability. Security...

K64709522: Multiple Zip Slip vulnerabilities

Security Advisory Description CVE-2018-1002200 plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

K00246015: FreeBSD vulnerability CVE-2016-1886

Security Advisory Description Integer signedness error in the genkbdcommonioctl function in sys/dev/kbd/kbd.c in FreeBSD 9.3 before p42, 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to obtain sensitive information from kernel memory, cause a denial of service memory...

K05300051: TMM SCTP vulnerability CVE-2021-23013

Security Advisory Description The Traffic Management Microkernel TMM may stop responding when processing Stream Control Transmission Protocol SCTP traffic under certain conditions. This vulnerability affects TMM by way of a virtual server configured with an SCTP profile. CVE-2021-23013 Impact...

K35209601: BIG-IP snmpd vulnerability CVE-2019-6606

Security Advisory Description When processing certain SNMP requests with a request-id of 0, the snmpd process may leak a small amount of memory. CVE-2019-6606 Impact When a remote attacker exploits this vulnerability, the BIG-IP system may consume excessive amounts of memory, which can result in ...

K13534168: GNU Binutils vulnerability CVE-2019-9070

Security Advisory Description An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in dexpression1 in cp-demangle.c after many recursive calls. CVE-2019-9070 Impact Successful exploitation of this vulnerability may lead to disclosure o...

K15867: Perl vulnerabilities CVE-2012-5195, CVE-2012-5526, CVE-2012-6329, and CVE-2013-1667

Security Advisory Description CVE-2012-5195 Heap-based buffer overflow in the Perlrepeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service memory consumption and crash or possibly...

K14492558: PHP vulnerability CVE-2021-21708

Security Advisory Description In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTERVALIDATEFLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result ...

K55051330: Intel BIOS vulnerability CVE-2021-33123

Security Advisory Description Improper access control in the BIOS authenticated code module for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2021-33123 Impact A local attacker logged in as a privileged user can exploit the...

K04048104: CGNAT LSN vulnerability CVE-2020-27720

Security Advisory Description When processing NAT66 traffic with Port Block Allocation PBA mode and SP-DAG enabled, and dag-ipv6-prefix-len configured with a value less than the default of 128, an undisclosed traffic pattern may cause the Traffic Management Microkernel TMM to restart...

K14229426: BIG-IP SSL vulnerability CVE-2022-29491

Security Advisory Description When a virtual server is configured with HTTP, TCP on one side client/server, and DTLS on the other server/client, undisclosed requests can cause the TMM process to terminate. CVE-2022-29491 Impact Traffic is disrupted while the TMM process restarts. This vulnerabili...

K45421311: BIG-IP TMM vulnerability CVE-2020-5925

Security Advisory Description Undisclosed internally-generated User Datagram Protocol UDP traffic may cause the Traffic Management Microkernel TMM to restart under some circumstances.CVE-2020-5925 A BIG-IP system experiencing this vulnerability may log the following error message to the...

K05765031: vCMP vulnerability CVE-2019-6670

Security Advisory Description vCMP hypervisors incorrectly expose the plaintext unit key for their vCMP guests on the file system. CVE-2019-6670 Impact An attacker may use this vulnerability to extract the master key of vCMP guests. Security Advisory Status F5 Product Development has assigned ID...

K42941419: Multiple Qt vulnerabilities

Security Advisory Description CVE-2018-15518 QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. CVE-2018-19869 An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in...

K44270253: OpenJDK vulnerabilities CVE-2022-21291, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296, and CVE-2022-21299

Security Advisory Description CVE-2022-21291 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and...

K42745412: Linux kernel vulnerability CVE-2020-25221

Security Advisory Description getgatepage in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting caused by gate page mishandling of the struct page that backs the vsyscall page. The result is a refcount underflow. This can ...

K34519550: Linux kernel vulnerability CVE-2021-27364

Security Advisory Description An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsitransportiscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. CVE-2021-27364 Impact An attacker may be able to exploit this vulnerability to...

K42526507: BIG-IP TMUI vulnerability CVE-2021-23041

Security Advisory Description A DOM based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the current logged-in user. CVE-2021-23041 Impact An attacker may exploit this...

K47105354: Lodash library vulnerability CVE-2019-10744

Security Advisory Description Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload. CVE-2019-10744 Impact An attacker can use Function inside of...

K24374526: nginx vulnerability CVE-2018-16845

Security Advisory Description nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngxhttpmp4module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted...

K37332121: Python vulnerability CVE-2017-1000158

Security Advisory Description CPython aka Python up to 2.7.13 is vulnerable to an integer overflow in the PyStringDecodeEscape function in stringobject.c, resulting in heap-based buffer overflow and possible arbitrary code execution CVE-2017-1000158 Impact BIG-IP / ARX / Enterprise Manager / BIG-...

K02043709: Appliance mode tmsh access vulnerability CVE-2018-5520

Security Advisory Description On a BIG-IP system configured in Appliance mode, the TMOS Shell tmsh may allow an administrative user to use the dig utility to gain unauthorized access to file system resources. CVE-2018-5520 Note : Appliance mode is designed to meet the needs of customers in...

K01054113: BIG-IP AWS vulnerability CVE-2020-5862

Security Advisory Description Under certain conditions, while sending traffic, the Traffic Management Microkernel TMM may produce a core file or stop processing new traffic with the Data Plane Development Kit DPDK/Elastic Network Adapter ENA driver on Amazon Web Services AWS systems. CVE-2020-586...

K03451253: Java vulnerabilities CVE-2018-3150, CVE-2018-3157, and CVE-2018-13785

Security Advisory Description CVE-2018-3150 Vulnerability in the Java SE component of Oracle Java SE subcomponent: Utility. The supported version that is affected is Java SE: 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...

K91084571: PHP vulnerability CVE-2015-8873

Security Advisory Description Stack consumption vulnerability in Zend/zendexceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service segmentation fault via recursive method calls. CVE-2015-8873 Impact An authenticated...

K35600134: Net-SNMP vulnerability CVE-2018-18066

Security Advisory Description snmpoidcompare in snmplib/snmpapi.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. CVE-2018-18066 Impact There i...

K92969318: Linux kernel vulnerabilities CVE-2019-19061 CVE-2019-19077 CVE-2019-19078 CVE-2019-19080 CVE-2019-19082

Security Advisory Description CVE-2019-19061 A memory leak in the adisupdatescanmodeburst function in drivers/iio/imu/adisbuffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service memory consumption, aka CID-9c0530e898f3. CVE-2019-19077 A memory leak in the...

K61254009: MySQL vulnerability CVE-2022-21436

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromis...

K87355575: glibc vulnerability CVE-2017-12132

Security Advisory Description The DNS stub resolver in the GNU C Library aka glibc or libc6 before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation. CVE-2017-12132 Impact...

K81701735: F5OS CLI vulnerability CVE-2022-41780

Security Advisory Description A directory traversal vulnerability exists in an undisclosed location of the F5OS CLI that allows an attacker to read arbitrary files. CVE-2022-41780 Impact An authenticated attacker may exploit this vulnerability by including a crafted request to the F5OS CLI. If th...

K33183814: Linux kernel vulnerability CVE-2010-5331

Security Advisory Description In the Linux kernel before 2.6.34, a range check issue in drivers/gpu/drm/radeon/atombios.c could cause an off by one buffer overflow problem. CVE-2010-5331 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5...

K81859243: Kernel vulnerability CVE-2018-8822

Security Advisory Description Incorrect buffer length handling in the ncpreadkernel function in fs/ncpfs/ncplibkernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplibkernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to...

K21317311: F5 BIG-IP Guided Configuration XSS vulnerability CVE-2022-27230

Security Advisory Description A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of F5 BIG-IP Guided Configuration that allows an attacker to execute JavaScript in the context of the currently logged-in user. CVE-2022-27230 Impact An attacker may exploit this...

K02591030: HTTP/2 vulnerabilities CVE-2019-9511, CVE-2019-9513, CVE-2019-9516, and CVE-2019-9517

Security Advisory Description CVE-2019-9511 Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They...

K12705583: OpenSSH vulnerability CVE-2021-41617

Security Advisory Description sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run wi...

K30683410: systemd vulnerability CVE-2018-16866

Security Advisory Description An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable. CVE-2018-16866 Impact There is n...

K02326457: Multiple AMD processor vulnerabilities

Security Advisory Description CVE-2018-8930 The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3. CVE-2018-8931 The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips hav...

K01988340: HTTP/2 Reset Flood vulnerability CVE-2019-9514

Security Advisory Description Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RSTSTREAM frames from the peer. Depending on...

K32172755: Multiple Java vulnerabilities CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, and CVE-2022-21496

Security Advisory Description CVE-2022-21426 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5,...

K44472013: MySQL Server Optimizer vulnerability CVE-2022-21440

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromis...