K28135205: Linux kernel vulnerability CVE-2019-19057

Security Advisory Description Two memory leaks in the mwifiexpcieinitevtring function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service memory consumption by triggering mwifiexmappcimemory failures, aka CID-d10dcb615c8e...

K70052353: Apache Tomcat vulnerability CVE-2021-42340

Security Advisory Description The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connectio...

K00721320: BIG-IP AFM NAT64 policy vulnerability CVE-2022-41806

Security Advisory Description When a BIG-IP AFM Network Address Translation policy with IPv6/IPv4 translation rules is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. CVE-2022-41806 Impact System performance can degrade until the TMM...

K43040412: Linux kernel vulnerability CVE-2021-41073

Security Advisory Description looprwiter in fs/iouring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORINGOPPROVIDEBUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc//maps for exploitation. CVE-2021-41073 Impact There is no...

K18132488: Appliance mode TMUI authenticated remote command execution vulnerability CVE-2021-22987

Security Advisory Description When running in Appliance mode, the Traffic Management User Interface TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. CVE-2021-22987 Note : For systems not running in Appliance mod...

K14454359: Intel BIOS vulnerability CVE-2021-0153

Security Advisory Description Out-of-bounds write in the BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2021-0153 Impact A local attacker logged in as a privileged user can exploit this vulnerability to gain...

K25499204: Samba vulnerability CVE-2015-8467

Security Advisory Description The samldbcheckuseraccountcontrolacl function in dsdb/samdb/ldbmodules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote...

K26464312: TMM SCTP vulnerability CVE-2020-5918

Security Advisory Description The Traffic Management Microkernel TMM may stop responding when processing Stream Control Transmission Protocol SCTP traffic when traffic volume is high. This vulnerability affects TMM by way of a virtual server configured with an SCTP profile. CVE-2020-5918 Impact...

K94408282: OpenNTPD vulnerability CVE-2016-5117

Security Advisory Description OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid certificate. CVE-2016-5117 Impact There is no impact; F5 products a...

K91040959: Polkit vulnerabilities CVE-2018-1116 and CVE-2018-19788

Security Advisory Description CVE-2018-1116 A flaw was found in polkit before version 0.116. The implementation of the polkitbackendinteractiveauthoritycheckauthorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users...

K25126370: Apache HTTPD vulnerability CVE-2019-10098

Security Advisory Description In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. CVE-2019-10098 Impact An attacker can abuse thi...

K99934702: Authconfig vulnerability CVE-2017-7488

Security Advisory Description Authconfig version 6.2.8 is vulnerable to an Information exposure while using SSSD to authenticate against remote server resulting in the leak of information about existing usernames. CVE2017-7488 Impact There is no impact; F5 products are not affected by this...

K26455071: BIG-IP HSB vulnerability CVE-2019-6604

Security Advisory Description Under certain conditions, hardware systems with a High-Speed Bridge HSB using non-default Layer 2 forwarding configurations may experience a lockup of the HSB. CVE-2019-6604 This vulnerability occurs when all of the following conditions are met: A VLAN group is...

K51473743: MySQL Server C API vulnerability CVE-2017-3650

Security Advisory Description Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: C API. Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...

K18193959: Spring Framework vulnerability CVE-2018-1258

Security Advisory Description Spring Security in combination with Spring Framework versions prior to 5.0.6 contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted. CVE-2018-1258 Impact Traffix SD...

K75521602: MySQL vulnerability CVE-2022-21444

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple...

K94041354: OpenSSL vulnerability CVE-2019-1552

Security Advisory Description OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configurati...

K61757346: BIG-IP Azure cloud vulnerability CVE-2017-6131

Security Advisory Description In some circumstances, a BIG-IP Azure cloud instance may contain a default administrative password which can be used to remotely log in to the BIG-IP system. The affected administrative account is the Azure instance administrative user created at deployment. The root...

K79933541: HTTP2 profile vulnerability CVE-2022-35236

Security Advisory Description When an HTTP2 profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. CVE-2022-35236 Impact System performance can degrade until the TMM process is either forced to restart or is manually restarted. This...

K80311892: InfoZIP vulnerability CVE-2019-13232

Security Advisory Description Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service resource consumption, aka a "better zip bomb" issue. CVE-2019-13232 Impact Local users with administrative access to the BIG-IP Advanced Shell bash may be able...

K68013105: OpenSSL vulnerability CVE-2022-1343

Security Advisory Description The function OCSPbasicverify verifies the signer certificate on an OCSP response. In the case where the non-default flag OCSPNOCHECKS is used then the response will be positive meaning a successful verification even in the case where the response signing certificate...

K70031188: TMUI authenticated remote command execution vulnerability CVE-2021-22988

Security Advisory Description The Traffic Management User Interface TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. CVE-2021-22988 Note : For systems running in Appliance mode, refer to K18132488 Appliance Mode...

K00363258: BIG-IP Configuration utility vulnerability CVE-2018-5525

Security Advisory Description A local file vulnerability exists in the BIG-IP Configuration utility that exposes files containing F5-provided data only, and do not include configuration data, proxied traffic, or other potentially sensitive customer data. CVE-2018-5525 Impact Authenticated users m...

K70275209: BIG-IP HTTP profile vulnerability CVE-2020-5857

Security Advisory Description Undisclosed HTTP behavior may lead to a denial of service. CVE-2020-5857 Impact This vulnerability impacts the BIG-IP data plane virtual servers with HTTP profiles. A BIG-IP module that has a virtual server with an associated HTTP profile and is processing traffic is...

K08476614: BIG-IP Client SSL profile vulnerability CVE-2022-23015

Security Advisory Description When a Client SSL profile is configured on a virtual server with Client Certificate Authentication set to request/require and Session Ticket enabled and configured, processing SSL traffic can cause an increase in memory resource utilization. CVE-2022-23015 Impact...

K17839423: PHP vulnerability CVE-2021-21703

Security Advisory Description In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to...

K08503505: BIG-IP Edge Client for Windows vulnerability CVE-2021-23022

Security Advisory Description The BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions. CVE-2021-23022 Impact This vulnerability can be exploited to allow an unprivileged user to run a specially crafted application to gain privilege escalation on th...

K16187341: BIG-IP ICAP profile vulnerability CVE-2022-27189

Security Advisory Description When an Internet Content Adaptation Protocol ICAP profile is configured on a virtual server, undisclosed traffic can cause an increase in Traffic Management Microkernel TMM memory resource utilization. CVE-2022-27189 Impact Traffic is disrupted while the TMM process...

K15878: bzip2 vulnerability CVE-2010-0405

Security Advisory Description Description Integer overflow in the BZ2decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted compressed file...

K70300233: BIG-IP TMUI XSS vulnerability CVE-2022-28707

Security Advisory Description A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility also referred to as the BIG-IP TMUI that allows an attacker to execute JavaScript in the context of the currently logged-in user. CVE-2022-28707 Impact A...

K20622400: Apache HTTP server vulnerability CVE-2021-39275

Security Advisory Description apescapequotes may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. CVE-2021-39275 Impact This...

K42315210: Linux kernel vulnerability CVE-2011-5327

Security Advisory Description In the Linux kernel before 3.1, an off by one in the drivers/target/loopback/tcmloop.c tcmloopmakenaatpg function could result in at least memory corruption. CVE-2011-5327 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisor...

K31739796: Linux kernel vulnerability CVE-2019-8912

Security Advisory Description In the Linux kernel through 4.20.11, afalgrelease in crypto/afalg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfssetattr. CVE-2019-8912 Impact There is no impact; F5 products are not affected by this...

K31878120: libwebp vulnerabilities CVE-2018-25011 CVE-2020-36328 CVE-2020-36329 CVE-2018-25014

Security Advisory Description A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow was found in PutLE16. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2018-25011 A flaw was found in libwebp in...

K54892865: BIG-IP AFM vulnerability CVE-2022-23024

Security Advisory Description When the IPsec application layer gateway ALG logging profile is configured on an IPsec ALG virtual server, undisclosed IPsec traffic can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-23024 Impact Traffic is disrupted while the TMM process...

K65280235: Linux vulnerability CVE-2021-42252

Security Advisory Description An issue was discovered in aspeedlpcctrlmmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka...

K03331206: NTP vulnerability CVE-2016-4955

Security Advisory Description ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service peer-variable clearing and association outage by sending 1 a spoofed crypto-NAK packet or 2 a packet with an incorrect MAC value at a certain time...

K14428: MySQL vulnerability CVE-2012-2122

Security Advisory Description The Oracle MySQL sql/password.c in 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, andMariaDB in 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations...

K10396196: Linux RPM vulnerability CVE-2021-20271

Security Advisory Description A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute...

K17255: D-Bus vulnerability CVE-2014-3477

Security Advisory Description The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service...

K17256: D-Bus vulnerability CVE-2014-3638

Security Advisory Description The busconnectionscheckreply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service CPU consumption via a large number of method calls. CVE-2014-3638 Impact A locally authenticated user may be able to...

K17253: BIG-IP Configuration utility vulnerability CVE-2015-4040

Security Advisory Description Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors. CVE-2015-4040 Impact An...

K04481502: Ghostscript vulnerability CVE-2021-3781

Security Advisory Description A trivial sandbox enabled with the -dSAFER option escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the...

K16845: MySQL vulnerability CVE-2015-3152

Security Advisory Description An unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.7.2 and earlier allows an attacker to downgrade MySQL SSL/TLS connections, snoop database queries and results, or directly manipulate database contents. CVE-2015-3152 Impact Although the...

K87659521: Appliance mode tmsh vulnerability CVE-2019-6615

Security Advisory Description On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, Administrator and Resource Administrator roles might exploit TMSH access to bypass Appliance Mode restrictions on BIG-IP systems. CVE-2019-6615 Impact Attackers can gain...

K73302459: Certain iRulesLX binaries are installed with improper permissions

Security Advisory Description Certain iRulesLX binaries are installed with improper permissions. This issue occurs when the following condition is met: The affected system is provisioned with iRules Language Extensions LX. When you provision a system with iRulesLX, the system installs certain...

K13844002: Linux kernel vulnerability CVE-2021-43057

Security Advisory Description An issue was discovered in the Linux kernel before 5.14.8. A use-after-free in selinuxptracetraceme aka the SELinux handler for PTRACETRACEME could be used by local attackers to cause memory corruption and escalate privileges, aka CID-a3727a8bac0a. This occurs becaus...

K39604784: BIG-IP system incorrectly forwards VLAN-tagged frames with STP at Pass Through mode

Security Advisory Description The BIG-IP system incorrectly forwards VLAN-tagged frames, even if the VLAN is not defined on the ingress interface, when Spanning Tree Protocol STP is set to Pass Through mode. Note : The following BIG-IP platforms are not affected: BIG-IP 2000s/2200s BIG-IP...

K16939: Multiple Wireshark vulnerabilities

Security Advisory Description Description CVE-2014-6421 Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service application crash via a crafted packet that leverages split memory ownership between the SDP and RTP...

K43552605: Out-of-bounds memory vulnerability with the BIG-IP APM system CVE-2015-8098

Security Advisory Description An out-of-bounds memory vulnerability may allow an unauthenticated BIG-IP APM user to cause a denial-of-service DoS or possibly perform remote code execution on a BIG-IP system when a remote desktop profile is assigned to a virtual server. CVE-2015-8098. For example,...