6294 matches found
K14204: BIND vulnerability CVE-2011-4313
Security Advisory Description ISC reports that query.c in BIND may allow remote attackers to cause a denial-of-service assertion failure and named exit. The vulnerability uses unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver. Th...
K62701550: Multiple Java vulnerabilities
Security Advisory Description CVE-2022-21248 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4...
K10737: SSL Renegotiation vulnerability - CVE-2009-3555 / VU#120541
Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...
K46032333: Intel QuickAssist Technology vulnerability CVE-2018-12193
Security Advisory Description Insufficient access control in driver stack for Intel QuickAssist Technology for Linux before version 4.2 may allow an unprivileged user to potentially disclose information via local access. CVE-2018-12193 Impact There is no impact; F5 products are not affected by th...
K33015954: Linux kernel vulnerability CVE-2019-3882
Security Advisory Description A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may...
K97241515: BIG-IP APM DTLS vulnerability CVE-2019-6596
Security Advisory Description When processing fragmented ClientHello messages in a DTLS session TMM may corrupt memory eventually leading to a crash. Only systems offering DTLS connections via APM are impacted. CVE-2019-6596 Impact This vulnerability may allow an attacker to cause a...
K76518456: BIG-IP AFM vulnerability CVE-2021-22983
Security Advisory Description Authenticated users accessing the Configuration utility for AFM are vulnerable to a cross-site scripting attack if they attempt to access a maliciously-crafted URL. CVE-2021-22983 Impact BIG-IP When you access the BIG-IP system using a client that has the BIG-IP AFM...
K74007441: Linux kernel vulnerability CVE-2013-4350
Security Advisory Description The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which allows remote attackers to obtain sensitive information by sniffing the...
K43541501: Intel CPU vulnerabilities CVE-2022-21131 and CVE-2022-21136
Security Advisory Description CVE-2022-21131 Improper access control for some IntelR XeonR Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2022-21136 Improper input validation for some IntelR XeonR Processors may allow a privileged use...
K08654551: GnuPG vulnerability CVE-2019-13050
Security Advisory Description Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause ...
K15934: NTP vulnerability CVE-2014-9293
Security Advisory Description The configauth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. CVE-2014-9293 Impact Default NTP...
K32450233: Linux kernel vulnerability CVE-2018-20854
Security Advisory Description An issue was discovered in the Linux kernel before 4.20. drivers/phy/mscc/phy-ocelot-serdes.c has an off-by-one error with a resultant ctrl-phys out-of-bounds read. CVE-2018-20854 Impact There is no impact; F5 products are not affected by this vulnerability. Security...
K20606443: iControl REST CSRF vulnerability CVE-2020-5922
Security Advisory Description iControl REST does not implement cross-site request forgery CSRF protections for users applying basic authentication in a web browser. CVE-2020-5922 Impact In a successful exploit, an attacker can run JavaScript in the context of the currently logged-in user. For an...
K16025: Linux kernel SCTP vulnerability CVE-2014-3688
Security Advisory Description The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service memory consumption by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c...
K16949: Expat vulnerabilities CVE-2012-0876 and CVE-2012-1148
Security Advisory Description CVE-2012-0876 The XML parser xmlparse.c in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via an XML file with many...
K15565: OpenSSL vulnerability CVE-2014-3512
Security Advisory Description Multiple buffer overflows in crypto/srp/srplib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via an invalid SRP 1 g, 2 A, or 3 B parameter...
K95010813: The BIG-IP AFM policy does not classify a DNS query name with a label length greater than 23 bytes
Security Advisory Description The BIG-IP AFM policy does not classify a DNS query name with a label length greater than 23 bytes. This issue occurs when all of the following conditions are met: You configure a port misuse policy for DNS and a service policy on the BIG-IP AFM system. The...
K00994461: GSON vulnerability CVE-2022-25647
Security Advisory Description The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace method in internal classes, which may lead to DoS attacks. CVE-2022-25647 Impact Traffic is disrupted for new client connections. This...
K29154575: ImageMagick vulnerability CVE-2016-3717
Security Advisory Description The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. CVE-2016-3717 Note : This vulnerability is one of the series of vulnerabilities known as ImageTragick. Impact Exploiting this...
K16835: ICU overflow vulnerabilities CVE-2014-8146 and CVE-2014-8147
Security Advisory Description CVE-2014-8146 The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode ICU before 55.1 does not properly track directionally isolated pieces of text, which allows remot...
K00103216: BIG-IP VIPRION MCPD vulnerability CVE-2020-5921
Security Advisory Description SYN flood causes a large number of MCPD context messages destined to secondary blades consuming memory and leading to MCPD failure. CVE-2020-5921 Impact This issue affects only VIPRION hosts with two or more blades installed, including those with Virtual Clustered...
K17244: Linux kernel vulnerability CVE-2015-1593
Security Advisory Description The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of...
K15399: Usermin remote vulnerability CVE-2014-3883
Security Advisory Description Description Usermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unspecified vectors related to a user action. CVE-2014-3883 Impact None. No F5 products are vulnerable to this vulnerability. Status F5 Product Development has...
K91100352: Mozilla NSS vulnerability CVE-2016-1950
Security Advisory Description Heap-based buffer overflow in Mozilla Network Security Services NSS before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data ...
K6734: Local OpenSSL vulnerabilities VU#547300 and VU#386964, CAN-2006-3738, CAN-2006-2940, CAN-2006-2937, CAN-2006-4343
Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...
K16435: GNU C Library vulnerability CVE-2014-6040
Security Advisory Description GNU C Library aka glibc before 2.20 allows context-dependent attackers to cause a denial of service out-of-bounds read and crash via a multibyte character value of "0xffff" to the iconv function when converting 1 IBM933, 2 IBM935, 3 IBM937, 4 IBM939, or 5 IBM1364...
K000132697: Curl vulnerability CVE-2022-43551
Security Advisory Description A vulnerability exists in curl 7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the...
K16427: Linux kernel vulnerability CVE-2013-7421
Security Advisory Description The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AFALG socket with a module name in the salgname field, a different vulnerability than CVE-2014-9644. CVE-2013-7421 Impact There is no...
K40540405: Linux kernel vulnerability CVE-2018-10675
Security Advisory Description The dogetmempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service use-after-free or possibly have unspecified other impact via crafted system calls. CVE-2018-10675 Impact A local attacker can cause a...
K40048447: Linux kernel vulnerability CVE-2017-18202
Security Advisory Description The oomreaptaskmm function in mm/oomkill.c in the Linux kernel before 4.14.4 mishandles gather operations, which allows attackers to cause a denial of service TLB entry leak or use-after-free or possibly have unspecified other impact by triggering a copytouser call...
K48281956: NFSv2/3 kernel vulnerability CVE-2017-7645
Security Advisory Description The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service system crash via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. CVE-2017-7645 Impact There i...
K38336243: Binutils vulnerabilities CVE-2018-20623, CVE-2018-20651, and CVE-2018-20712
Security Advisory Description CVE-2018-20623 In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the processarchive function in readelf.c via a crafted ELF file. CVE-2018-20651 A NULL pointer dereference was discovered in elflinkaddobjectsymbols i...
K40452417: BIG-IP ASM memory exhaustion vulnerability CVE-2019-6682
Security Advisory Description The BIG-IP ASM system may consume excessive resources when processing certain types of HTTP responses from the origin web server. This vulnerability is only known to affect resource-constrained systems in which the security policy is configured with response-side...
K51317292: glibc vulnerability CVE-2020-1751
Security Advisory Description An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential...
K12254802: Apache httpd HTTP/2 vulnerability CVE-2016-1546
Security Advisory Description The Apache HTTP Server 2.4.17 and 2.4.18, when modhttp2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of service stream-processing outage via modified flow-control...
K38271531: BIG-IP and BIG-IQ SCP vulnerability CVE-2022-26340
Security Advisory Description An authenticated, high-privileged attacker with no bash access may be able to access Certificate and Key files using Secure Copy SCP protocol from a remote system. CVE-2022-26340 Impact This vulnerability may allow an authenticated, high-privileged attacker who has...
K33484369: Linux kernel vulnerability CVE-2021-20194
Security Advisory Description There is a vulnerability in the linux kernel versions higher than 5.2 if kernel compiled with config params CONFIGBPFSYSCALL=y , CONFIGBPF=y , CONFIGCGROUPS=y , CONFIGCGROUPBPF=y , CONFIGHARDENEDUSERCOPY not set, and BPF hook to getsockopt is registered. As result of...
K10930474: TMM vulnerability CVE-2017-6155
Security Advisory Description Malformed SPDY or HTTP/2 requests may result in a disruption of service to TMM. Data plane is only exposed when a SPDY or HTTP/2 profile is attached to a virtual server. There is no control plane exposure. CVE-2017-6155 Impact An attacker may be able to disrupt traff...
K35520031: BIG-IP virtual server with HTTP Explicit Proxy and/or SOCKS vulnerability CVE-2016-5700
Security Advisory Description BIG-IP virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an unauthenticated, remote attack that allows modification of BIG-IP system configuration, extraction of sensitive system files, and/or...
K37236006: SQLite vulnerabilities CVE-2015-3414 and CVE-2015-3415
Security Advisory Description CVE-2015-3414 SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service uninitialized memory access and application crash or possibly have unspecified other impact...
K32469285: Apache Tomcat vulnerability CVE-2021-33037
Security Advisory Description Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat...
K24608264: Apache Struts vulnerabilities CVE-2020-17530 and CVE-2021-31805
Security Advisory Description CVE-2020-17530 Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25. CVE-2021-31805 The fix issued for CVE-2020-17530 was incomplete. So from Apache Stru...
K86435316: OpenJDK vulnerabilities CVE-2020-2585 and CVE-2020-2655
Security Advisory Description CVE-2020-2585 Vulnerability in the Java SE product of Oracle Java SE component: JavaFX. The supported version that is affected is Java SE: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromi...
K23289753: Apache Struts vulnerability CVE-2017-9791
Security Advisory Description The Struts 1 plugin in Apache Struts 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage. CVE-2017-9791 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Statu...
K27391542: BIG-IP APM per-request policy object vulnerability CVE-2018-5536
Security Advisory Description A remote attacker through undisclosed measures, may be able to exploit a virtual server configured with a BIG-IP APM per-request policy object and cause a memory leak in the BIG-IP APM module. CVE-2018-5536 Impact This vulnerability allows a disruption of service...
K22526232: Multiple Intel software vulnerabilities
Security Advisory Description CVE-2019-14629 INTEL-SA-00332 Improper access control in driver for IntelR VTuneTM Amplifier for Windows before update 8 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2019-14615 INTEL-SA-00314 Insufficient control...
K31150658: NGINX Controller vulnerability CVE-2020-5909
Security Advisory Description When users run the command displayed in NGINX Controller user interface UI to fetch the agent installer, the server TLS certificate is not verified. CVE-2020-5909 Impact A man-in-the-middle MITM attacker can intercept the communication channel and read/modify data in...
K29735525: Apache HTTPD vulnerability CVE-2022-29404
Security Advisory Description In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size. CVE-2022-29404 Impact There is no impact; F5 products are not affected by this...
K21905460: BIG-IP SSL vulnerability CVE-2017-6168
Security Advisory Description On BIG-IP versions 11.6.0-11.6.2 fixed in 11.6.2 HF1, 12.0.0-12.1.2 HF1 fixed in 12.1.2 HF2, or 13.0.0-13.0.0 HF2 fixed in 13.0.0 HF3 a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack AKA Bleichenbacher...
K21121741: BIG-IP AFM SQL injection vulnerability CVE-2019-6658
Security Advisory Description A vulnerability in the BIG-IP AFM Configuration utility may allow any authenticated BIG-IP user to run an SQL injection attack. CVE-2019-6658 Impact An attacker may be able to extract table name enumeration and user account names. All other data available through the...