6294 matches found
K16712298: libxml2 vulnerability CVE-2016-1834
Security Advisory Description Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service memory...
K73464925: Multiple Java vulnerabilities CVE-2021-35588, CVE-2021-35603, CVE-2021-35565, CVE-2021-35578
Security Advisory Description CVE-2021-35588 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit...
K63415246: Multiple Java vulnerabilities CVE-2021-35560, CVE-2021-35561, CVE-2021-35564, CVE-2021-35567, CVE-2021-35586
Security Advisory Description CVE-2021-35560 Vulnerability in the Java SE product of Oracle Java SE component: Deployment. The supported version that is affected is Java SE: 8u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...
K16124204: procps-ng vulnerability CVE-2018-1124
Security Advisory Description procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in...
K63687287: Linux kernel vulnerability CVE-2016-8632
Security Advisory Description The tipcmsgbuild function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service heap-based buff...
K05137342: Linux kernel vulnerability CVE-2018-1000004
Security Advisory Description In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition. CVE-2018-1000004 Impact There is no impact; F5 products are not affected by this...
K15168792: Apache Struts 2 vulnerability CVE-2016-4438
Security Advisory Description The REST plugin in Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression. CVE-2016-4438 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...
K97285349: XSS vulnerability in the BIG-IP and Enterprise Manager Configuration utilities CVE-2016-7469
Security Advisory Description A stored cross-site scripting XSS vulnerability in the BIG-IP Configuration utility device name change page allows an authenticated user to inject arbitrary web script or HTML. Exploitation requires Resource Administrator or Administrator privileges, and it could cau...
K05345625: Linux kernel vulnerability CVE-2018-10872
Security Advisory Description A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not deliver interrupts and exceptions, they are delivered once the first...
K00384005: Linux kernel vulnerability CVE-2020-7053
Security Advisory Description In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 and 5.x before 5.2, there is a use-after-free write in the i915ppgttclose function in drivers/gpu/drm/i915/i915gemgtt.c, aka CID-7dc40713618c. This is related to...
K04303225: Intel BIOS vulnerability CVE-2021-0190
Security Advisory Description Uncaught exception in the BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable aescalation of privilege via local access. CVE-2021-0190 Impact A local attacker logged in as a privileged user can exploit the vulnerability to gain...
K06635145: BIG-IP Edge Client session ID vulnerability
Security Advisory Description BIG-IP Edge Client exposes the current session ID as part of the request URI when sending Keep-Alive' requests over an SSL channel. This approach can lead to exploit vulnerabilities in man-in-the-middle MITM SSL terminating proxies, which log the complete URI in thei...
K11155549: IPSEC vulnerability CVE-2019-14899
Security Advisory Description A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine...
K01311313: Linux kernel vulnerability CVE-2021-3612
Security Advisory Description An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the...
K11315080: OpenSSH vulnerability CVE-2018-20685
Security Advisory Description In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. CVE-2018-20685 Impact The OpenSSH...
K00843201: Grafana vulnerability CVE-2019-15043
Security Advisory Description In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana. CVE-2019-15043 Impact An unauthorized user may be able to leverage the Grafana...
K02912734: Intel CPU vulnerability CVE-2019-11135
Security Advisory Description TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. CVE-2019-11135 Impact There is no impact; F5 products are not affected by...
K72442354: TMM vulnerability CVE-2018-15320
Security Advisory Description Undisclosed traffic patterns may lead to denial of service conditions for the BIG-IP system. The configuration which exposes this condition is the BIG-IP self IP address which is part of a VLAN group and has the Port Lockdown setting configured with anything other th...
K97733133: BIG-IP APM Edge Client vulnerability CVE-2020-5893
Security Advisory Description When a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection. CVE-2020-5893 Impact An attacker can use a man-in-the-middle MITM atta...
K67472032: BIG-IP network failover vulnerability CVE-2020-5860
Security Advisory Description In a High Availability HA network failover in Device Service Cluster DSC, the failover service does not require a strong form of authentication and HA network failover traffic is not encrypted by Transport Layer Security TLS. CVE-2020-5860 Impact An attacker may be...
K00056379: GNU Binutils vulnerability CVE-2019-9077
Security Advisory Description An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in processmipsspecific in readelf.c via a malformed MIPS option section. CVE-2019-9077 Impact Traffix SDC This vulnerability can be exploited to cause a denial-of-service DoS condition a...
K02151228: Lasso XML signature wrapping vulnerability CVE-2021-28091
Security Advisory Description Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. CVE-2021-28091 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently support...
K71796229: Linux kernel vulnerability CVE-2017-14489
Security Advisory Description The iscsiifrx function in drivers/scsi/scsitransportiscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service panic by leveraging incorrect length validation. CVE-2017-14489 Impact This vulnerability allows a local user to cause a...
K15131064: Node.js vulnerability CVE-2018-7162
Security Advisory Description All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service DoS by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpecte...
K14102355: Python Pillow vulnerability CVE-2021-25289
Security Advisory Description An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-3565...
K62712037: BIG-IP TMM vulnerability CVE-2017-6150
Security Advisory Description Under certain conditions for BIG-IP systems using FastL4 profiles, when the Reassemble IP Fragments option is disabled default, some specific large fragmented packets may restart the Traffic Management Microkernel TMM. CVE-2017-6150 Impact An attacker may be able to...
K94597539: Apache httpd vulnerability CVE-2018-1283
Security Advisory Description In Apache httpd 2.4.0 to 2.4.29, when modsession is configured to forward its session data to CGI applications SessionEnv on, not the default, a remote user may influence their content by using a "Session" header. This comes from the "HTTPSESSION" variable name used ...
K94552980: Intel product vulnerabilities CVE-2020-0550 and CVE-2020-0551
Security Advisory Description CVE-2020-0550 Improper data forwarding in some data cache for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. The list of affected products is provided in intel-sa-00330:...
K56063421: OpenVZ vulnerability CVE-2014-3519
Security Advisory Description The openbyhandleat function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux kernel 2.6.32, when using simfs, might allow local container users with CAPDACREADSEARCH capability to bypass an intended container protection mechanism and access...
K92862401: libpcap vulnerability CVE-2019-15163
Security Advisory Description rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service NULL pointer dereference and daemon crash if a crypt call fails. CVE-2019-15163 Impact A local attacker may be able to cause a denial of service DoS. Security Advisory Status F5...
K87895241: Apache Tomcat vulnerability CVE-2021-30639
Security Advisory Description A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between...
K75934136: Linux kernel vulnerability CVE-2020-36313
Security Advisory Description An issue was discovered in the Linux kernel before 5.7. The KVM subsystem allows out-of-range access to memslots after a deletion, aka CID-0774a964ef56. This affects arch/s390/kvm/kvm-s390.c, include/linux/kvmhost.h, and virt/kvm/kvmmain.c. CVE-2020-36313 Impact Ther...
K52206731: BIG-IP APM portal access vulnerability CVE-2018-15324
Security Advisory Description TMM may restart when processing a specially crafted request with APM portal access. CVE-2018-15324 Impact A remote attacker may be able to cause a traffic disruption or cause the BIG-IP system to fail over to a peer device in the device group if configured for high...
K54462059: SAML vulnerability VU#475445
Security Advisory Description Multiple SAML libraries may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypa...
K54164678: Intel SPS vulnerability CVE-2019-11109
Security Advisory Description Logic issue in the subsystem for IntelR SPS before versions SPSE504.01.04.275.0, SPSSoC-X04.00.04.100.0 and SPSSoC-A04.00.04.191.0 may allow a privileged user to potentially enable denial of service via local access. CVE-2019-11109 Impact There is no impact; F5...
K82205554: Multiple MySQL vulnerabilities
Security Advisory Description CVE-2016-0652 Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to DML." CVE-2016-0656 Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via...
K83623027: OpenSSL vulnerability CVE-2021-3449
Security Advisory Description An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signaturealgorithms extension where it was present in the initial ClientHello, but includes a...
K83271321: procps-ng vulnerability CVE-2018-1126
Security Advisory Description procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc. leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124. CVE-2018-1126 Impact A local attacker may be able cause an integer overflow that negatively...
K53955014: Python vulnerabilities CVE-2016-1494, CVE-2016-6536, CVE-2017-17522, CVE-2017-18207, and CVE-2018-1000030
Security Advisory Description CVE-2016-1494 The verify function in the RSA package for Python Python-RSA before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack. CVE-2016-6536 The /setup URI on AVer Information EH6108H+...
K51110104: XSS vulnerabilities CVE-2010-5312 and CVE-2012-6662
Security Advisory Description CVE-2010-5312 Cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option. CVE-2012-6662 Cross-site scripting XSS vulnerability in th...
K03564319: Linux kernel vulnerability CVE-2018-7566
Security Advisory Description The Linux kernel 4.15 has a Buffer Overflow via an SNDRVSEQIOCTLSETCLIENTPOOL ioctl write operation to /dev/snd/seq by a local user. CVE-2018-7566 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...
K11165942: Linux kernel vulnerability CVE-2018-18710
Security Advisory Description An issue was discovered in the Linux kernel through 4.19. An information leak in cdromioctlselectdisc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is...
K07357521: Intel Linux kernel driver vulnerability CVE-2019-11165
Security Advisory Description Improper conditions check in the Linux kernel driver for the IntelR FPGA SDK for OpenCLTM Pro Edition before version 19.4 may allow an authenticated user to potentially enable denial of service via local access. CVE-2019-11165 Impact There is no impact; F5 products a...
K74013101: Binutils vulnerability CVE-2021-42574
Security Advisory Description An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of...
K11742742: iControl REST vulnerability CVE-2022-23023
Security Advisory Description Undisclosed requests by an authenticated iControl REST user can cause an increase in memory resource utilization. CVE-2022-23023 Impact System performance can degrade until the process is either forced to restart or is manually restarted. This vulnerability allows an...
K68647001: Authenticated F5 BIG-IP Guided Configuration in Appliance mode vulnerability CVE-2022-27806
Security Advisory Description When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing command injection vulnerabilities in undisclosed URIs in F5 BIG-IP Guided Configuration. CVE-2022-27806 Impact In...
K62830532: BIG-IP MQTT iRule vulnerability CVE-2020-5935
Security Advisory Description When your system handles MQTT traffic through a BIG-IP virtual server associated with an MQTT profile, and an iRule performs manipulations on that traffic, TMM may produce a core file. CVE-2020-5935 Impact The Traffic Management Microkernel TMM may generate a core fi...
K62655863: Intel SSD vulnerability CVE-2018-18095
Security Advisory Description Improper authentication in firmware for IntelR SSD DC S4500 Series and IntelR SSD DC S4600 Series before SCV10150 may allow an unprivileged user to potentially enable escalation of privilege via physical access.CVE-2018-18095 Impact There is no impact; F5 products ar...
K45439210: libxml2 vulnerability CVE-2015-8710
Security Advisory Description The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service out-of-bounds heap memory access and application crash, or possibly have unspecified other impact via an unclosed HTML comment...
K46401178: BIG-IP Configuration utility vulnerability CVE-2019-6599
Security Advisory Description Improper escaping of values in an undisclosed page of the BIG-IP Configuration utility may result in an improper handling on the JSON response when it is injected by a malicious script through a remote cross-site scripting XSS attack. CVE-2019-6599 Impact BIG-IP and...