K49622415: Apache Tomcat vulnerability CVE-2022-25762

Security Advisory Description If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been...

K44531373: Intel CPU vulnerability CVE-2020-0599

Security Advisory Description Improper access control in the PMC for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2020-0599 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...

K45325728: SSL forward proxy vulnerability CVE-2018-5533

Security Advisory Description Under certain conditions on F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic. CVE-2018-5533 Impact This vulnerability may allow a remote attacker to cause the Traffic Management Microkernel TM...

K45250179: Audit vulnerability CVE-2015-5186

Security Advisory Description Audit before 2.4.4 in Linux does not sanitize escape characters in filenames. CVE-2015-5186 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently supported releases f...

K79502122: Zend Framework vulnerability CVE-2016-10034

Security Advisory Description The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary...

K74009656: BIND vulnerability CVE-2018-5743

Security Advisory Description By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was...

K86272821: BIND vulnerability CVE-2016-9131

Security Advisory Description named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service assertion failure and daemon exit via a malformed response to an RTYPE ANY query. CVE-2016-9131 Impact When the BIND...

K64743453: NAT64 vulnerability CVE-2016-5745

Security Advisory Description BIG-IP devices using NAT64 are vulnerable to an unauthenticated remote attack that may allow modification of the BIG-IP system configuration. CVE-2016-5745 F5 Technical Support has no additional information about this issue. Impact An unauthorized remote attack may...

K65481741: Java SE vulnerability CVE-2018-3139

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated...

K18549143: OpenSSL vulnerability CVE-2019-1559

Security Advisory Description If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if...

K72382141: Apache HTTPD vulnerability CVE-2021-34798

Security Advisory Description Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. CVE-2021-34798 Impact A NULL pointer dereference in httpd allows an unauthenticated remote attacker to cause httpd to terminate by providi...

K55101404: TMM vulnerability CVE-2019-6590

Security Advisory Description Under certain conditions, the TMM may consume excessive resources when processing SSL Session ID Persistence traffic. CVE-2019-6590 Impact BIG-IP This vulnerability may result as a denial-of-service DOS attack on the affected BIG-IP system when the system consumes...

K73337338: Linux kernel vulnerability CVE-2017-16648

Security Advisory Description The dvbfrontendfree function in drivers/media/dvb-core/dvbfrontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service use-after-free and system crash or possibly have unspecified other impact via a crafted USB device. NOTE: the...

K04884013: NGINX Controller vulnerability CVE-2021-23019

Security Advisory Description The NGINX Controller Administrator password may be exposed in the systemd.txt file that is included in the NGINX support package. CVE-2021-23019 Impact The Administrator password is exposed in the NGINX support package. This password leak occurs only when you enabled...

K73078449: Moveable Type vulnerability CVE-2021-20837

Security Advisory Description Movable Type 7 r.5002 and earlier Movable Type 7 Series, Movable Type 6.8.2 and earlier Movable Type 6 Series, Movable Type Advanced 7 r.5002 and earlier Movable Type Advanced 7 Series, Movable Type Advanced 6.8.2 and earlier Movable Type Advanced 6 Series, Movable...

K52494562: BIG-IP software SYN cookies vulnerability CVE-2022-36795

Security Advisory Description When an LTM TCP profile configured on a virtual server has the Auto Receive Window option enabled, undisclosed traffic can cause the virtual server to stop processing new client connections. CVE-2022-36795 Impact Traffic is disrupted for new IP requests. This...

K43378049: Linux kernel vulnerability CVE-2019-19074

Security Advisory Description A memory leak in the ath9kwmicmd function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memory consumption, aka CID-728c1e2a05e4. CVE-2019-19074 Impact There is no impact; F5 products are not...

K52340447: F5 ePVA vulnerability CVE-2022-28705

Security Advisory Description On platforms with an ePVA and the pva.fwdaccel BigDB variable enabled, undisclosed requests to a virtual server with a FastL4 profile that has ePVA acceleration enabled can cause the Traffic Management Microkernel TMM process to terminate. CVE-2022-28705 Impact Traff...

K85298305: Multiple MySQL vulnerabilities

Security Advisory Description CVE-2016-0503 Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0504. CVE-2016-0504 Unspecified vulnerability in Oracle...

K47527163: CGNAT/PPTP vulnerability CVE-2019-6611

Security Advisory Description When processing certain rare data sequences occurring in PPTP VPN traffic, the BIG-IP system may execute incorrect logic. The TMM may restart and produce a core file as a result of this condition. The BIG-IP system provisioned with the CGNAT module and configured wit...

K44650157: PHP DirectoryIterator vulnerability CVE-2019-11045

Security Advisory Description In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that th...

K28280935: Linux kernel vulnerability CVE-2018-18386

Security Advisory Description drivers/tty/ntty.c in the Linux kernel before 4.14.11 allows local attackers who are able to access pseudo terminals to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ. CVE-2018-18386 Impact There is no...

K63427774: Multiple Oracle Java SE vulnerabilities

Security Advisory Description CVE-2016-5542 Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to Libraries. CVE-2016-5554 Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and...

K10092301: BIND vulnerability CVE-2019-6471

Security Advisory Description A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 - 9.11.7, 9.12.0 - 9.12.4-P1, 9.14.0 - 9.14.2. Also all releases of the BIND 9.13 developmen...

K74012105: Linux kernel vulnerability CVE-2017-18379

Security Advisory Description In the Linux kernel before 4.14, an out of boundary access happened in drivers/nvme/target/fc.c. CVE-2017-18379 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently...

K77313277: BIG-IP iControl and tmsh vulnerability CVE-2018-15325

Security Advisory Description In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, iControl and TMSH usage by authenticated users may leak a small amount of memory when executing commands. CVE-2018-15325 Impact This vulnerability may lead to an out-of-memory condition in the BIG-IP control plane,...

K13213573: Linux kernel vulnerability CVE-2012-6701

Security Advisory Description Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. CVE-2012-6701 Impact This vulnerability allows for a disruption of service. Security Advisor...

K80691406: MySQL vulnerabilities CVE-2019-2535, CVE-2019-2536, CVE-2019-2537, and CVE-2019-2539

Security Advisory Description CVE-2019-2535 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Options. Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure whe...

K32840424: BIG-IP APM XSS vulnerability CVE-2019-6591

Security Advisory Description A reflected cross-site scripting XSS vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system. CVE-2019-6591 Impact An authenticated attacker may be able to inject malicious content...

K73659122: GPU vulnerabilities CVE-2019-0154 and CVE-2019-0155

Security Advisory Description CVE-2019-0154 Insufficient access control in subsystem for Intel R processor graphics in 6th, 7th, 8th and 9th Generation IntelR CoreTM Processor Families; IntelR PentiumR Processor J, N, Silver and Gold Series; IntelR CeleronR Processor J, N, G3900 and G4900 Series;...

K58530825: Apache CXF vulnerability CVE-2017-5653

Security Advisory Description JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers. CVE-2017-5653 Impact There is no impact; F5 products are not affected by th...

K73540515: Linux kernel vulnerability CVE-2018-14633

Security Advisory Description A security flaw was found in the chapservercomputemd5 function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 1...

K65078159: Apache Tomcat vulnerability CVE-2021-24122

Security Advisory Description When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause wa...

K58523450: Linux kernel vulnerability CVE-2020-14386

Security Advisory Description A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity. CVE-2020-14386 Impact There is no impact;...

K95065016: glibc vulnerability CVE-2018-11236

Security Advisory Description stdlib/canonicalize.c in the GNU C Library aka glibc or libc6 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and,...

K03202240: FFmpeg vulnerabilities CVE-2016-1897 and CVE-2016-1898

Security Advisory Description CVE-2016-1897 FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming HLS M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a...

K48373922: Apache vulnerablilty CVE-2018-8011

Security Advisory Description By specially crafting HTTP requests, the modmd challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 Affected 2.4.33. CVE-2018-8011 Impact There is no impac...

K45139744: ImageMagick vulnerabilities CVE-2017-1000476 CVE-2017-11166 CVE-2017-12805 CVE-2017-12806 CVE-2017-18251 CVE-2017-18252 CVE-2017-18254 CVE-2017-18271 CVE-2017-18273 CVE-2018-10804

Security Advisory Description CVE-2017-1000476 ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service. CVE-2017-11166 The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a...

K71103363: BIG-IP big3d vulnerability CVE-2022-29480

Security Advisory Description When multiple route domains are configured, undisclosed requests to big3d can cause an increase in CPU resource utilization. CVE-2022-29480 Impact This vulnerability allows a remote, unauthenticated attacker to cause a degradation of service that can lead to a...

K36814487: BIG-IP tmsh vulnerability CVE-2020-5858

Security Advisory Description Users with non-administrator roles for example, Guest or Resource Administrator with TMOS Shell tmsh access can run arbitrary commands with elevated privilege using a crafted tmsh command. CVE-2020-5858 Impact BIG-IP and BIG-IQ This vulnerability allows unauthorized...

K76678525: libxml2 vulnerabilities CVE-2015-8035 CVE-2016-5131 CVE-2017-15412 CVE-2017-18258 CVE-2018-14404 CVE-2018-14567

Security Advisory Description CVE-2015-8035 The xzdecomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service process hang via crafted XML data. CVE-2016-5131 Use-after-free vulnerability in libxml2...

K31440025: OpenSSH vulnerability CVE-2016-10009

Security Advisory Description Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS11 modules by leveraging control over a forwarded agent-socket. CVE-2016-10009 Impact Running the ssh-agent program requires a...

K32412075: AngularJS XSS vulnerability CVE-2020-7676

Security Advisory Description angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code. CVE-2020-7676 Impact An attack...

K00866128: Bash vulnerability CVE-2019-9924

Security Advisory Description rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASHCMDS, thus allowing the user to execute any command with the permissions of the shell. CVE-2019-9924 Impact There is no impact; F5 products are not affected by this vulnerability. Securi...

K91444306: Linux kernel vulnerability CVE-2019-12818

Security Advisory Description An issue was discovered in the Linux kernel before 4.20.15. The nfcllcpbuildtlv function in net/nfc/llcpcommands.c may return NULL. If the caller does not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects...

K95444512: TMM SSO plugin vulnerability CVE-2016-7467

Security Advisory Description The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider SP connector, might allow traffic to be disrupted or failover initiated when a malformed, signed SAML...

K31411450: cURL and libcurl vulnerability CVE-2016-8620

Security Advisory Description The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input. CVE-2016-8620 Impact An attacker can cause a denial-of-service DoS by exploiting a flaw in the cURL tool's glob parser to...

K38310742: Kerberos vulnerability CVE-2015-8629

Security Advisory Description The xdrnullstring function in lib/kadm5/kadmrpcxdr.c in kadmind in MIT Kerberos 5 aka krb5 before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cau...

K95010211: Samba vulnerability CVE-2019-14907

Security Advisory Description All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" or above then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provid...

K24359631: Intel BIOS firmware vulnerability CVE-2022-21198

Security Advisory Description Time-of-check time-of-use race condition in the BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2022-21198 Impact There is no impact; F5 products are not affected by this...