6294 matches found
K08125515: cURL vulnerability CVE-2019-5435
Security Advisory Description An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. CVE-2019-5435 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated th...
K24359631: Intel BIOS firmware vulnerability CVE-2022-21198
Security Advisory Description Time-of-check time-of-use race condition in the BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2022-21198 Impact There is no impact; F5 products are not affected by this...
K27003374: Linux Kernel vulnerability CVE-2018-14734
Security Advisory Description drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucmaleavemulticast to access a certain data structure after a cleanup step in ucmaprocessjoin, which allows attackers to cause a denial of service use-after-free. CVE-2018-14734 Impact There is...
K23731034: PHP & libGD vulnerability CVE-2016-10167
Security Advisory Description The gdImageCreateFromGd2Ctx function in gdgd2.c in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to cause a denial of service application crash via a crafted image file. CVE-2016-10167 Impact There is no impact; F5 products are not affected b...
K24803507: Ghostscript vulnerability CVE-2018-15909
Security Advisory Description In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code. CVE-2018-15909 Impact There is no impact; F5 products a...
K26899353: libcurl vulnerability CVE-2016-8621
Security Advisory Description The curlgetdate function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short. CVE-2016-8621 Impact Custom monitors or shell scripts using curl to download content with a malformed time stamp may be...
K03710547: Linux RPM vulnerability CVE-2017-7501
Security Advisory Description It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content...
K91326803: Linux kernel vulnerability CVE-2021-38201
Security Advisory Description net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service xdrsetpagebase slab-out-of-bounds access by performing many NFS 4.2 READPLUS operations. CVE-2021-38201 Impact There is no impact; F5 products are not affected by...
K21519731: Multiple Oracle Java SE vulnerabilities CVE-2022-21597, CVE-2022-21634
Security Advisory Description CVE-2022-21597 Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaScript. Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows...
K04734043: Java vulnerability CVE-2017-10198
Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows...
K76610106: F5 IPsec vulnerability CVE-2020-5938
Security Advisory Description When negotiating IPsec tunnels with configured, authenticated peers, the peer may negotiate a different key length than the BIG-IP configuration would otherwise allow. CVE-2020-5938 Impact IPsec connections can be created with a different key length than specified in...
K21548854: zlib vulnerability CVE-2018-25032
Security Advisory Description zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant matches. CVE-2018-25032 Impact This vulnerability results in corrupted output, which leads to out-of-bound access, corrupting the memory and potentially...
K37024017: Apache Struts 2 vulnerability CVE-2016-3087
Security Advisory Description Apache Struts 2.3.20.x before 2.3.20.3, 2.3.24.x before 2.3.24.3, and 2.3.28.x before 2.3.28.1, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! exclamation mark operator to the REST Plugin...
K63470526: MySQL vulnerabilities CVE-2018-3203, CVE-2018-3212, CVE-2018-3247, CVE-2018-3251, and CVE-2018-3258
Security Advisory Description CVE-2018-3203 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple...
K32121038: BIG-IP mcpd vulnerability CVE-2020-5876
Security Advisory Description A race condition exists where mcpd and other processes may make unencrypted connection attempts to a new configuration sync peer. The race condition can occur when changing the ConfigSync IP address of a peer, adding a new peer, or when the Traffic Management...
K31263502: PHP vulnerability CVE-2020-7063
Security Advisory Description In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator function, the files are added with default permissions 0666, or all access even if the original files on the filesystem were wit...
K40019131: F5 Access for Android vulnerability CVE-2022-27875
Security Advisory Description A Task Hijacking vulnerability exists in the F5 Access for Android application, which may allow an attacker to steal sensitive user information. CVE-2022-27875 Impact An attacker may be able to exploit this vulnerability by tricking a legitimate user running Android...
K62553631: Binutils vulnerabilities CVE-2018-7570, CVE-2018-9996, and CVE-2018-10372
Security Advisory Description CVE-2018-7570 The assignfilepositionsfornonloadsections function in elf.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service NULL pointer dereference and application crash vi...
K67175700: Apache vulnerabilities CVE-2020-9490, CVE-2020-11984, CVE-2020-11993
Security Advisory Description CVE-2020-9490 Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via...
K03007515: Linux kernel vulnerabilities CVE-2018-7755 and CVE-2019-14283
Security Advisory Description CVE-2018-7755 An issue was discovered in the fdlockedioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl an...
K10196624: libcurl vulnerability CVE-2016-8618
Security Advisory Description The libcurl API function called curlmaprintf before version 7.51.0 can be tricked into doing a double-free due to an unsafe sizet multiplication, on systems using 32 bit sizet variables. CVE-2016-8618 Impact A custom monitor or script that calls the curl command may...
K30216728: Multiple PHP vulnerabilities
Security Advisory Description CVE-2016-7128 The exifprocessIFDinTIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a...
K29562170: jQuery vulnerability CVE-2015-9251
Security Advisory Description jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.CVE-2015-9251 Impact This vulnerability allows a remote attacker to perfo...
K28116312: Linux-PAM vulnerability CVE-2020-27780
Security Advisory Description A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate. CVE-2020-27780 Impac...
K30442259: Apache HTTPD vulnerability CVE-2019-10092
Security Advisory Description In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the modproxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable whe...
K42378447: IPsec IKEv1 vulnerability CVE-2018-5389
Security Advisory Description The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1...
K51813353: Linux Kernel vulnerability CVE-2019-9506
Security Advisory Description The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks aka "KNOB" that can decrypt traff...
K00432398: BIG-IP TMUI XSS vulnerability CVE-2019-6626
Security Advisory Description A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface TMUI, also known as the BIG-IP Configuration utility. CVE-2019-6626 Impact If a targeted administrative user accesses the Configuration...
K50148721: MySQL vulnerabilities CVE-2018-3282, CVE-2018-3283, CVE-2018-3284, CVE-2018-3285, and CVE-2018-3286
Security Advisory Description CVE-2018-3282 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Storage Engines. Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allow...
K64552448: SSL forward proxy vulnerability CVE-2018-5534
Security Advisory Description Under certain conditions on F5 BIG-IP 13.1.0-13.1.0.5, 13.0.0, 12.1.0-12.1.3.1, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic. CVE-2018-5534 Impact This vulnerability may allow a remote attacker to cause the Traffic...
K00194184: Linux kernel Voice Over IP H.323 vulnerability CVE-2020-14305
Security Advisory Description An out-of-bounds memory write flaw was found in how the Linux kernels Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The...
K17264695: BIG-IP ARM BGP vulnerability CVE-2018-17539
Security Advisory Description The BGP daemon bgpd in all ZebOS versions to 7.10.6 and all OcNOS versions to 1.3.3.145 allow remote attackers to cause a denial of service attack via an autonomous system AS path containing 8 or more autonomous system number ASN elements. CVE-2018-17539 Impact Dynam...
K02511873: SimpleXML vulnerability CVE-2017-1000190
Security Advisory Description SimpleXML latest version 2.7.1 is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on. CVE-2017-1000190 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development...
K17269881: Intel MCE vulnerability CVE-2018-12207
Security Advisory Description Improper invalidation for page table updates by a virtual guest operating system for multiple IntelR Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. CVE-2018-12207 Impact A privileged guest user...
K04730051: TMM vulnerability CVE-2019-6628
Security Advisory Description Under certain conditions, the TMM process may terminate and restart while processing BIG-IP PEM traffic with the OpenVPN classifier. CVE-2019-6628 Impact On a BIG-IP PEM system configured for high availability HA, this vulnerability results in a failover event and ma...
K40508224: Perl vulnerability CVE-2020-10878
Security Advisory Description Perl before 5.30.3 has an integer overflow related to mishandling of a "PLregkindOPn == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. CVE-2020-10878 Impact An attacker may be able to...
K84341091: Apache2 vulnerability CVE-2019-10081
Security Advisory Description HTTP/2 2.4.20 through 2.4.39 very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplie...
K33846344: Cloud-init vulnerabilities CVE-2020-8631 and CVE-2020-8632
Security Advisory Description CVE-2020-8631 cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because randstr in cloudinit/util.py calls the random.choice function. CVE-2020-8632 In cloud-init through 19.4,...
K04713734: BIND vulnerability CVE-2018-5741
Security Advisory Description To provide fine-grained controls over the ability to use Dynamic DNS DDNS to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the ke...
K34681653: OpenSSL vulnerability CVE-2017-3738
Security Advisory Description There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and a...
K66510514: TMM vulnerability CVE-2022-34862
Security Advisory Description When an LTM virtual server is configured to perform normalization, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-34862 Impact This vulnerability affects systems with one or more of the following configurations. Affected...
K11910343: Linux kernel vulnerability CVE-2021-35039
Security Advisory Description kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIGMODULESIG, verification that a kernel module is signed, for loading via initmodule, does not occur for a module.sigenforce=1 command-line argumen...
K62700573: Linux kernel vulnerabilities CVE-2010-5313 and CVE-2014-7842
Security Advisory Description CVE-2010-5313 Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 allows L2 guest OS users to cause a denial of service L1 guest OS crash via a crafted instruction that triggers an L2 emulation failure report, a similar issue to CVE-2014-7842...
K15910: Linux kernel SCTP vulnerabilities CVE-2014-3673 and CVE-2014-3687
Security Advisory Description CVE-2014-3673 The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service system crash via a malformed ASCONF chunk, related to net/sctp/smmakechunk.c and net/sctp/smstatefuns.c. CVE-2014-3687 The...
K22902581: Apache mod_auth_digest vulnerability CVE-2018-1312
Security Advisory Description In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP...
K57454331: Linux Kernel vulnerability CVE-2018-10853
Security Advisory Description A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilegeCPL level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw t...
K16383: Linux RPM vulnerability CVE-2013-6435
Security Advisory Description Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d...
K42143118: PHP vulnerability CVE-2016-10712
Security Advisory Description In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of streamgetmetadata can be controlled if the input can be controlled e.g., during file uploads. For example, a "$uri = streamgetmetadatafopen$file, "r"'uri'" call mishandles th...
K53197140: BIG-IP iControl REST and tmsh vulnerabilities CVE-2022-26835
Security Advisory Description Directory traversal vulnerabilities exist in undisclosed iControl REST endpoints and TMOS Shell tmsh commands in F5 BIG-IP Guided Configuration, which may allow an authenticated attacker with at least resource administrator role privileges to read arbitrary files...
K01821401: Linux kernel vulnerability CVE-2018-9363
Security Advisory Description In the hidpprocessreport in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID:...