K16383: Linux RPM vulnerability CVE-2013-6435

Security Advisory Description Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d...

K54610514: Linux kernel vulnerability CVE-2016-10088

Security Advisory Description The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNELDS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service use-after-fre...

K12740406: glibC vulnerability CVE-2005-3590

Security Advisory Description The getgrouplist function in the GNU C library glibc before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corrupt memory...

K52534925: BIG-IP APM and F5 SSL Orchestrator vulnerability CVE-2022-33203

Security Advisory Description When a BIG-IP APM access policy with Service Connect agent is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. CVE-2022-33203 Impact System performance can degrade until the Traffic Management Microkernel TMM...

K32888092: Linux Kernel vulnerability CVE-2019-13648

Security Advisory Description In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service TM Bad Thing exception and system crash via a sigreturn system call that sends a crafted signal frame. This affects...

K11414891: Linux Kernel vulnerability CVE-2018-13053

Security Advisory Description The alarmtimernsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktimeaddsafe is not used. CVE-2018-13053 Impact There is no impact; F5 products are not affected by this...

K35236639: Supermicro BMC vulnerability

Security Advisory Description F5 is aware of the reports of vulnerabilities in the baseband management controllers BMCs of Supermicro servers. These vulnerabilities allow attackers to easily connect to a server and virtually mount any USB device to the server, remotely over any network, including...

K16904: OpenSSL ssleay_rand_byte(s) regression CVE-2015-3216

Security Advisory Description Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleayrandbytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux RHEL 7 and other products, allows remote attackers to cause a denial of service...

K30444545: libxslt vulnerability CVE-2019-11068

Security Advisory Description libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded...

K20289222: Multiple PHP vulnerabilities

Security Advisory Description CVE-2016-10397 In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:[email protected]/ and...

K22494544: SNMP Incorrect Access Control vulnerability CVE-2017-5135

Security Advisory Description Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor formerly Cisco DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from th...

K61363039: NTP vulnerability CVE-2019-8936

Security Advisory Description NTP through 4.2.8p12 has a NULL Pointer Dereference. CVE-2019-8936 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently supported releases for potential vulnerabilit...

K51303334: OpenSSL vulnerability CVE-2019-1543

Security Advisory Description ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less th...

K22854723: Poppler vulnerability CVE-2018-10768

Security Advisory Description There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected...

K82455382: Apache Tomcat vulnerability CVE-2016-8745

Security Advisory Description A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache...

K16852653: TMM vulnerability CVE-2022-32455

Security Advisory Description When a BIG-IP LTM Client SSL profile is configured on a virtual server to perform client certificate authentication with session tickets enabled, undisclosed requests cause the Traffic Management Microkernel TMM to terminate. CVE-2022-32455 Impact Traffic is disrupte...

K41815723: Java SE vulnerability CVE-2017-10078

Security Advisory Description Vulnerability in the Java SE component of Oracle Java SE subcomponent: Scripting. The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java S...

K51740320: BIND vulnerability CVE-2019-6468

Security Advisory Description In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet ECS features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion...

K41913011: Java SE vulnerabilities CVE-2019-2973 and CVE-2019-2981

Security Advisory Description CVE-2019-2973 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated...

K18165180: Intel microprocessors vulnerability CVE-2019-0174

Security Advisory Description Logic condition in specific microprocessors may allow an authenticated user to potentially enable partial physical address information disclosure via local access. CVE-2019-0174 Impact There is no impact; F5 products are not affected by this vulnerability. Security...

K51392553: libpixman vulnerability CVE-2013-1591

Security Advisory Description Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fastcompositescaledbilinear functi...

K21037322: Multiple MySQL vulnerabilities CVE-2022-21547, CVE-2022-21550, CVE-2022-21553, CVE-2022-21555, CVE-2022-21556

Security Advisory Description CVE-2022-21547 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Federated. Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protoco...

K19785240: Bootstrap vulnerability CVE-2018-14042

Security Advisory Description In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. CVE-2018-14042 Impact An attacker may exploit this vulnerability to perform a cross-site scripting XSS attack. Security Advisory Status F5 Product Development has assigned ID 767373...

K30590322: Linux kernel vulnerability CVE-2021-3847

Security Advisory Description An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their...

K29538335: BIND vulnerability CVE-2019-6467

Security Advisory Description A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in...

K12600461: Multiple Intel CPU vulnerabilities

Security Advisory Description CVE-2021-0157 Insufficient control flow management in the BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2021-0158 Improper input validation in the BIOS firmware for some IntelR...

K21042398: PHP vulnerability CVE-2016-5769

Security Advisory Description Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impa...

K20804356: Samba vulnerabilities CVE-2019-3870 and CVE-2019-3880

Security Advisory Description CVE-2019-3870 A vulnerability was found in Samba from version including 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that...

K28056114: Linux kernel vulnerability CVE-2016-5829

Security Advisory Description Multiple heap-based buffer overflows in the hiddevioctlusage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted 1 HIDIOCGUSAGES or 2...

K22232964: Expat XML library vulnerability CVE-2016-4472

Security Advisory Description The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an...

K70949911: Glib vulnerability CVE-2019-14822

Security Advisory Description A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrok...

K15031791: Samba vulnerability CVE-2015-5330

Security Advisory Description ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and th...

K85332020: Netlink message vulnerability CVE-2016-4486

Security Advisory Description The rtnlfilllinkifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message. CVE-2016-4486 Impact ...

K85235351: cURL and libcurl vulnerability CVE-2016-8624

Security Advisory Description curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL...

K01709026: PHP vulnerabilities CVE-2017-7890 and CVE-2017-9226

Security Advisory Description CVE-2017-7890 The GIF decoding function gdImageCreateFromGifCtx in gdgifin.c in the GD Graphics Library aka libgd, as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized...

K03179547: Multiple Java vulnerabilities CVE-2021-3517, CVE-2021-3522, CVE-2021-35550, CVE-2021-35556, CVE-2021-35559

Security Advisory Description CVE-2021-3517 There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an...

K54823184: glibc vulnerability CVE-2019-9169

Security Advisory Description In the GNU C Library aka glibc or libc6 through 2.29, proceednextnode in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. CVE-2019-9169 Impact An attacker may run arbitrary code or cause a denial-of-service...

K92140924: F5 management sshd vulnerability CVE-2017-6128

Security Advisory Description An undisclosed traffic pattern received on an F5 management interface may cause the Secure Shell Daemon sshd to stop responding, resulting in a Denial-of-Service DoS. CVE-2017-6128 Impact An attacker may be able to cause a denial-of-service DoS attack against the ssh...

K52828640: libcurl vulnerability CVE-2016-8616

Security Advisory Description A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that...

K46015513: Polkit pkexec vulnerability CVE-2021-4034

Security Advisory Description A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't hand...

K51585448: Multiple MySQL vulnerabilities CVE-2022-21527, CVE-2022-21528, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531

Security Advisory Description CVE-2022-21527 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protoco...

K04403302: Apache Struts 1 vulnerability CVE-2016-1182

Security Advisory Description ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting XSS attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899...

K49160100: Apache Tomcat vulnerability CVE-2016-6817

Security Advisory Description The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible. CVE-2016-6817 Impact There is no impact; F5...

K16869: logrotate vulnerability CVE-2011-1098

Security Advisory Description Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place. CVE-2011-1098 Impact May allow a local user to read log data by opening a...

K15547: MIT Kerberos 5 vulnerability CVE-2014-4342

Security Advisory Description MIT Kerberos 5 aka krb5 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service buffer over-read or NULL pointer dereference, and application crash by injecting invalid tokens into a GSSAPI application session. CVE-2014-4342 Impact A...

K17331: PCRE library vulnerability CVE-2015-5073

Security Advisory Description Heap-based buffer overflow in the findfixedlength function in pcrecompile.c in PCRE before 8.38 allows remote attackers to cause a denial of service crash or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted...

K01217337: Linux kernel vulnerability CVE-2021-22543

Security Advisory Description An issue was discovered in Linux: KVM through Improper handling of VMIO|VMPFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write...

K03863974: Apache LDAP vulnerability CVE-2018-1337

Security Advisory Description In Apache LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to...

K15296: list.jsp XSS vulnerability CVE-2014-3959

Security Advisory Description A cross-site scripting XSS vulnerability exists in list.jsp for the BIG-IP and Enterprise Manager Configuration utilities. CVE-2014-3959 Impact Somelist.jsp parameters may allow an attacker to bypass XSS protection mechanisms using a crafted string. Security Advisory...

K15282: Apache Struts vulnerability CVE-2014-0114

Security Advisory Description The ActionForm object in Apache Struts 1.x through 1.3.10 allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, which is passed to the getClass method. CVE-2014-0114 Impact A remote attacker may be able to...