K6804: ClamAV Portable Executable heap overflow Vulnerability - CVE-2006-4182

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K14574: PHP vulnerability CVE-2012-1172

Security Advisory Description PHP has been cited with the following vulnerability, which may be locally exploitable on some F5 products: The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid open square bracket characters in name values, which makes it...

K62210928: BIND vulnerability CVE-2020-8618

Security Advisory Description An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients. CVE-2020-8618 Impact There is no impact; F5 products are not...

K74302282: BIG-IP APM RDP resource security exposure

Security Advisory Description When BIG-IP APM Remote Desktop Protocol RDP is configured, users can bypass RDP resource redirection restrictions between the RDP remote machine and the local machine. This issue occurs when the following condition is met: A BIG-IP APM policy configured with an RDP...

K70117303: LibTIFF vulnerability CVE-2018-18557

Security Advisory Description LibTIFF 3.9.3, 3.9.4, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 with JBIG enabled decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a...

K43709560: Apache Tomcat vulnerability CVE-2020-1935

Security Advisory Description In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat w...

K53092542: Linux kernel vulnerability CVE-2021-20226

Security Advisory Description A use-after-free flaw was found in the iouring in Linux kernel, where a local attacker with a user privilege could cause a denial of service problem on the system The issue results from the lack of validating the existence of an object prior to performing operations ...

K52319810: Apache Portable Runtime vulnerability CVE-2017-12613

Security Advisory Description When aprtimeexp or aprosexptime functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an aprtimeexpt value, potentially revealing the contents of a...

K15567: OpenSSL vulnerability CVE-2014-5139

Security Advisory Description The sslsetclientdisabled function in t1lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service NULL pointer dereference and client application crash via a ServerHello message that includes an SRP ciphersuite without the required...

K32798641: MySQL vulnerabilities CVE-2019-2627, CVE-2019-2628, CVE-2019-2630, CVE-2019-2631, and CVE-2019-2632

Security Advisory Description CVE-2019-2627 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges. Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high...

K17520069: QEMU 3.0.0 heap-based buffer overflow CVE-2019-6778

Security Advisory Description In QEMU 3.0.0, tcpemu in slirp/tcpsubr.c has a heap-based buffer overflow. CVE-2019-6778 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently supported releases for...

K23157312: PostgreSQL vulnerability CVE-2020-13692

Security Advisory Description PostgreSQL JDBC Driver aka PgJDBC before 42.2.13 allows XXE. CVE-2020-13692 Impact F5 does not know of any specific F5 attack vectors; however, the threat could theoretically affect system availability and data confidentiality. Security Advisory Status F5 Product...

K30552262: GhostScript vulnerabilities CVE-2013-5653, CVE-2016-7977, CVE-2016-7979, and CVE-2016-8602

Security Advisory Description CVE-2013-5653 The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file. CVE-2016-7977 Ghostscript before 9.21 might allow remote attackers to bypass the SAFER...

K42232641: GRUB2 vulnerability CVE-2020-10713

Security Advisory Description A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would...

K23203045: BIG-IP Advanced WAF and ASM REST API vulnerability CVE-2021-23014

Security Advisory Description BIG-IP Advanced WAF and ASM are missing authorization checks for file uploads to a specific directory within the REST API, which might allow authenticated users with guest privileges to upload files. CVE-2021-23014 Impact If an attacker has network access to the BIG-...

K13400: SSL 3.0/TLS 1.0 vulnerability CVE-2011-3389 and TLS protocol vulnerability CVE-2012-1870

Security Advisory Description CVE-2011-3389 The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows...

K41142448: QEMU vulnerability CVE-2020-27617

Security Advisory Description ethgetgsotype in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol. CVE-2020-27617 Impact BIG-IP This flaw allows a guest user to cause the QEMU proces...

K03165684: vCMP vulnerability CVE-2018-5518

Security Advisory Description Malicious root users with access to a vCMP guest can disrupt service on adjacent vCMP guests running on the same host. Exploiting this vulnerability causes the vcmpd process on the adjacent vCMP guest to restart and produce a core file. This issue is only exploitable...

K42185012: Java vulnerability CVE-2017-10118

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JCE. Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticat...

K19533600: SQLite Vulnerability CVE-2019-13734

Security Advisory Description Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13734 Impact There is no impact; F5 products are not affected by this vulnerability. Security...

K02663161: BIND vulnerability CVE-2020-8622

Security Advisory Description In BIND 9.0.0 - 9.11.21, 9.12.0 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.9.3-S1 - 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a...

K05911127: Java vulnerability CVE-2017-10176

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows...

K33567812: Kernel vulnerabilities CVE-2017-12192 and CVE-2017-15274

Security Advisory Description CVE-2017-12192 The keyctlreadkey function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of...

K10534046: OpenSSL vulnerability CVE-2011-0014

Security Advisory Description ssl/t1lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service crash, and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers a...

K04337834: Linux kernel vulnerability CVE-2017-10661

Security Advisory Description Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service list corruption or use-after-free via simultaneous file-descriptor operations that leverage improper mightcancel queueing...

K03310902: Multiple Linux vulnerabilities CVE-2020-8647,CVE-2020-8648, CVE-2020-8649

Security Advisory Description CVE-2020-8647 There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vcdoresize function in drivers/tty/vt/vt.c. CVE-2020-8648 There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the nttyreceivebufcommon function in...

K11100332: Multiple Oracle Database Server vulnerabilities

Security Advisory Description CVE-2016-3479 Unspecified vulnerability in the Portable Clusterware component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors. CVE-2016-3484 Unspecified vulnerability in the Database Vault component i...

K80212034: Linux kernel vulnerability CVE-2021-3656

Security Advisory Description A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "virtext" field, this...

K08602542: SAMBA vulnerability CVE-2022-0336

Security Advisory Description The Samba AD DC includes checks when adding service principals names SPNs to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously...

K06044762: systemd vulnerabilities CVE-2018-16864 and CVE-2018-16865

Security Advisory Description CVE-2018-16864 An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash...

K83102920: Linux kernel vulnerability CVE-2018-18397

Security Advisory Description The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file if the user has read-only access to that file, and that file...

K54213762: openjdk vulnerability CVE-2019-2949

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Kerberos. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker wi...

K91171450: BIG-IP engineering hotfix Trusted Platform Module vulnerability CVE-2020-5851

Security Advisory Description On impacted versions and platforms, the Trusted Platform Module TPM system integrity check cannot detect modifications to specific system components. CVE-2020-5851 Impact BIG-IP The Trusted Platform Module TPM on the BIG-IP iSeries platforms i850, i2000, i4000, i5000...

K82008830: Multiple QEMU vulnerabilities

Security Advisory Description CVE-2020-25742 pcichangeirqlevel in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pcigetbus might not return a valid pointer. CVE-2020-25743 hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer...

K81258141: QEMU 4.2.0 buffer overflow vulnerability CVE-2020-8608

Security Advisory Description In libslirp 4.1.0, as used in QEMU 4.2.0, tcpsubr.c misuses snprintf return values, leading to a buffer overflow in later code. CVE-2020-8608 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Developmen...

K64346530: Multiple Intel CPU vulnerabilities

Security Advisory Description CVE-2019-11168 Insufficient session validation in IntelR Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access. CVE-2019-11170 Authentication bypass in Intel...

K65234135: Linux kernel vulnerability CVE-2020-25643

Security Advisory Description A flaw was found in the HDLCPPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the pppcpparsecr function which can cause the system to crash or cause a denial of service. The...

K62750376: RADIUS authentication vulnerability CVE-2018-5515

Security Advisory Description Using RADIUS authentication responses from a RADIUS server with IPv6 addresses may cause TMM to crash, leading to a failover event. CVE-2018-5515 Impact BIG-IP When a BIG-IP system receives a RADIUS authentication response from a IPv6 RADIUS server, the affected syst...

K91643220: Java vulnerabilities CVE-2020-2659 and CVE-2020-2773

Security Advisory Description CVE-2020-2659 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacke...

K75042242: QEMU 4.0 vulnerability CVE-2019-12155

Security Advisory Description interfacereleaseresource in hw/display/qxl.c in QEMU 4.0.0 has a NULL pointer dereference. CVE-2019-12155 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently...

K77671456: BIG-IP TMM vulnerability CVE-2018-5510

Security Advisory Description The Traffic Management Microkernel TMM may restart when processing a specific sequence of packets on IPv6 virtual servers. CVE-2018-5510 Note : This vulnerability does not affect IPv4 virtual servers. Impact The Traffic Management Microkernel TMM generates a core fil...

K57555833: BIG-IP APM vulnerability CVE-2022-27634

Security Advisory Description BIG-IP APM does not properly validate configurations, allowing an authenticated attacker with high privileges to manipulate the APM policy leading to privilege escalation/remote code execution. CVE-2022-27634 Impact This vulnerability may allow an authenticated...

K56923528: Linux kernel vulnerability CVE-2013-4343

Security Advisory Description Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel through 3.11.1 allows local users to gain privileges by leveraging the CAPNETADMIN capability and providing an invalid tuntap interface name in a TUNSETIFF ioctl call. CVE-2013-4343 Impact There is...

K46604804: Python vulnerability CVE-2021-29921

Security Advisory Description In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This in some situations allows attackers to bypass access control that is based on IP addresses. CVE-2021-29921 Impact There is no impact; F5...

K8602: XSS vulnerability viewing logs from the web management interface

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K50602063: PHP vulnerability CVE-2019-9021

Security Advisory Description An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual...

K93419216: Multiple MySQL vulnerabilities CVE-2022-21534, CVE-2022-21535, CVE-2022-21537, CVE-2022-21538, CVE-2022-21539

Security Advisory Description CVE-2022-21534 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

K34652116: BIG-IP APM CRL vulnerability CVE-2018-15326

Security Advisory Description In some situations, the CRLDP Auth access policy agent may treat revoked certificates as valid when the BIG-IP APM system fails to download a new Certificate Revocation List. CVE-2018-15326. Impact Users with revoked certificates may be able to gain access to the...

K9108: Apache Tomcat Cross-site scripting (XSS) vulnerability - CVE-2008-1232

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K97045220: BIG-IP LTM HTTP/2 desync attacks: malicious CRLF placement security exposure

Security Advisory Description Multiple desync attacks have been discovered. For more information refer to the following related articles: K27144609: Overview of HTTP/2 desync attacks K30341203: BIG-IP LTM and NGINX are not exposed to certain desync attacks K63312282: BIG-IP LTM HTTP/2 desync...