6294 matches found
K000156711: Multiple ImageMagick vulnerabilities
Security Advisory Description CVE-2017-11447 The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick before 7.0.6-1 has memory leaks, causing denial of service. CVE-2017-11448 The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtai...
K000156710: Multiple ImageMagick vulnerabilities
Security Advisory Description CVE-2016-8677 The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure. CVE-2016-8862 The AcquireMagickMemory functi...
K000156709: Multiple ImageMagick vulnerabilities
Security Advisory Description CVE-2016-7532 coders/psd.c in ImageMagick allows remote attackers to cause a denial of service out-of-bounds read via a crafted PSD file. CVE-2016-7533 The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service...
K000156696: Multiple ImageMagick vulnerabilities
Security Advisory Description CVE-2016-7522 The ReadPSDImage function in MagickCore/locale.c in ImageMagick allows remote attackers to cause a denial of service out-of-bounds read via a crafted PSD file. CVE-2016-7523 coders/meta.c in ImageMagick allows remote attackers to cause a denial of servi...
K000156693: Multiple ImageMagick vulnerabilities
Security Advisory Description CVE-2016-7101 The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service out-of-bounds read via a large row value in an sgi file. CVE-2016-7513 Off-by-one error in magick/cache.c in ImageMagick allows remote attackers to cause a...
K000156692: Multiple ImageMagick vulnerabilities
Security Advisory Description CVE-2016-5010 coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to cause a denial of service out-of-bounds read via a crafted TIFF file. CVE-2016-5687 The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4...
K000156690: Multiple ImageMagick vulnerabilities
Security Advisory Description CVE-2016-10059 Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service application crash or have unspecified other impact via a crafted TIFF file. CVE-2016-10060 The ConcatenateImages function in...
K000156689: Multiple ImageMagick vulnerabilities
Security Advisory Description CVE-2016-10046 Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 allows remote attackers to cause a denial of service application crash via a crafted image file. CVE-2016-10047 Memory leak in the NewXMLTree function i...
K000156688: Multiple ImageMagick vulnerabilities
Security Advisory Description CVE-2016-10069 coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service application crash via a mat file with an invalid number of frames. CVE-2016-10070 Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in...
K000156687: Multiple ImageMagick vulnerabilities
Security Advisory Description CVE-2014-9818 ImageMagick allows remote attackers to cause a denial of service out-of-bounds access via a malformed sun file. CVE-2014-9819 Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a differe...
K000156685: Multiple ImageMagick vulnerabilities
Security Advisory Description CVE-2014-9808 ImageMagick allows remote attackers to cause a denial of service segmentation fault and application crash via a crafted dpc image. CVE-2014-9809 ImageMagick allows remote attackers to cause a denial of service segmentation fault and application crash vi...
K000156684: Multiple ImageMagick vulnerabilities
Security Advisory Description CVE-2015-8900 The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service infinite loop via a crafted HDR file. CVE-2015-8901 ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial o...
K000156683: Multiple ImageMagick vulnerabilities
Security Advisory Description CVE-2014-9828 coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file. CVE-2014-9829 coders/sun.c in ImageMagick allows remote attackers to cause a denial of service out-of-bounds access via a crafted sun file...
K000156675: tcpdump vulnerabilities CVE-2018-10103 and CVE-2018-10105
Security Advisory Description CVE-2018-10103 tcpdump before 4.9.3 mishandles the printing of SMB data issue 1 of 2. CVE-2018-10105 tcpdump before 4.9.3 mishandles the printing of SMB data issue 2 of 2. Impact These vulnerabilities can result in denial of service DoS or, potentially, execution of...
K000156681: Multiple ImageMagick vulnerabilities
Security Advisory Description CVE-2007-1667 Multiple integer overflows in 1 the XGetPixel function in ImUtil.c in X . Org libx11 before 1.0.3, and 2 XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service crash or obtain sensitive informatio...
K000156613: OpenSSL for PowerPC vulnerability CVE-2025-27587
Security Advisory Description OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVPDigestSign API, and then using the private key to extract the K value nonce from the signatures...
K000156612: Apache Tomcat vulnerability CVE-2025-55668
Security Advisory Description Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgra...
K000156606: libxml2 vulnerability CVE-2025-27113
Security Advisory Description libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c. CVE-2025-27113 Impact This vulnerability allows an attacker to cause a denial-of-service DoS on the system. Security Advisory Status F5 Product Development has...
K000156609: GNU C Library for IBM POWER vulnerability CVE-2025-5702
Security Advisory Description The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller those registers are defined as non-volatile registers by the powerpc64le ABI,...
K000156551: Linux kernel vulnerabilities CVE-2024-44990, CVE-2024-46826, and CVE-2025-21927
Security Advisory Description CVE-2024-44990 In the Linux kernel, the following vulnerability has been resolved: bonding: fix null pointer deref in bondipsecoffloadok We must check if there is an active slave before dereferencing the pointer. CVE-2024-46826 In the Linux kernel, the following...
K000156538: HTTP::Daemon vulnerability CVE-2022-31081
Security Advisory Description HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl...
K000154686: Intel Xeon processors vulnerability CVE-2025-24305
Security Advisory Description Insufficient control flow management in the Alias Checking Trusted Module ACTM firmware for some IntelR XeonR processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2025-24305 Impact There is no impact; F5 products...
K000154685: Intel Xeon processors vulnerability CVE-2025-22839
Security Advisory Description Insufficient granularity of access control in the OOB-MSM for some IntelR XeonR 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. CVE-2025-22839 Impact There is no impact; F5 products are not affected...
K000154579: ImageMagick vulnerability CVE-2025-53015
Security Advisory Description ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0, infinite lines occur when writing during a specific XMP file conversion command. Version 7.1.2-0 fixes the issue. CVE-2025-53015 Impact There ...
K000154575: Apache Commons Lang vulnerability CVE-2025-48924
Security Advisory Description Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw...
K000153181: Linux kernel vmxnet3 module vulnerability CVE-2025-37799
Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix malformed packet sizing in vmxnet3processxdp vmxnet3 driver's XDP handling is buggy for packet sizes using ring0 that is, packet sizes between 128 - 3k bytes. We noticed MTU-related...
K000153161: Ansible Tower vulnerability CVE-2019-19340
Security Advisory Description A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmqenablemanager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is sti...
K000153130: libxml2 vulnerabilities CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796
Security Advisory Description CVE-2025-49794 A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the schema elements. This flaw allows a malicious actor to craft a malicious XML document used as...
K000153119: libtirpc vulnerability CVE-2021-46828
Security Advisory Description In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svcrun infinite loop without accepting new connections. CVE-2021-46828 Impact...
K000153074: Apache HTTP server vulnerability CVE-2024-42516
Security Advisory Description HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the...
K000153040: Python urllib vulnerability CVE-2019-9740
Security Advisory Description An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the...
K000153042: Python urllib vulnerability CVE-2019-18348
Security Advisory Description An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the...
K000153107: Python tarfile Vulnerabilities CVE-2025-4138, CVE-2025-4330
Security Advisory Description CVE-2025-4138 Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar...
K000153092: Apache Tomcat vulnerabilities CVE-2025-52520 and CVE-2025-49125
Security Advisory Description CVE-2025-52520 For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42,...
K000153054: Glib vulnerability CVE-2025-4373
Security Advisory Description A flaw was found in GLib, which is vulnerable to an integer overflow in the gstringinsertunichar function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite. CVE-2025-4373 Impact There is no impact...
K000152635: Quarterly Security Notification (August 2025)
Security Advisory Description On August 13, 2025, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. You can watc...
K000152001: HTTP/2 vulnerability CVE-2025-54500
Security Advisory Description An HTTP/2 implementation flaw allows a denial-of-service DoS that uses malformed HTTP/2 control frames to break the maximum concurrent streams limit HTTP/2 MadeYouReset Attack. CVE-2025-54500 Impact This vulnerability allows a remote, unauthenticated attacker to caus...
K000151546: BIG-IP APM vulnerability CVE-2025-46405
Security Advisory Description When Network Access is configured on a BIG-IP APM virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. CVE-2025-46405 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote,...
K000141436: BIG-IP Client SSL profile vulnerability CVE-2025-52585
Security Advisory Description When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman ADH ciphers enabled, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2025-52585 Impact Traffic i...
K000152049: F5 Access for Android vulnerability CVE-2025-54809
Security Advisory Description F5 Access for Android before version 3.1.2, which uses HTTPS, does not verify the remote endpoint identity. CVE-2025-54809 Impact An attacker with a network position that allows them to intercept network traffic may be able to read and/or modify data in transit. The...
K000151782: BIG-IP APM VPN browser client for macOS vulnerability CVE-2025-48500
Security Advisory Description A missing file integrity check vulnerability exists on the macOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer. CVE-2025-48500 Impact A local,...
K000152786: NGINX ngx_mail_smtp_module vulnerability CVE-2025-53859
Security Advisory Description NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the...
K000152964: OpenSSH vulnerability CVE-2025-32728
Security Advisory Description In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding. CVE-2025-32728 Impact This vulnerability could lead to exploit of the X11 server, which may allow unintended access...
K000152958: Curl vulnerability CVE-2021-22876
Security Advisory Description curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the...
K000152955: PHP vulnerability CVE-2024-8927
Security Advisory Description In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, HTTPREDIRECTSTATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the...
K000152954: Sudo vulnerability CVE-2025-32463
Security Advisory Description Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option. CVE-2025-32463 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...
K000152952: libxml2 vulnerability CVE-2025-6021
Security Advisory Description A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. CVE-2025-6021 Impact...
K000152943: PyYAML vulnerability CVE-2019-20477
Security Advisory Description PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and loadall functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342. CVE-2019-20477...
K000152944: libxslt vulnerability CVE-2025-24855, CVE-2024-55549
Security Advisory Description CVE-2025-24855 numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and...
K000152934: Libblockdev vulnerability CVE-2025-6019
Security Advisory Description A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the "allowactive" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, a...