K32059550: Linux kernel vulnerability CVE-2018-20669

Security Advisory Description An issue where a provided address with accessok is not checked was discovered in i915gemexecbuffer2ioctl in drivers/gpu/drm/i915/i915gemexecbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary...

K27551003: The BIG-IP system may not interpret an HTTP request the same way the target web server interprets it

Security Advisory Description This issue occurs when all of the following conditions are met: A virtual server is associated with an HTTP profile. An iRule or LTM policy that uses HTTP header information is associated with the virtual server. The BIG-IP system receives a specially crafted HTTP...

K16990: zlib 1.2.2 vulnerability CVE-2005-1849

Security Advisory Description inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service application crash via an invalid file that causes a large dynamic tree to be produced. CVE-2005-1849 Impact None. F5 products are not affected by this vulnerability. Security Advisory Statu...

K44271140: Linux kernel vulnerability CVE-2017-18218

Security Advisory Description In drivers/net/ethernet/hisilicon/hns/hnsenet.c in the Linux kernel before 4.13, local users can cause a denial of service use-after-free and BUG or possibly have unspecified other impact by leveraging differences in skb handling between hnsnicnetxmithw and...

K45573415: Intel software vulnerabilities CVE-2020-12297, CVE-2020-12304, CVE-2020-12354

Security Advisory Description CVE-2020-12297 Improper access control in Installer for IntelR CSME Driver for Windows versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable...

K43877335: Intel software vulnerabilities CVE-2020-8751, CVE-2020-8755, CVE-2020-8761, CVE-2020-12303

Security Advisory Description CVE-2020-8751 Insufficient control flow management in subsystem for IntelR CSME versions before 11.8.80, IntelR TXE versions before 3.1.80 may allow an unauthenticated user to potentially enable information disclosure via physical access. CVE-2020-8755 Race condition...

K54212139: Kernel vulnerability CVE-2017-0861

Security Advisory Description Use-after-free vulnerability in the sndpcminfo function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors. CVE-2017-0861 Impact There is no impact; F5 products are not affected by this vulnerability. Security Adviso...

K55376430: NTP vulnerabilities CVE-2020-13817

Security Advisory Description The ntpd in the network time protocol NTP before 4.2.8p14, and in 4.3.x before 4.3.100, allows remote attackers to cause a denial-of-service DoS, either daemon exit or system time change, by predicting transmit timestamps for use in spoofed packets. The victim must b...

K40293611: Oracle Java SE vulnerability CVE-2022-21349

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 7u321, 8u311; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerabili...

K54470776: MySQL vulnerabilities CVE-2019-2585, CVE-2019-2587, CVE-2019-2589, CVE-2019-2592, and CVE-2019-2593

Security Advisory Description CVE-2019-2585 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

K35558453: Intel SGX L1 Terminal Fault vulnerability CVE-2018-3615

Security Advisory Description Systems with microprocessors utilizing speculative execution and Intel software guard extensions Intel SGX may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis...

K12853: OpenSSL vulnerability CVE-2008-7270

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : F5 has not evaluated specific versions that are not listed in this article fo...

K39909763: Perl vulnerability CVE-2016-1238

Security Advisory Description 1 cpan/Archive-Tar/bin/ptar, 2 cpan/Archive-Tar/bin/ptardiff, 3 cpan/Archive-Tar/bin/ptargrep, 4 cpan/CPAN/scripts/cpan, 5 cpan/Digest-SHA/shasum, 6 cpan/Encode/bin/enc2xs, 7 cpan/Encode/bin/encguess, 8 cpan/Encode/bin/piconv, 9 cpan/Encode/bin/ucmlint, 10...

K15320: Apache vulnerability CVE-2014-0098

Security Advisory Description The logcookie function in modlogconfig.c in the modlogconfig module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service segmentation fault and daemon crash via a crafted cookie that is not properly handled during truncation...

K09940637: NTP vulnerability CVE-2019-11331

Security Advisory Description Network Time Protocol NTP, as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks. CVE-2019-11331 Impact Using an off-path attack not a man-in-the-middle...

K53254186: Apache Tomcat vulnerability CVE-2020-1938

Security Advisory Description When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they...

K42795243: Apache Xalan Java Library vulnerability CVE-2022-34169

Security Advisory Description The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Jav...

K66851119: F5 TMUI XSS vulnerability CVE-2021-22994

Security Advisory Description Undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role. This vulnerability is due to an incomplete fix for CVE-2020-5948. CVE-2021-22994 Impa...

K03861222: ExtJS vulnerability CVE-2007-2285

Security Advisory Description Directory traversal vulnerability in examples/layout/feed-proxy.php in Jack Slocum Ext 1.0 alpha1 Ext JS allows remote attackers to read arbitrary files via a .. dot dot in the feed parameter. NOTE: analysis by third party researchers indicates that this issue might ...

K85021277: BIG-IP DNSSEC security exposure

Security Advisory Description When you configure security extensions for DNS DNSSEC on a virtual server, undisclosed requests result in incorrect NSEC3 records returned. This issue occurs when the following conditions are met: You use DNSSEC on an affected version of BIG-IP DNS formerly known as...

K11010341: Authenticated iControl REST in Appliance mode vulnerability CVE-2022-35243

Security Advisory Description When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, using an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary...

K4616: BSD telnet environment vulnerability CAN-2005-0488

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K44164245: XSS vulnerability CVE-2013-2618

Security Advisory Description Cross-site scripting XSS vulnerability in editor.php in Network Weathermap before 0.97b allows remote attackers to inject arbitrary web script or HTML via the maptitle parameter. CVE-2013-2618 Impact There is no impact; F5 products are not affected by this...

K41503304: Advanced WAF, BIG-IP ASM, and NGINX App Protect attack signature bypass security exposure

Security Advisory Description The F5 Advanced Web Application Firewall Advanced WAF, BIG-IP ASM, and NGINX App Protect systems attack signature check may fail to match attack signature 200000128, as expected, for certain undisclosed requests. This issue occurs when all of the following conditions...

K15635: PHP 5.x vulnerability - CVE-2012-1171

Security Advisory Description The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the openbasedir protection mechanism and read arbitrary files via vectors involving a streamclose method call during use of a custom stream wrapper. CVE-2012-1171 Impact None. No F5 products a...

K15689: Fine Free file vulnerabilites CVE-2014-1943 and CVE-2014-2270

Security Advisory Description CVE-2014-1943 Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service infinite recursion, CPU consumption, and crash via a crafted indirect offset value in the magic of a file. CVE-2014-2270 softmagic.c in file before 5.17 and...

K16090: BIG-IP Automatic Update Check and ASM Automatic Signature Update man-in-the-middle vulnerability CVE-2014-9326

Security Advisory Description The automatic signature update functionality in the 1 Phone Home feature in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, GTM, and Link Controller 11.5.0 through 11.6.0, ASM 10.0.0 through 11.6.0, and PEM 11.3.0 through 11.6.0 and the 2 Call Home feature in ASM 10.0.0...

K44942017: NTP vulnerability CVE-2014-5209

Security Advisory Description An Information Disclosure vulnerability exists in NTP 4.2.7p25 private mode 6/7 messages via a GETRESTRICT control message, which could let a malicious user obtain sensitive information. CVE-2014-5209 Impact An attacker may be able to prompt the network time protocol...

K17451: UPnP vulnerability VU#361684

Security Advisory Description Home routers implementing the UPnP protocol do not sufficiently randomize UUIDs in UPnP control URLs, or implement other UPnP security measures. VU361684 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Produc...

K17460: OpenLDAP vulnerability CVE-2015-6908

Security Advisory Description The bergetnext function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service reachable assertion and application crash via crafted BER data, as demonstrated by an attack against slapd. CVE-2015-6908 Impact A...

K17450: BIND vulnerabilities CVE-1999-0024 and CVE-2006-0987

Security Advisory Description CVE-1999-0024 DNS cache poisoning via BIND, by predictable query IDs. CVE-2006-0987 The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary I...

K16864: SSL/TLS RC4 vulnerability CVE-2015-2808

Security Advisory Description The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream...

K16872: Java Runtime Environment vulnerability CVE-2013-4002

Security Advisory Description Unspecified vulnerability in the Java Runtime Environment JRE in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect availability via unknown vectors. CVE-2013-4002 Impact The vulnerable...

K16873: ISC DHCP vulnerability CVE-2012-3955

Security Advisory Description ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service daemon crash in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced. CVE-2012-3955...

K50314830: Samba MITM vulnerability CVE-2017-11103

Security Advisory Description Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In krb5extractticket the KDC-REP service name must be obtained from t...

K16915: OpenSSL vulnerability CVE-2015-1792

Security Advisory Description The dofreeupto function in crypto/cms/cmssmime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service infinite loop via vectors that trigger a NULL value of a BIO data...

K16913: OpenSSL vulnerability CVE-2015-1789

Security Advisory Description The X509cmptime function in crypto/x509/x509vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted length field in...

K16883: TCP sequence number vulnerability CVE-1999-0077

Security Advisory Description Predictable TCP sequence numbers allow spoofing. CVE-1999-0077 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status To determine if your release is known to be vulnerable, the components or features that are affected...

K16882: OpenLDAP vulnerability CVE-2013-4449

Security Advisory Description Description The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service slapd crash by unbinding immediately after a search request, which triggers rwmconndestroy to free the...

K12543: OpenSSL vulnerability CVE-2010-4180

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

K15493: OpenSSH vulnerability CVE-2006-5229

Security Advisory Description OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid one...

K48602933: Nginx vulnerability CVE-2017-7529

Security Advisory Description Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. CVE-2017-7529 Impact This vulnerabilit...

K13114: Apache Range header vulnerability - CVE-2011-3192

Security Advisory Description The byte-range filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial-of-service memory and CPU consumption using aRange header that expresses multiple overlapping ranges. When this vulnerabili...

K10674: Netscape reuse cipher change bug - Qualsys QID 38284

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

K8923: Linux kernel vulnerability CVE-2007-2875

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K8922: Linux kernel vulnerability CVE-2007-3739

Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...

K8919: Linux kernel vulnerability CVE-2007-2878

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K15086: OpenSSH vulnerability CVE-2008-1657

Security Advisory Description OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshdconfig ForceCommand directive by modifying the .ssh/rc session file. CVE-2008-1657 Impact None Security Advisory Status F5 Product Development has evaluated the...

K8008: Forcing a session ID into a user login

Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...

K73183618: BIG-IP APM Portal Access vulnerability CVE-2020-5853

Security Advisory Description In BIG-IP APM Portal Access, HTTP pages that are served by back-end servers and have special JavaScript code may cause internal name conflicts. CVE-2020-5853 Impact BIG-IP APM An attacker who can control JavaScript code served by back-end servers may bypass the...