K6579: Cross-Site Scripting Vulnerability - ProCheckUp Security Bulletin PR06-04

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K7397: Download of local FirePass files using the URL in Webtop or the Admin UI

Security Advisory Description Note: Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...

K8331: OpenSSL FIPS Object Module 1.1 vulnerability - CVE-2007-5502

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K8174: F5 VPN Client for Windows is remotely exploitable through a buffer overflow

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this Solution have not been evaluated for...

K8424: Java Runtime Environment Vulnerability - CVE-2008-0657

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K73459626: Linux kernel vulnerability CVE-2021-3506

Security Advisory Description An out-of-bounds OOB memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of...

K82644737: NTP vulnerability CVE-2016-4954

Security Advisory Description The processpacket function in ntpproto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service peer-variable modification by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an...

K72430453: PostgreSQL vulnerability CVE-2020-25696

Security Advisory Description A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute...

K7983: ClamAV NULL dereference vulnerability - CVE-2007-4510

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K4583: Insufficient validation of ICMP error messages VU#222750 / CVE-2004-0790 (9.x - 10.x)

Security Advisory Description This article applies to BIG-IP 9.x through 10.x. However, a regression for this vulnerability was introduced in later BIG-IP versions. For information about other versions, refer to the following article: K23440942: Insufficient validation of ICMP error messages...

K53280389: Apache HTTP server vulnerability CVE-2021-44790

Security Advisory Description A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache...

K53214222: midi kernel driver vulnerability CVE-2018-10902

Security Advisory Description It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc double free in sndrawmidiinputparams and sndrawmidioutputstatus which are part of sndrawmidiioctl handler in rawmidi.c file. A malicious local...

K4369: Configuration utility login vulnerability CR45786

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K4009: Vulnerabilities in libpng - CAN-2004-0597, CAN-2004-0598, CAN-2004-0599

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K15318: OpenSSL vulnerability CVE-2011-3207

Security Advisory Description The OpenSSL crypto/x509/x509vfy.c library for 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past. CVE-2011-3207 Impact...

K15325: OpenSSL vulnerability CVE-2014-0224

Security Advisory Description OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications,...

K3631: Stack-based buffer overflow in Apache - CAN-2004-0488

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K15301: Linux kernel TCP ISN vulnerability CVE-2011-3188

Security Advisory Description The 1 IPv4 and 2 IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service disrupted networking or hijack...

K15303: PHP vulnerability CVE-2013-7345

Security Advisory Description The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted ASCII file tha...

K02460950: Linux kernel vulnerability CVE-2017-18552

Security Advisory Description An issue was discovered in net/rds/afrds.c in the Linux kernel before 4.11. There is an out of bounds write and read in the function rdsrecvtracklatency. CVE-2017-18552 Impact An attacker may potentially be able to cause modification or disclosure of information...

K85243532: Serendipity vulnerability CVE-2016-10082

Security Advisory Description include/functionsinstaller.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include call in the...

K73705133: Bash vulnerability CVE-2016-7543

Security Advisory Description Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. CVE-2016-7543 Impact BIG-IP, F5 iWorkflow, BIG-IQ, and Enterprise Manager Impact is minimal for BIG-IP, iWorkflow, BIG-IQ, and...

K8420: ClamAV buffer overflow vulnerabilities - CVE-2007-6335, CVE-2007-6336

Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...

K8406: The BIG-IP ASM web management interface cross-site scripting vulnerability CVE-2008-0539

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K7985: ClamAV clamav-milter vulnerability - CVE-2007-4560

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K05391775: The BIG-IP ASM system may not properly perform attack signature checks

Security Advisory Description The BIG-IP ASM system may not properly perform attack signature checks on request and response content. This issue occurs when all of the following conditions are met: Your system is running BIG-IP 13.1.x. BIG-IP systems running 14.1.x and later are not affected. A...

K16877: libuser vulnerability CVE-2011-0002

Security Advisory Description Description libuser before 0.57 uses a cleartext password value of 1 !! or 2 x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values. CVE-2011-0002 Impact None. F5 products are not affected by this...

K16876: Mount (seunshare_mount) vulnerability CVE-2011-1101

Security Advisory Description Description CVE-2011-1101 The seunsharemount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux RHEL 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tm...

K16920: OpenSSL vulnerability CVE-2014-8176

Security Advisory Description The dtls1clearqueues function in ssl/d1lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows...

K33757590: BIG-IP Edge Client for Windows vulnerability CVE-2021-23023

Security Advisory Description A DLL hijacking issue exists in cachecleaner.dll included in the BIG-IP Edge Client Windows Installer. CVE-2021-23023 Impact This vulnerability may be exploited to allow an unprivileged user to use a malicious DLL to gain privilege escalation on the client Windows...

K17378: SNMP vulnerability CVE-2015-5621

Security Advisory Description The snmppduparse function in snmpapi.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmpvariablelist item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service crash and possibly execute arbitrary...

K16908: Apache HTTPD vulnerability CVE-2011-4415

Security Advisory Description The appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of servi...

K16907: Apache HTTPD vulnerability CVE-2011-3607

Security Advisory Description Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, ...

K16880: Libcap vulnerability CVE-2011-4099

Security Advisory Description Description The capsh program in libcap before 2.22 does not change the current working directory when the --chroot option is specified, which allows local users to bypass the chroot restrictions via unspecified vectors. CVE-2011-4099 Impact None. F5 products are not...

K16898: PKCS #7 vulnerability CVE-2015-1790

Security Advisory Description The PKCS7dataDecodefunction in crypto/pkcs7/pk7doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a PKCS7 blob tha...

K16878: PAM vulnerabilities CVE-2011-3148 and CVE-2011-3149

Security Advisory Description Description CVE-2011-3148 Stack-based buffer overflow in the assembleline function in modules/pamenv/pamenv.c in Linux-PAM aka pam before 1.1.5 allows local users to cause a denial of service crash and possibly execute arbitrary code via a long string of white spaces...

K16879: Apache Portable Runtime vulnerability CVE-2011-1928

Security Advisory Description Description The fnmatch implementation in aprfnmatch.c in the Apache Portable Runtime APR library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service infinite loop via a URI that does not match unspecified types of...

K16301: Multiple OpenSSL vulnerabilities CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, and CVE-2015-0293

Security Advisory Description Description The following vulnerabilities were originally grouped for documentation in this article. However, each CVE is now published and updated in a separate Security Advisory article. You can use this temporary index to find the specific article for each CVE...

K16302: OpenSSL vulnerability CVE-2015-0292

Security Advisory Description Integer underflow in the EVPDecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service memory corruption or possibly...

K1618: Multiple SNMP vulnerabilities CA-2002-03

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K15852: Linux kernel vulnerability CVE-2014-3122

Security Advisory Description Description The trytounmapcluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service system crash by triggering a memory-usage pattern that requires...

K15901: Apache HTTP server vulnerability CVE-2012-2687

Security Advisory Description Multiple cross-site scripting XSS vulnerabilities in the makevariantlist function in modnegotiation.c in the modnegotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web scri...

K15894: Apache vulnerabilities CVE-2012-4557 and CVE-2012-0021

Security Advisory Description CVE-2012-4557 The modproxyajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service worker consumption via an...

K15898: PHP vulnerability CVE-2014-3710

Security Advisory Description Description The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service out-of-bounds read and application...

K15897: Wget vulnerability CVE-2014-4877

Security Advisory Description Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of...

K15889: Apache HTTP server vulnerabilities CVE-2011-3368, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, and CVE-2012-0053

Security Advisory Description CVE-2011-3368 The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allo...

K15880: Libpng vulnerability CVE-2008-6218

Security Advisory Description Memory leak in the pnghandletEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service memory exhaustion via a crafted PNG file. CVE-2008-6218 Impact An attacker may be able to cause a...

K15876: PHP vulnerability CVE-2013-2110

Security Advisory Description Heap-based buffer overflow in the phpquotprintencode function in ext/standard/quotprint.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted...

K21230183: NTP vulnerability CVE-2015-7976

Security Advisory Description The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename. CVE-2015-7976 Impact A remote user who uses the ntp...

K33572148: The BIG-IP ASM system may fail to mask a configured sensitive parameter in the Referer header value

Security Advisory Description The BIG-IP ASM system may fail to mask a configured sensitive parameter in the Referer header value. This issue occurs when all of the following conditions are met: You configured a sensitive parameter located in Security Application Security Parameters Sensitive...