6294 matches found
K17159: PAM vulnerability CVE-2009-2410
Security Advisory Description The localhandlercallback function in server/responder/pam/pamLOCALdomain.c in sssd 0.4.1 does not properly handle blank-password accounts in the SSSD BE database, which allows context-dependent attackers to obtain access by sending the account's username, in...
K17169: Java vulnerability CVE-2015-2625
Security Advisory Description Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JSSE. CVE-2015-2625 Impact Confidentiality is affected when exploited by...
K11251130: NTP vulnerability CVE-2016-1547
Security Advisory Description An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated...
K43205719: NTP input validation vulnerability CVE-2016-1550
Security Advisory Description An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key. CVE-2016-1550...
K45427159: NTP authentication bypass vulnerability CVE-2016-1551
Security Advisory Description ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, an...
K24734336: PHP vulnerabilities CVE-2016-4542, CVE-2016-4543, and CVE-2016-4544
Security Advisory Description CVE-2016-4542 The exifprocessIFDTAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service out-of-bounds read or possibly...
K24613253: NTP vulnerability CVE-2016-2516
Security Advisory Description NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service ntpd abort by using the same IP address multiple times in an unconfig directive. CVE-2016-2516 Impact An attacker may be able to compromise the...
K20804323: NTP vulnerability CVE-2016-2518
Security Advisory Description The MATCHASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. CVE-2016-2518 Using a crafted packet to create a peer association with hmode 7...
K39250133: glibc vulnerability CVE-2015-8779
Security Advisory Description Stack-based buffer overflow in the catopen function in the GNU C Library aka glibc or libc6 before 2.23 allows context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via a long catalog name. CVE-2015-8779 Impact ...
K56138200: PHP vulnerability CVE-2016-3078
Security Advisory Description Multiple integer overflows in phpzip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted call to 1 getFromIndex or 2...
K48802597: Java vulnerabilities CVE-2013-5825 and CVE-2013-5830
Security Advisory Description CVE-2013-5825 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect...
K25527955: SNMP vulnerability CVE-2002-0013
Security Advisory Description Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via 1 GetRequest, 2 GetNextRequest, and 3 SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 tes...
K07538415: Multiple OpenSSL vulnerabilities
Security Advisory Description On May 3, 2016, OpenSSL announced the discovery of the following vulnerabilities: CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2176 For the complete announcement from OpenSSL, refer to OpenSSL Security Advisory 3rd May 2016. Note :...
K50118123: Java vulnerabilities CVE-2016-0466 and CVE-2016-0483
Security Advisory Description CVE-2016-0466 Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect availability via vectors related to JAXP...
K07369970: TMM vulnerability CVE-2017-6151
Security Advisory Description In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, undisclosed requests made to BIG-IP virtual servers which make use of the "HTTP/2 profile" may result in a disruption of...
K17130: Linux kernel vulnerability CVE-2015-1420
Security Advisory Description Race condition in the handletopath function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handlebytes value of a file handle during...
K16794: CUPS vulnerabilities CVE-2015-1158 / CVE-2015-1159
Security Advisory Description Description CVE-2015-1158 A string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operations, allowing a replacement...
K16686: Point-to-Point Protocol (PPP) vulnerability CVE-2015-3310
Security Advisory Description Buffer overflow in the rcmksid function in plugins/radius/util.c in Paul's PPP Package ppp 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial of service crash via a start accounting message to the RADIUS server...
K16704: cURL and libcurl vulnerability CVE-2015-3143
Security Advisory Description cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015. CVE-2015-3143 Impact Remote attackers may be able to reuse NTLM...
K16843: NAT-PMP vulnerability VU#184540
Security Advisory Description Many NAT-PMP devices are incorrectly configured, allowing them to field requests received on external network interfaces or map forwarding routes to addresses other than that of the requesting host, making them potentially vulnerable to information disclosure and...
K16844: Multicast DNS vulnerability VU#550620
Security Advisory Description Multicast DNS implementations may respond to unicast queries that originate from sources outside of the local link network. Such responses may disclose information about network devices or be used in denial-of-service DoS amplification attacks. VU550620 Impact None. ...
K17237: Linux kernel vulnerability CVE-2014-7822
Security Advisory Description The implementation of certain splicewrite file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service system crash or possibly have unspecified other impact...
K17239: Linux kernel vulnerability CVE-2014-9529
Security Advisory Description Race condition in the keygcunusedkeys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service memory corruption or panic or possibly have unspecified other impact via keyctl commands that trigger access to a k...
K17236: Apache HTTP server vulnerability CVE-2015-3185
Security Advisory Description The apsomeauthrequired function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass...
K16846: IPMI vulnerability CVE-2013-4786
Security Advisory Description The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol RAKP authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC...
K16830: Linux vulnerability CVE-2014-8171
Security Advisory Description It was found that the Linux kernel memory resource controller's memcg handling of OOM out of memory conditions could lead to deadlocks. An attacker able to continuously spawn new processes within a single memory-constrained cgroup during an OOM event could use this...
K16832: DNS vulnerability CVE-1999-0532
Security Advisory Description A DNS server allows zone transfers. CVE-1999-0532 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently supported releases for potential vulnerability. To determine i...
K16828: Apache Tomcat vulnerability CVE-2005-2090
Security Advisory Description Jakarta Tomcat 5.0.19 Coyote/1.1 and Tomcat 4.1.24 Coyote/1.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length...
K16829: Linux vulnerability CVE-2014-7825
Security Advisory Description kernel/trace/tracesyscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the perf subsystem, which allows local users to cause a denial of service out-of-bounds read and OOPS or bypass the ASLR protection mechanis...
K16826: PHP vulnerability CVE-2015-4024
Security Advisory Description Algorithmic complexity vulnerability in the multipartbufferheaders function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service CPU consumption via crafted form data that triggers an...
K9592: bzip2 vulnerability CVE-2008-1372
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K62655427: libjpeg-turbo vulnerability CVE-2013-6630
Security Advisory Description The getdht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table DHT JPEG...
K11353642: Linux kernel vulnerability CVE-2013-2596
Security Advisory Description Integer overflow in the fbmmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and...
K17232507: OpenSSL vulnerability CVE-2016-0798
Security Advisory Description Memory leak in the SRPVBASEgetbyuser implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service memory consumption by providing an invalid username in a connection attempt, related to apps/sserver.c and...
K61275340: Java vulnerability CVE-2013-5823
Security Advisory Description Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via unknown vectors related to...
K23822215: glibc calloc vulnerability CVE-2015-5229
Security Advisory Description The calloc function in the glibc package in Red Hat Enterprise Linux RHEL 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service hang or crash via unspecified vectors. CVE-2015-5229 Impact Thi...
K07560020: Linux kernel vulnerabilities CVE-2015-7884, CVE-2015-7885, CVE-2015-8543, CVE-2015-8569, and CVE-2015-8660
Security Advisory Description CVE-2015-7884 The vividfbioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application...
K75253136: GnuPG vulnerability CVE-2013-4242
Security Advisory Description GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. CVE-2013-4242 Impact A local user may obtain...
K50413110: GnuPG vulnerability CVE-2013-4351
Security Advisory Description GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared no usage permitted as if it has all bits set all usage permitted, which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey...
K93122894: OpenSSL vulnerability CVE-2016-0705
Security Advisory Description Double free vulnerability in the dsaprivdecode function in crypto/dsa/dsaameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via a malformed DS...
K40131068: GnuPG vulnerability CVE-2013-4402
Security Advisory Description The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service infinite recursion via a crafted OpenPGP message. CVE-2013-4402 Impact A remote attacker may exploit this flaw by way of a specially...
K33285044: Oracle Java SE vulnerability CVE-2016-0695
Security Advisory Description Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security. CVE-2016-0695 Impact Remote attackers may be able to gain access to...
K73112451: Oracle Java SE vulnerability CVE-2016-3427
Security Advisory Description Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. CVE-2016-3427 Impact F5 products are not vulnerabl...
K74363721: NTP vulnerability CVE-2015-7975
Security Advisory Description The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service application crash. CVE-2015-7975 Impact A remote attacker could potentially use this flaw to...
K70306414: Linux kernel vulnerability CVE-2021-20292
Security Advisory Description There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveausgdma.c in nouveausgdmacreatettm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on...
K70517410: The BIG-IP ASM CSRF token may fail to renew when the original web server renews its session
Security Advisory Description This issue occurs when all of the following conditions are met: The BIG-IP ASM cross-site request forgery CSRF protection feature is enabled in a security policy. The CSRF token CSRT expiration time is disabled by default in the security policy. The original web serv...
K74171196: Linux kernel vulnerability CVE-2016-4998
Security Advisory Description The IPTSOSETREPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service out-of-bounds read or possibly obtain sensitive information from kernel heap memory by leveraging in-container root...
K12794: GNU C Library vulnerability CVE-2010-4052
Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this Solution have not been evaluated for...
K12597: PHP vulnerability CVE-2010-4156
Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...
K12793: GNU C Library vulnerability CVE-2010-4051
Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...