K14371: Apache Axis vulnerability CVE-2012-5784

Security Advisory Description Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the...

K15864: libxml vulnerabilities CVE-2009-2414 and CVE-2009-2416

Security Advisory Description CVE-2009-2414 Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service application crash via a large depth of element declarations in a DTD, related to a...

K15866: Multiple PHP vulnerabilities CVE-2014-3668, CVE-2014-3669, and CVE-2014-3670

Security Advisory Description CVE-2014-3668 Buffer overflow in the datefromISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service applicati...

K31300371: Linux kernel vulnerability CVE-2013-4483

Security Advisory Description The ipcrcuputref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service memory consumption or system crash via a crafted application. CVE-2013-4483 Impact This...

K28538929: MySQL vulnerability CVE-2016-5634

Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to RBR. CVE-2016-5634 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Produ...

K17503: PHP vulnerabilities CVE-2015-7803 and CVE-2015-7804

Security Advisory Description CVE-2015-7803 A NULL pointer dereference flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash. CVE-2015-7804 An uninitialized pointer use flaw was found in the pharmakedirstream function of PHP's Ph...

K17212: PHP vulnerability CVE-2014-5459

Security Advisory Description The PEARREST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a 1 rest.cachefile or 2 rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions...

K17181: BIND vulnerability CVE-2015-5722

Security Advisory Description Parsing a malformed DNSSEC key can cause a validating resolver to exit due to a failed assertion in buffer.c. It is possible for a remote attacker to deliberately trigger this condition, for example by using a query which requires a response from a zone containing a...

K17174: OpenJDK vulnerability CVE-2015-4733

Security Advisory Description Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. CVE-2015-4733 Impact Confidentiality is affected when...

K17170: Java vulnerability CVE-2015-4736

Security Advisory Description Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. CVE-2015-4736 Impact There is no impact; F5 products are not affected by this...

K17172: OpenJDK vulnerability CVE-2015-2638

Security Advisory Description Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. CVE-2015-2638 Impact Confidentiality ...

K16715: Multiple LibTIFF vulnerabilities

Security Advisory Description CVE-2013-1960 Heap-based buffer overflow in the t2pprocessjpegstrip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted TIFF image file. CVE-2013-1961 Stack-bas...

K16743: MIT Kerberos 5 vulnerability CVE-2014-5355

Security Advisory Description MIT Kerberos 5 aka krb5 through 1.13.1 incorrectly expects that a krb5readmessage data field is represented as a string ending with a '\0' character, which allows remote attackers to 1 cause a denial of service NULL pointer dereference via a zero-byte version string ...

K8599: XSS vulnerability viewing logs from the Console section of the web management interface

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K15970: GnuTLS 3.x vulnerability CVE-2014-8564

Security Advisory Description The gnutlseccansix963export function in gnutlsecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service out-of-bounds write via a crafted 1 Elliptic Curve Cryptography ECC certificate or 2...

K15983: Linux kernel vulnerability CVE-2013-7263

Security Advisory Description The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a 1 recvfrom, 2 recvmmsg, or 3 recvmsg system cal...

K19414951: Linux kernel vulnerability CVE-2022-0995

Security Advisory Description An out-of-bounds OOB memory write flaw was found in the Linux kernels watchqueue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system...

K1989: Apache/mod_ssl Worm vulnerability CA-2002-27

Security Advisory Description Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5...

K1956: Integer Overflow In XDR Library - CA-2002-25

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K52559937: Overview of NGINX vulnerabilities (May 2021)

Security Advisory Description On May 25, 2021, NGINX announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your NGINX systems. The details of each issue can be found in the associated Security Advisory...

K09052213: glibc vulnerability CVE-2015-8777

Security Advisory Description The processenvvars function in elf/rtld.c in the GNU C Library aka glibc or libc6 before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LDPOINTERGUARD environment variable. CVE-2015-8777 Impact This vulnerability may...

K12851: BIND vulnerability CVE-2010-3613

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

K52342540: Java SE vulnerability CVE-2017-10108

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability...

K43850230: BIG-IP DNS vulnerability CVE-2020-27717

Security Advisory Description Undisclosed series of DNS requests may cause TMM to restart and generate a core file. CVE-2020-27717 Impact This vulnerability causes a denial of service DoS in data plane traffic. The affected BIG-IP system temporarily fails to process traffic as it recovers from a...

K33444350: F5 SSL Orchestrator vulnerability CVE-2019-6630

Security Advisory Description Undisclosed traffic flow may cause TMM to restart under certain circumstances. CVE-2019-6630 Impact A remote attacker may be able to disrupt service by causing the Traffic Management Microkernel TMM to restart. This issue only affects F5 SSL Orchestrator systems...

K54167061: TMM SSL profile vulnerability CVE-2019-6592

Security Advisory Description TMM may restart and produce a core file when validating SSL certificates in Client SSL or Server SSL profiles. CVE-2019-6592 Impact BIG-IP The Traffic Management Microkernel TMM may restart and temporarily fail to process traffic. BIG-IQ, Enterprise Manager, F5...

K53183580: TMM FastL4 vulnerability CVE-2019-6680

Security Advisory Description While processing traffic through a standard virtual server that targets a FastL4 virtual server VIP on VIP, hardware appliances may stop responding. CVE-2019-6680 Impact This vulnerability allows remote attackers to cause a denial of service DoS on the BIG-IP system...

K39178480: Perl vulnerability CVE-2018-18311

Security Advisory Description Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. CVE-2018-18311 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Produc...

K37611417: Intel Driver vulnerability CVE-2020-12307

Security Advisory Description Improper permissions in some IntelR High Definition Audio drivers before version 9.21.00.4561 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2020-12307 Impact There is no impact; F5 products are not affected by thi...

K05909237: BouncyCastle Java crypto vulnerability CVE-2017-13098

Security Advisory Description BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE Java Cryptography Extension for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private...

K01471335: BIND vulnerability CVE-2016-2848

Security Advisory Description ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remote attackers to cause a denial of service assertion failure and daemon exit via malformed options data in an OPT resource record. CVE-2016-2848 Impact A remote attacker may be able to cause a...

K13421245: TMM vulnerability CVE-2017-6162

Security Advisory Description In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, 11.2.1, in some cases TMM may crash when processing TCP traffic. This vulnerability affects T...

K14200143: Linux kernel vulnerability CVE-2019-19058

Security Advisory Description A memory leak in the allocsgtable function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memory consumption by triggering allocpage failures, aka CID-b4b814fec1a5. CVE-2019-19058 Impact...

K04327111: Linux kernel vulnerability CVE-2019-3896

Security Advisory Description A double-free can happen in idrremoveall in lib/idr.c in the Linux kernel 2.6 branch. An unprivileged local attacker can use this flaw for a privilege escalation or for a system crash and a denial of service DoS. CVE-2019-3896 Impact Traffix SDC An attacker may cause...

K27673650: Linux kernel vulnerability CVE-2018-17972

Security Advisory Description An issue was discovered in the procpidstack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel...

K41739114: Linux kernel vulnerability CVE-2014-6410

Security Advisory Description A stack overflow flaw caused by infinite recursion was found in the way the Linux kernel's Universal Disk Format UDF file system implementation processed indirect Information Control Blocks ICBs. An attacker with physical access to the system could use a specially...

K59298921: OpenSSL vulnerability CVE-2016-2181

Security Advisory Description The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service false-positive packet drops via spoofed DTLS...

K35504111: Linux kernel vulnerability CVE-2018-1000026

Security Advisory Description Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitabl...

K21009022: NGINX Controller insecure database transport vulnerability CVE-2020-5865

Security Advisory Description The NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle MiTM attacks. CVE-2020-5865 Impact An attacker can modify user entered data or...

K40306410: PHP vulnerability CVE-2014-0236

Security Advisory Description file before 5.18, as used in the Fileinfo component in PHP before 5.6.0, allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a zero rootstorage value in a CDF file, related to cdf.c and readcdf.c. CVE-2014-0236 Impa...

K36462841: Linux kernel vulnerability CVE-2018-18281

Security Advisory Description Since Linux kernel version 3.2, the mremap syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate removes entries from the pagetables of a task that is in the middle of mremap, a stale TLB entry can remain for a short time that...

K35040315: glibc vulnerability CVE-2016-10739

Security Advisory Description In the GNU C Library aka glibc or libc6 through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a...

K35195140: BIG-IQ Access Manager role vulnerability CVE-2017-6152

Security Advisory Description A local BIG-IQ user with the Access Manager role has privileges to change the passwords of other users on the system, including the local admin account password. CVE-2017-6152 Impact This vulnerability allows increased privileges for user accounts with the Access...

K41351250: BIG-IP Advanced WAF and BIG-IP ASM vulnerability CVE-2021-23031

Security Advisory Description An authenticated user may perform a privilege escalation on the BIG-IP Advanced WAF and ASM Configuration utility. CVE-2021-23031 Impact When this vulnerability is exploited, an authenticated attacker with access to the Configuration utility can execute arbitrary...

K02349370: dom4j library vulnerability CVE-2020-10683

Security Advisory Description dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. CVE-2020-106...

K05715414: Apache CloudStack vulnerability CVE-2016-3085

Security Advisory Description Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the...

K83384802: glibc vulnerability CVE-2016-5417

Security Advisory Description Memory leak in the resvinit function in the IPv6 name server management code in libresolv in GNU C Library aka glibc or libc6 before 2.24 allows remote attackers to cause a denial of service memory consumption by leveraging partial initialization of internal resolver...

K84602160: Linux kernel vulnerability CVE-2021-3491

Security Advisory Description The iouring subsystem in the Linux kernel allowed the MAXRWCOUNT limit to be bypassed in the PROVIDEBUFFERS operation, which led to negative values being usedin memrw when reading /proc//mem. This could be used to create a heap overflow leading to arbitrary code...

K34441555: BIG-IP TMM vulnerability CVE-2021-23000

Security Advisory Description If the tmm.http.rfc.enforcement BigDB key is enabled in a BIG-IP system, or the Bad host header value is checked in the AFM HTTP security profile associated with a virtual server, in rare instances, a specific sequence of malicious requests may cause TMM to restart...

K30343902: BIG-IP APM XSS vulnerability CVE-2020-27726

Security Advisory Description A reflected cross-site scripting XSS vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system. CVE-2020-27726 Impact An attacker can craft a malicious URL and send it to an authenticated...