K31934524: BIG-IP SNAT vulnerability CVE-2021-22998

Security Advisory Description SYN flood protection thresholds are not enforced in secure network address translation SNAT listeners. CVE-2021-22998 Impact Connections to SNAT listeners are not bound by SYN cookie thresholds, leaving them potentially vulnerable to SYN flood class attacks. This iss...

K83504933: Intel I210 network adapter vulnerability CVE-2020-0524

Security Advisory Description Improper default permissions in the firmware for the IntelR Ethernet I210 Controller series of network adapters before version 3.30 may allow an authenticated user to potentially enable denial of service via local access. CVE-2020-0524 Impact The BIG-IP management...

K69550896: Linux kernel vulnerability CVE-2019-11683

Security Advisory Description udpgroreceivesegment in net/ipv4/udpoffload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service slab-out-of-bounds memory corruption or possibly have unspecified other impact via UDP packets with a 0 payload, because of...

K74413297: Linux kernel vulnerability CVE-2014-3184

Security Advisory Description The reportfixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service out-of-bounds write via a crafted device that provides a small report descriptor, related to 1...

K82356391: Intel CPU vulnerability CVE-2020-0591

Security Advisory Description Improper buffer restrictions in BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2020-0591 Impact There is no impact; F5 products are not affected by this vulnerability. F5...

K48572812: XSS vulnerability in F5 WebSafe Dashboard CVE-2016-5235

Security Advisory Description A Cross Site Scripting XSS vulnerability in F5 WebSafe Dashboard allows an unauthenticated user to inject HTML via a crafted alert. CVE-2016-5235 Impact The F5 WebSafe Dashboard may allow modification by unauthorized users. Security Advisory Status F5 Product...

K68146245: Apache Pulsar vulnerability CVE-2021-22160

Security Advisory Description If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens JWT, the signature of the token is not validated if the algorithm of the presented token is set to "none". This allows an attacker to connect to Pulsar instances as any user...

K49229034: Sudo vulnerabilities CVE-2014-9680, CVE-2016-7032, CVE-2016-7076, and CVE-2016-7077

Security Advisory Description CVE-2014-9680 sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access but not view file contents by running a program within an sudo session, as...

K74251611: Linux kernel vulnerability CVE-2021-38166

Security Advisory Description In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAPSYSADMIN capability. CVE-2021-38166 Impact An...

K68499208: Linux kernel vulnerability CVE-2017-18204

Security Advisory Description The ocfs2setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service deadlock via DIO requests. CVE-2017-18204 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...

K49827114: BIG-IP Edge Client for macOS vulnerability CVE-2019-6668

Security Advisory Description BIG-IP Edge Client for macOS may allow unprivileged users to access files owned by the root account. CVE-2019-6668 Impact BIG-IP Edge Client may allow an unprivileged user on the affected macOS device to get ownership of files owned by the root account on the local...

K73059510: Undertow vulnerabilities CVE-2019-10212 and CVE-2020-1745

Security Advisory Description CVE-2019-10212 A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files. CVE-2020-1745 A file inclusion vulnerability was found...

K53252134: Intel BIOS vulnerability CVE-2021-0155

Security Advisory Description Unchecked return value in the BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable information disclosure via local access. CVE-2021-0155 Impact A local attacker logged-in as a privileged user can exploit the vulnerability to gai...

K82252291: BIND vulnerability CVE-2020-8623

Security Advisory Description In BIND 9.10.0 - 9.11.21, 9.12.0 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.10.5-S1 - 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the...

K71489519: Wireshark vulnerability CVE-2015-4652

Security Advisory Description epan/dissectors/packet-gsmadtap.c in the GSM DTAP dissector in Wireshark 1.12.x before 1.12.6 does not properly validate digit characters, which allows remote attackers to cause a denial of service application crash via a crafted packet, related to the deemergnumlist...

K52883417: BIND vulnerability CVE-2020-8620

Security Advisory Description In versions of BIND that use the libuv network manager 9.16.x is the only stable branch affected an incorrectly specified maximum buffer size allows a specially crafted large TCP payload to trigger an assertion failure when it is received. CVE-2020-8620 Impact There ...

K45991967: PHP vulnerability CVE-2020-7060

Security Advisory Description When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbflfiltconvbig5wchar to read past the allocated buffer. This may...

K81557381: BIG-IP HTTP/2 vulnerability CVE-2019-6673

Security Advisory Description When the BIG-IP system is configured in HTTP/2 full proxy mode, specifically crafted requests may cause a disruption of service provided by the Traffic Management Microkernel TMM. CVE-2019-6673 Impact An attacker may be able to use a specifically crafted request to...

K46901953: BIG-IP APM virtual server vulnerability CVE-2020-5874

Security Advisory Description In certain circumstances, an attacker sending specifically crafted requests to a BIG-IP APM virtual server may cause a disruption of service provided by the Traffic Management MicrokernelTMM. CVE-2020-5874 Impact An attacker may be able to perform a denial-of-service...

K51574311: BIG-IP APM vulnerability CVE-2020-27716

Security Advisory Description When a BIG-IP APM virtual server processes traffic of an undisclosed nature, the Traffic Management Microkernel TMM stops responding and restarts. CVE-2020-27716 Impact Traffic processing is disrupted while TMM restarts. If the affected BIG-IP system is configured as...

K44551633: Multiple tcpdump vulnerabilities

Security Advisory Description CVE-2018-14881 The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgpcapabilitiesprint BGPCAPCODERESTART. CVE-2018-14882 The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. CVE-2018-16227 The IEEE 802.11 parser...

K31700032: Linux kernel vulnerability CVE-2021-29657

Security Advisory Description arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka CID-a58d9166a756. This occurs because of a TOCTOU race condition associated with a...

K21435974: TMUI XSS vulnerability CVE-2021-23037

Security Advisory Description A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. CVE-2021-23037 Impact An attacker may exploit this...

K43254923: Apache Ranger vulnerability CVE-2016-2174

Security Advisory Description SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime. CVE-2016-2174 Impact There is no impact;...

K23893104: QEMU vulnerability CVE-2017-13672

Security Advisory Description QEMU aka Quick Emulator, when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service out-of-bounds read and QEMU process crash via vectors involving display update. CVE-2017-13672. Impact There is no impact; F...

K43357358: AMD processors vulnerability CVE-2022-23823

Security Advisory Description A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure. CVE-2022-23823 also known as hertzbleed Impact Successful exploitation of this...

K58494243: BIG-IP HTTP/2 vulnerability CVE-2020-5891

Security Advisory Description Undisclosed HTTP/2 requests can lead to a denial of service when sent to a virtual server configured with the Fallback Host setting and a server-side HTTP/2 profile. CVE-2020-5891 Impact The Traffic Management Microkernel TMM may generate a core file and restart,...

K52144175: libarchive vulnerability CVE-2019-18408

Security Advisory Description archivereadformatrarreaddata in archivereadsupportformatrar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVEFAILED situation, related to Ppmd7DecodeSymbol. CVE-2019-18408 Impact There is no impact; F5 products are not affected by this...

K19380843: Node.js vulnerability CVE-2020-8174

Security Advisory Description napigetvaluestring allows various kinds of memory corruption in node 10.21.0, 12.18.0, and 14.4.0. CVE-2020-8174 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently...

K91090139: BIND vulnerability CVE-2020-8624

Security Advisory Description In BIND 9.9.12 - 9.9.13, 9.10.7 - 9.10.8, 9.11.3 - 9.11.21, 9.12.1 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.9.12-S1 - 9.9.13-S1, 9.11.3-S1 - 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset o...

K03244804: XML vulnerability CVE-2017-9233

Security Advisory Description XML External Entity vulnerability in libexpat 2.2.0 and earlier Expat XML Parser Library allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. CVE-2017-9233 Impact BIG-IP Administrative interfaces,...

K93526903: BIG-IP APM portal access vulnerability CVE-2022-23014

Security Advisory Description When BIG-IP APM portal access is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-23014 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows an authenticated...

K30291321: The attack signature check may fail to detect and block illegal requests for a case-insensitive policy

Security Advisory Description The web application firewall attack signature check may fail to detect and block illegal requests. This issue occurs when all of the following conditions are met: You are using one of the following web application firewall products: Advanced WAF or BIG-IP ASM 11.6.0 ...

K86326526: MySQL vulnerabilities CVE-2015-4766, CVE-2015-4904, CVE-2015-4791, and CVE-2015-4807

Security Advisory Description CVE-2015-4766 Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall. CVE-2015-4904 Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier...

K25901386: GRUB2 vulnerability CVE-2015-8370

Security Advisory Description Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service disk corruption via backspace characters in the 1 grubusernameget function in...

K19157044: libtirpc vulnerability CVE-2013-1950

Security Advisory Description The svcdggetargs function in libtirpc 0.2.3 and earlier allows remote attackers to cause a denial of service rpcbind crash via a Sun RPC request with crafted arguments that trigger a free of an invalid pointer. CVE-2013-1950 Impact Attackers may be able to perform a...

K23946311: glibc vulnerability CVE-2015-8776

Security Advisory Description The strftime function in the GNU C Library aka glibc or libc6 before 2.23 allows context-dependent attackers to cause a denial of service application crash or possibly obtain sensitive information via an out-of-range time value. CVE-2015-8776 Impact An application or...

K21921812: Quagga vulnerability CVE-2016-2342

Security Advisory Description The bgpnlriparsevpnv4 function in bgpmplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execu...

K00032124: BIG-IP last hop kernel module vulnerability CVE-2015-5516

Security Advisory Description The BIG-IP last hop kernel module may leak memory when processing User Datagram Protocol UDP traffic. The memory leak may cause denial-of-service DoS conditions for the BIG-IP system. Impact The following configurations may allow a remote attacker to cause a memory...

K51324410: SAMBA vulnerabilities CVE-2015-7560 and CVE-2016-0771

Security Advisory Description CVE-2015-7560 The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then usin...

K51841514: QEMU vulnerability CVE-2015-6855

Security Advisory Description hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WINREADNATIVEMAX command to an...

K59692558: BIND vulnerability CVE-2016-2088

Security Advisory Description resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service INSIST assertion failure and daemon exit via a malformed packet with more than one cookie option. CVE-2016-2088 Impact There is...

K04362926: BIOS SMM privilege escalation vulnerability CVE-2015-0949

Security Advisory Description The System Management Mode SMM implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local...

K30518307: Java commons-collections library vulnerability CVE-2015-4852

Security Advisory Description CVE-2015-4852 Java applications that have an endpoint that accepts serialized Java objects, an attacker can combine serializable collections to create arbitrary remote code execution. Based on the FoxGlove, an attack can be done via RMI or HTTP. The vulnerability is...

K31781390: January 2019 OpenSSH security vulnerabilities

Security Advisory Description In January 2019, a security researcher announced the discovery of the following OpenSSH SCP client vulnerabilities: CVE-2018-20685 OpenSSH: Improper check in scp.c:sink allows malicious servers to bypass access restrictions in scp client CVE-2019-6109 OpenSSH: Missin...

K70675920: August 2018 Intel security vulnerability announcement

Security Advisory Description On 14-Aug-2018, Intel announced the discovery of the following vulnerabilities: CVE-2018-3615 Foreshadow CVE-2018-3620 Foreshadow-NG CVE-2018-3646 Foreshadow-NG For the complete announcement from Intel, refer to the following link: Note : The following link takes you...

K23230229: OpenSSL vulnerability CVE-2016-2109

Security Advisory Description The asn1d2ireadbio function in crypto/asn1/ad2ifp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service memory consumption via a short invalid encoding. CVE-2016-2109 Impact Specially...

K93600123: OpenSSL vulnerability CVE-2016-2107

Security Advisory Description The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC...

K75136237: Privilege escalation vulnerability CVE-2015-7393

Security Advisory Description dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP DNS 12.0.0...

K10164113: Linux kernel vulnerability CVE-2015-8787

Security Advisory Description The nfnatredirectipv4 function in net/netfilter/nfnatredirect.c in the Linux kernel before 4.4 allows remote attackers to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact by sending certain IPv4 packets to ...