6294 matches found
K30971148: Apache Tomcat 6.x vulnerability CVE-2015-5174
Security Advisory Description Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in...
K22234807: Apache vulnerability CVE-2009-3094
Security Advisory Description The approxyftphandler function in modules/proxy/proxyftp.c in the modproxyftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service NULL pointer dereference and child process crash via a malformed reply to an EPSV...
K59722044: PHP vulnerabilities CVE-2016-1903 and CVE-2016-1904
Security Advisory Description CVE-2016-1903 The gdImageRotateInterpolated function in ext/gd/libgd/gdinterpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service out-of-bounds read and...
K48042976: BIG-IP SSL vulnerability CVE-2016-4545
Security Advisory Description On virtual servers with Secure Sockets Layer SSL profiles enabled, an SSL alert sent during the handshake may produce unnecessary logging and resource consumption on a BIG-IP system that is running 11.5.4 FINAL, possibly causing the Traffic Management Microkernel TMM...
K33209124: OpenSSL vulnerability CVE-2015-3197
Security Advisory Description ssl/s2srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to t...
K31026324: Linux kernel vulnerabilities CVE-2015-2925, CVE-2015-5307, and CVE-2015-8104
Security Advisory Description CVE-2015-2925 The prependpath function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a...
K21632201: Linux kernel vulnerability CVE-2011-5321
Security Advisory Description The ttyopen function in drivers/tty/ttyio.c in the Linux kernel before 3.1.1 mishandles a driver-lookup failure, which allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact via crafted acce...
K93203055: Java vulnerability CVE-2015-4872
Security Advisory Description Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect integrity via unknown vectors related to Security. CVE-2015-4872 Impact A remote attacker may affect the integrity of the...
K90230486: Linux kernel vulnerability CVE-2015-7613
Security Advisory Description Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipcaddid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c. CVE-2015-7613...
K05272632: BIG-IP AOM password sync vulnerability CVE-2015-8611
Security Advisory Description BIG-IP systems on the 2000, 4000, 5000, 7000, and 10000 platforms may fail to sync passwords to the Always-On-Management AOM. CVE-2015-8611 Impact An Always-On Management AOM configuration with network access may allow access to AOM using a stale or default password...
K80080243: Apache vulnerability CVE-2009-3095
Security Advisory Description The modproxyftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a...
K12401251: BIG-IP file validation vulnerability CVE-2015-8022
Security Advisory Description The Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, and Link Controller 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6....
K02004209: Oracle Java vulnerability CVE-2014-0411
Security Advisory Description Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from t...
K74435036: libGraphite vulnerabilities
Security Advisory Description CVE-2016-1521 The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary cod...
K13405416: QEMU vulnerability CVE-2012-3515
Security Advisory Description Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space...
K41613034: NTP vulnerability CVE-2016-2519
Security Advisory Description ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service ntpd abort by a large request data value, which triggers the ctlgetitem function to return a NULL value. CVE-2016-2519 Improper restriction of operations within th...
K59503294: libjpeg vulnerability CVE-2013-6629
Security Advisory Description The getsos function in jdmarker.c in 1 libjpeg 6b and 2 libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow...
K30673534: BIND vulnerability CVE-2015-8461
Security Advisory Description Beginning with the September 2015 maintenance releases 9.9.8 and 9.10.3, an error was introduced into BIND 9 which can cause a server to exit after encountering an INSIST assertion failure in resolver.c. CVE-2015-8461 Impact There is no impact; F5 products are not...
K08039035: MySQL vulnerability CVE-2015-4910
Security Advisory Description Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached. CVE-2015-4910 Impact This vulnerability may allow remote authenticated users to affect...
K14132811: Java vulnerability CVE-2015-4893
Security Advisory Description Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911. CVE-2015-4893...
K32790144: NTP vulnerability CVE-2015-7973
Security Advisory Description NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. CVE-2015-7973 Impact If an NTP network is configured for broadcast operations, then either a...
K57500018: ISC DHCP 4.x vulnerability CVE-2015-8605
Security Advisory Description ISC DHCP 4.x before 4.1-ESV-R12-P1 and 4.2.x and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service application crash via an invalid length field in a UDP IPv4 packet. CVE-2015-8605 Impact A remote attacker may be able to cause a Dynamic Host...
K37250780: TMOS vulnerability: Password changes for local users may not be preserved unless the configuration is explicitly saved
Security Advisory Description When changing local user passwords at first boot, the password update may not be preserved unless the configuration is explicitly saved. This will leave the system in a state where it still accepts the old password, and the new password cannot be used to log in. This...
K23332326: Apache HTTPD vulnerability CVE-2010-2791
Security Advisory Description modproxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for ...
K60352002: SNTP vulnerability CVE-2015-5219
Security Advisory Description SNTP processing would enter into an infinite loop when a crafted NTP packet was received. CVE-2015-5219 Impact An attacker may be able to cause a denial-of-service DoS to the system by crafting a special NTP packet. Security Advisory Status F5 Product Development has...
K53445000: BIND vulnerability CVE-2015-8704
Security Advisory Description apl42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service INSIST assertion failure and daemon exit via a malformed Address Prefix List APL record. CVE-2015-8704 Impact The BIND named...
K12156: PHP xmlrpc vulnerability - CVE-2010-0397
Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...
K15638: Python vulnerability CVE-2013-4238
Security Advisory Description The ssl.matchhostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL server...
K15133: BIND vulnerability CVE-2014-0591
Security Advisory Description The queryfindclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service INSIST assertion failure and daemon exit via a crafte...
K14734: Apache HTTP server vulnerability CVE-2013-2249
Security Advisory Description modsessiondbd.c in the modsessiondbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors...
K14733: Apache HTTP server vulnerability CVE-2013-1896
Security Advisory Description moddav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service segmentation fault via a MERGE request in which the URI is configured for handling by the moddavs...
K5004: Security Advisory: zlib buffer overflow - CAN-2005-2096
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K9243: Acresso FLEXnet, Macrovision, InstallShield vulnerability VU#837092
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K000132680: systemd vulnerability CVE-2022-2526
Security Advisory Description A use-after-free vulnerability was found in systemd. This issue occurs due to the onstreamio function and dnsstreamcomplete function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks...
K000132667: Sudo vulnerability CVE-2023-22809
Security Advisory Description In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to...
K000132639: ALPACA: TLS vulnerability CVE-2021-3618
Security Advisory Description ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP...
K000132635: OpenSSL vulnerability CVE-2022-4450
Security Advisory Description The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" e.g. "CERTIFICATE", any header data and the payload data. If the function succeeds then the "nameout", "header" and "data" arguments are populated with pointers to buffers...
K000132638: SnakeYAML vulnerability CVE-2022-1471
Security Advisory Description SnakeYaml's Constructor class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content...
K000132537: OpenSSL vulnerabilities CVE-2022-4203, CVE-2023-0216, CVE-2023-0217, and CVE-2023-0401
Security Advisory Description CVE-2022-4203 A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or...
K000132525: Apache vulnerability CVE-2006-20001
Security Advisory Description A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. CVE-2006-2000...
K000132492: SQLite vulnerability CVE-2022-46908
Security Advisory Description SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. CVE-2022-46908 Impact There is no impact; F5 produc...
K32760744: libxml2 vulnerability CVE-2022-23308
Security Advisory Description valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. CVE-2022-23308 Impact The security impact of xmlGetID returning a pointer to freed memory depends on the application and mostly results in denial-of-service DoS. The typical use case of...
K000132457: ImageMagick vulnerability CVE-2022-44268
Security Advisory Description ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image e.g., for resize, the resulting image could have embedded the content of an arbitrary. file if the magick binary has permissions to read it. CVE-2022-44268 Impact BIG-IP AAM, Edg...
K000132425: Linux kernel vulnerability CVE-2023-0179
Security Advisory Description A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. CVE-2023-017...
K000132404: OpenJDK vulnerability CVE-2023-21830
Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily...
K47662005: BIG-IP Net HSM script vulnerability CVE-2022-28859
When installing Net HSM, the scripts nethsm-safenet-install.sh and nethsm-thales-install.sh expose the Net HSM partition password. CVE-2022-28859 Impact This vulnerability may allow an authenticated attacker with network access to the Net HSM to use or delete private keys by accessing a...
K12824341: OpenSSL vulnerability CVE-2015-3195
Security Advisory Description The ASN1TFLGCOMBINE implementation in crypto/asn1/tasndec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509ATTRIBUTE data, which allows remote attackers to obtain sensitive...
K64505405: NTP vulnerability CVE-2016-4956
Security Advisory Description ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service interleaved-mode transition and time change via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548. CVE-2016-4956 Impact In...
K000130496: Overview of F5 vulnerabilities (February 2023)
Security Advisory Description On February 1, 2023, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associate...
K43881487: HTTP profile vulnerability CVE-2023-22422
Security Advisory Description When an HTTP profile with the non-default Enforcement options Enforce RFC Compliance and Unknown Methods: Reject are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2023-22422 Impact Traffic is...