Latest f5 traffix sdc Vulnerabilities

The cve record for the cve id does not exist.
F5 BIG-IP Next SPK>=1.5.0<=1.9.2
F5 BIG-IP Next CNF>=1.1.0<=1.3.0
F5 Traffix SDC=5.2.0=5.1.0
The cve record for the cve id does not exist.
F5 BIG-IP Next SPK>=1.5.0<=1.9.2
F5 BIG-IP Next CNF>=1.1.0<=1.3.0
F5 Traffix SDC=5.2.0=5.1.0
NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 12...
F5 F5OS-A=1.7.0
F5 Traffix SDC=5.2.0=5.1.0
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.
F5 BIG-IP>=17.1.0<=17.1.1
F5 BIG-IP>=16.1.0<=16.1.4
F5 BIG-IP>=15.1.0<=15.1.10
F5 F5OS-A=1.7.0>=1.5.1<=1.5.2
F5 F5OS-C>=1.6.0<=1.6.2
F5 Traffix SDC=5.2.0=5.1.0
An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentic...
F5 BIG-IP>=17.1.0<=17.1.1
F5 BIG-IP>=16.1.0<=16.1.4
F5 BIG-IP>=15.1.0<=15.1.10
F5 Traffix SDC=5.1.0
In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.
F5 BIG-IP>=17.1.0<=17.1.1
F5 BIG-IP>=16.1.0<=16.1.4
F5 BIG-IP>=15.1.0<=15.1.10
F5 BIG-IQ Centralized Management>=8.1.0<=8.3.0
F5 F5OS-A=1.7.0>=1.5.0<=1.5.2=1.4.0>=1.3.0<=1.3.2
F5 F5OS-C>=1.6.0<=1.6.2>=1.5.0<=1.5.1
and 1 more
Apache HTTP Server: HTTP response splitting
ubuntu/apache2<2.4.29-1ubuntu4.27+
ubuntu/apache2<2.4.41-4ubuntu3.17
ubuntu/apache2<2.4.52-1ubuntu4.9
ubuntu/apache2<2.4.57-2ubuntu2.4
ubuntu/apache2<2.4.58-1ubuntu8.1
ubuntu/apache2<2.4.59-1
and 10 more
Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS...
F5 Traffix SDC=5.1.0
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For exampl...
F5 BIG-IP Next (LTM, WAF)>=20.0.1<=20.1.0
F5 BIG-IP Next Central Manager>=20.0.1<=20.1.0
F5 BIG-IP>=17.1.0<=17.1.1
F5 BIG-IP>=16.1.0<=16.1.4
F5 BIG-IP>=15.1.0<=15.1.10
F5 BIG-IQ Centralized Management>=8.1.0<=8.3.0
and 3 more
An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c all...
F5 Traffix SDC=5.2.0=5.1.0
A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately re...
F5 Traffix SDC=5.2.0=5.1.0
CVE-2023-4206 A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation. When route4_change() is called on an existin...
F5 Traffix SDC>=1<=5=5.2.0
CVE-2023-5981 A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. CVE-20...
F5 BIG-IP Next>=20.0.1<=20.0.2
F5 BIG-IP Next Central Manager>=20.0.1<=20.0.2
F5 BIG-IP Next SPK>=1.5.0<=1.9.1
F5 BIG-IP Next CNF>=1.1.0<=1.3.0
F5 BIG-IP>=17.1.0<=17.1.1
F5 BIG-IP>=16.1.0<=16.1.4
and 5 more
OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist...
F5 Traffix SDC=5.2.0=5.1.0
Gnutls: incomplete fix for cve-2023-5981
redhat/gnutls<3.8.3
debian/gnutls28<=3.6.7-4+deb10u8<=3.7.1-5+deb11u4<=3.7.1-5+deb11u3
ubuntu/gnutls28<3.6.13-2ubuntu1.10
ubuntu/gnutls28<3.7.3-4ubuntu1.4
ubuntu/gnutls28<3.7.8-5ubuntu1.2
ubuntu/gnutls28<3.8.1-4ubuntu1.2
and 18 more
OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist...
Openbsd Openssh
Fedoraproject Fedora=39
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
debian/openssh<=1:7.9p1-10+deb10u2<=1:7.9p1-10+deb10u4<=1:8.4p1-5+deb11u3<=1:9.2p1-2+deb12u2<=1:9.6p1-4<=1:9.7p1-4
F5 Traffix SDC=5.2.0=5.1.0
, CVE-2023-6004: OpenSSH, libssh: Security weakness in ProxyCommand handling
Openbsd Openssh<9.6
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Debian Debian Linux=12.0
ubuntu/openssh<1:7.6
ubuntu/openssh<1:8.2
and 18 more
Gnutls: timing side-channel in the rsa-psk authentication
redhat/GnuTLS<3.8.2
ubuntu/gnutls28<3.5.18-1ubuntu1.6+
ubuntu/gnutls28<3.6.13-2ubuntu1.9
ubuntu/gnutls28<3.7.3-4ubuntu1.3
ubuntu/gnutls28<3.7.8-5ubuntu1.1
ubuntu/gnutls28<3.8.1-4ubuntu1.1
and 19 more
It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a B...
Mozilla Firefox<124
Mozilla Firefox ESR<115.9
Mozilla Thunderbird<115.9
redhat/firefox<115.9
redhat/thunderbird<115.9
ubuntu/firefox<124.0+
and 13 more
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. When u32_change() is called on an existing filter, the whole ...
Linux Linux kernel<6.5
Debian Debian Linux=12.0
debian/linux<=4.19.249-2<=4.19.289-2
Linux Linux kernel>=3.18<4.14.322
Linux Linux kernel>=4.15<4.19.291
Linux Linux kernel>=4.20<5.4.253
and 6 more
A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. When fw_change() is called on an existing filter, the whole tc...
Linux Linux kernel<6.5
Debian Debian Linux=12.0
debian/linux<=4.19.249-2<=4.19.289-2
Linux Linux kernel>=3.18<4.14.326
Linux Linux kernel>=4.15<4.19.295
Linux Linux kernel>=4.20<5.4.253
and 6 more
** DISPUTED ** Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial ...
Xmlsoft Libxml2=2.11.0
F5 Traffix SDC=5.1.0
=2.11.0
Python could allow a remote attacker to bypass security restrictions, caused by a race condition in the SSLSocket module. When the socket is closed before the TLS handshake is complete, the data is tr...
Python Python<3.8.18
Python Python>=3.9.0<3.9.18
Python Python>=3.10.0<3.10.13
Python Python>=3.11.0<3.11.5
IBM QRadar SIEM<=7.5 - 7.5.0 UP7
F5 BIG-IP>=17.1.0<=17.1.1
and 28 more
A flaw in the Linux Kernel found. Use after free in the net/sched classifiers (cls_fw, cls_u32 and cls_route) can happen because of mainline/net/sched/cls_fw.c incorrect handling of the existing filte...
Linux Linux kernel<6.5
Debian Debian Linux=12.0
debian/linux<=4.19.249-2<=4.19.289-2
redhat/Kernel<6.5
Linux Linux kernel>=3.18<4.14.322
Linux Linux kernel>=4.15<4.19.291
and 7 more
Use-after-free in Linux kernel's net/sched: cls_fw component
Linux Linux kernel>=2.6<6.5
Linux Linux kernel=6.5-rc1
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Debian Debian Linux=12.0
redhat/Kernel<6.5
and 175 more
A flaw in the Linux Kernel found. An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() f...
Linux Linux kernel>=3.8<6.5
Linux Linux kernel=6.5-rc1
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Debian Debian Linux=12.0
redhat/Kernel<6.5
and 176 more
In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.
Xmlsoft Libxml2<2.10.4
Debian Debian Linux=10.0
redhat/libxml2<2.10.4
F5 BIG-IP>=17.1.0<=17.1.1
F5 BIG-IP>=16.1.0<=16.1.4
F5 BIG-IP>=15.1.0<=15.1.10
and 4 more
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-expo...
Balasys Dheater
SUSE Linux Enterprise Server=15
SUSE Linux Enterprise Server=11
SUSE Linux Enterprise Server=12
F5 BIG-IQ Centralized Management=7.1.0
F5 BIG-IQ Centralized Management>=8.0.0<=8.2.0
and 80 more

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203