Blog

Security Advisory Description nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation ... More info: https://my.f5.com/manage/s/article/K49902412?utm_source=f5support&utm_medium=RSS

Security Advisory Description Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached ... More info: https://my.f5.com/manage/s/article/K63525027?utm_source=f5support&utm_medium=RSS

Security Advisory Description NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. More info: https://my.f5.com/manage/s/article/K54450124?utm_source=f5support&utm_medium=RSS

Security Advisory Description This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available. Learn more about the ... More info: https://my.f5.com/manage/s/article/K000132893?utm_source=f5support&utm_medium=RSS

Security Advisory Description This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available. Learn more about the ... More info: https://my.f5.com/manage/s/article/K000130541?utm_source=f5support&utm_medium=RSS

Security Advisory Description The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may ... More info: https://my.f5.com/manage/s/article/K00994461?utm_source=f5support&utm_medium=RSS

Security Advisory Description BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. (CVE-2019-12900) Impact BIG-IP AAM If an iSession ... More info: https://my.f5.com/manage/s/article/K68713584?utm_source=f5support&utm_medium=RSS

Security Advisory Description In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_ ... More info: https://my.f5.com/manage/s/article/K05295469?utm_source=f5support&utm_medium=RSS

Security Advisory Description Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest ... More info: https://my.f5.com/manage/s/article/K22322802?utm_source=f5support&utm_medium=RSS

Security Advisory Description libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. (CVE-2022-40674) Impact An attacker may be able to use crafted XML to reference ... More info: https://my.f5.com/manage/s/article/K44454157?utm_source=f5support&utm_medium=RSS