You can use the Security Finder to search for security issues and their impact on Riverbed products. This page is continuously updated,displaying the most current public security issues first. The search box can be used to look up records by specific CVE numbers or relevant search word, e.g. Apache, 8.5.0, Workaround. For additional search tips, refer to article S16165. Security issues listed here are categorized into three groups: fixed, workaround recommended and not applicable.

For general security topics, security best practices and other security related topics, also try searching our Knowledge Base.

BETA FEATURE:  This feature is currently under development and is considered Beta Software.  We are still enhancing the features and results so please exercise caution when interpreting and implementing the results.  If you have any questions, please open a case with Riverbed Support.  If you have feedback for this tool, please send it to

Riverbed Technology is committed to protecting customers against vulnerabilities in our supported products. Vulnerabilities are addressed in accordance to the software support policy.

For search tips, read article S16165.
TitleLast Modified
CVE-2017-7494: Samba version 3.5.0 and later are vulnerable to remote code execution vulnerability. 2018-12-14
Performing a port scan with Nessus against a SteelFusion Edge triggers a false alarm suggesting there is a problem with Edge HA connectivity, even though the two nodes remain connected. 2018-12-13
Heimdal prior to version 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. 2018-12-10
OpenSSH before 7.4 has security vulnerabilities: CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, and CVE-2016-10012. 2018-11-28
CVE-2017-9077: kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance. 2018-11-12
CVE-2018-5333: kernel: Null pointer dereference in rds_atomic_free_op() allows denial of service. 2018-11-08
CVE-2018-6927: Integer overflow in futex.c:futux_requeue can lead to denial of service or unspecified impact. 2018-11-08
CVE-2018-5332: kernel: rds_message_alloc_sgs() function doesn't validate value used during DMA page allocation, causing heap out-of-bounds write. 2018-11-08
CVE-2017-16994: kernel:mm/pagewalk.c:walk_hugetlb_range function mishandles holes in hugetlb ranges causing information leak. 2018-11-08
CVE-2017-12190: Memory leak when merging small consecutive buffers in SCSI I/O vectors. 2018-11-08
CVE-2017-16533: Local denial of service vulnerability. 2018-11-08
CVE-2017-1000253: kernel: load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary. 2018-11-08
CVE-2017-18079: Race condition leading to denial of service or possible arbitrary code execution. 2018-11-08
CVE-2017-15274: Local denial of service vulnerability. 2018-11-08
CVE-2017-1000407: Linux kernel >= 2.6.32 DoS by flooding diagnostic port 0x80 (Intel x86). 2018-11-08
CVE-2017-16526: Invalid pointer dereference results in DOS by local user. 2018-11-08
CVE-2017-16531: Local denial of service vulnerability. 2018-11-08
CVE-2017-1000111: Linux kernel packet_set_ring() race condition lets local users obtain root privileges. 2018-11-08
CVE-2017-12192: kernel: NULL pointer dereference due to KEYCTL_READ on negative key. 2018-11-08
Appliance allows an authenticated user to display any arbitrary file. 2018-10-28
CVE-2017-16939 : The XFRM dump policy implementation allowed local users to gain privileges or cause a denial of service 2018-10-08
CVE-2013-2094 : Linux kernel before 3.8.9 incorrect integer data type local privilege escalation 2018-10-08
The nginx proxy server has a security vulnerability CVE-2016-4450: NULL pointer de-reference while writing to client request body. 2018-09-03
CVE-2010-5328: Potential DOS attack within the Linux kernel. 2018-09-03
CVE-2018-1000005: libcurl contains an out bounds read in code handling HTTP/2 trailers. 2018-09-03
NTP before 4.2.8p11 has security vulnerabilities described at 2018-09-03
CVE-2017-18203: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service. 2018-08-23
CVE-2017-9242: Potential local user denial of service attack. 2018-08-15
CVE-2017-0605: Linux kernel trace privilege elevation. 2018-08-15
CVE-2017-1000380: Potential information disclosure. 2018-08-15
CVE-2010-5329: Potential DOS attack with kernel driver. 2018-08-15
CVE-2017-14106: Potential DOS attack. 2018-08-15
CVE-2017-14489: Potential DOS attack due to incorrect length validation. 2018-08-15
CVE-2015-5156: Potential DOS attack via crafted fragmentation packets. 2018-08-15
CVE-2017-9076: Potential local user denial of service attack. 2018-08-15
CVE-2017-9075: Potential local user denial of service attack. 2018-08-15
CVE-2017-9074: Potential local user denial of service attack. 2018-08-15
CVE-2017-7542: Potential denial of service attack. 2018-08-15
CVE-2017-11473: Buffer overflow potential in ACPI table. 2018-08-15
CVE-2017-11176: Potential denial of service attack. 2018-08-15