Security Finder

You can use the Security Finder to search for security issues and their impact on Riverbed products. This page is continuously updated, displaying the most current public security issues first. The search box can be used to look up records by specific CVE numbers or relevant search word, e.g. Apache, 8.5.0, Workaround. For additional search tips, refer to article S16165. Security issues listed here are categorized into three groups: fixed, workaround recommended and not applicable.

For general security topics, security best practices and other security related topics, try performing a general search.

BETA FEATURE: This feature is currently under development and is considered Beta Software. We are still enhancing the features and results so please exercise caution when interpreting and implementing the results. If you have any questions, please open a case with Riverbed Support. If you have feedback for this tool, please send it to

Riverbed Technology is committed to protecting customers against vulnerabilities in our supported products. Vulnerabilities are addressed in accordance to the software support policy.

For search tips, read article S16165.

TitleLast Modified
CVE-2018-6927: Integer overflow in futex.c:futux_requeue can lead to denial of service or unspecified impact. 2020-08-11
CVE-2017-12190: Memory leak when merging small consecutive buffers in SCSI I/O vectors. 2020-08-11
CVE-2017-1000407: Linux kernel >= 2.6.32 DoS by flooding diagnostic port 0x80 (Intel x86). 2020-08-11
CVE-2017-1000253: kernel: load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary. 2020-08-11
CVE-2017-1000111: Linux kernel packet_set_ring() race condition lets local users obtain root privileges. 2020-08-11
OpenSSL 1.0.2n has several vulnerabilities. 2020-07-23
Appliance allows an authenticated user to display any arbitrary file. 2020-05-29
CVE-2016-7032, CVE-2016-7076: sudo vulnerability. 2020-04-21
Security update to "file" binary for several vulnerabilities related to high CPU consumption, a crash, or disclosure of memory contents. 2020-04-21
Multiple denial of service attacks involving crafted XML files may cause the libxml2 software library to crash. 2020-04-21
CVE-2013-4782 - A BMC security vulnerability was discovered that impacts SteelHead xx50, EX560, and EX760 models. 2020-04-21
CVE-2013-4312 - Kernel may allow an attacker to consume all file descriptors. 2020-01-15
CVE-2014-3673: The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk 2020-01-15
CVE-2017-7494: Samba version 3.5.0 and later are vulnerable to remote code execution vulnerability. 2019-11-15
Heimdal prior to version 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. 2019-11-15
CVE-2017-16939: The XFRM dump policy implementation allowed local users to gain privileges or cause a denial of service. 2019-11-14
CVE-2017-8824: Linux kernel <= 4.14.3 dccp_disconnect(). 2019-11-14
CVE-2017-18203: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service. 2019-11-14
CVE-2017-12617: Packet Trace Warehouse 7.3-PL0 and earlier are vulnerable to JSP injection via a security flaw identified in Tomcat server 2019-10-09
CVE-2018-7492: Null pointer dereference in net/rds/rdma.c:__rds_rdma_map() allows local attackers to cause denial of service. 2019-09-19
CVE-2010-5328: Potential DOS attack within the Linux kernel. 2019-09-19
CVE-2017-13089, CVE-2017-13090: Upgrade wget to 1.19.2. 2019-09-18
CVE-2017-8817, CVE-2017-8816: Upgrade curl to 7.57.0. 2019-08-30
CVE-2017-7502: A null pointer dereference flaw was found in the way NSS handles empty SSLv2 messages. 2019-08-19
CVE-2017-3143, CVE-2017-3142: vulnerabilities in BIND handling of TSIG authentication for dynamic updates. 2019-08-19
CVE-2017-8779: rpcbind through 0.2.4 and LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3 do not consider the maximum RPC data size during memory allocation for XDR strings. 2019-08-19
CVE-2017-3139: A denial of service flaw was found in the way BIND handled DNSSEC validation. 2019-08-19
CVE-2017-3136 and CVE-2017-3137: Potential denial of service attack. 2019-08-19
CVE-2017-5461: An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. 2019-08-19
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution). 2019-06-24
OpenSSL before 1.0.2n has vulnerabilities CVE-2017-3737 and CVE-2017-3738 as described at 2019-06-21
CVE-2018-1000005: libcurl contains an out bounds read in code handling HTTP/2 trailers. 2019-06-21
NTP before 4.2.8p11 has security vulnerabilities described at 2019-06-21
CVE-2017-7805: A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. 2019-05-15
CVE_2017-1000101: curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. 2019-05-15
CVE-2013-4312 - Kernel may allow an attacker to consume all file descriptors. 2019-03-21
CVE-2017-10989: The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read. 2019-01-25
CVE-2018-5333: kernel: Null pointer dereference in rds_atomic_free_op() allows denial of service. 2019-01-11
CVE-2017-18079: Race condition leading to denial of service or possible arbitrary code execution. 2019-01-11
CVE-2018-5332: kernel: rds_message_alloc_sgs() function doesn't validate value used during DMA page allocation, causing heap out-of-bounds write. 2019-01-11