You can use the Security Finder to search for security issues and their impact on Riverbed products. This page is continuously updated,displaying the most current public security issues first. The search box can be used to look up records by specific CVE numbers or relevant search word, e.g. Apache, 8.5.0, Workaround. For additional search tips, refer to article S16165. Security issues listed here are categorized into three groups: fixed, workaround recommended and not applicable.

For general security topics, security best practices and other security related topics, also try searching our Knowledge Base.

BETA FEATURE:  This feature is currently under development and is considered Beta Software.  We are still enhancing the features and results so please exercise caution when interpreting and implementing the results.  If you have any questions, please open a case with Riverbed Support.  If you have feedback for this tool, please send it to

Riverbed Technology is committed to protecting customers against vulnerabilities in our supported products. Vulnerabilities are addressed in accordance to the software support policy.

For search tips, read article S16165.
TitleLast Modified
CVE-2013-4312 - Kernel may allow an attacker to consume all file descriptors. 2019-08-12
CVE-2014-3673: The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk 2019-08-12
OpenSSL 1.0.2n has several vulnerabilities. 2019-08-08
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution). 2019-06-24
Appliance allows an authenticated user to display any arbitrary file. 2019-06-24
OpenSSL before 1.0.2n has vulnerabilities CVE-2017-3737 and CVE-2017-3738 as described at 2019-06-21
CVE-2017-8817, CVE-2017-8816: Upgrade curl to 7.57.0. 2019-06-21
CVE-2018-1000005: libcurl contains an out bounds read in code handling HTTP/2 trailers. 2019-06-21
NTP before 4.2.8p11 has security vulnerabilities described at 2019-06-21
CVE-2017-7494: Samba version 3.5.0 and later are vulnerable to remote code execution vulnerability. 2019-05-15
CVE-2017-7805: A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. 2019-05-15
CVE_2017-1000101: curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. 2019-05-15
CVE-2017-13089, CVE-2017-13090: Upgrade wget to 1.19.2. 2019-05-15
Heimdal prior to version 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. 2019-04-17
CVE-2013-4312 - Kernel may allow an attacker to consume all file descriptors. 2019-03-21
CVE-2017-10989: The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read. 2019-01-25
CVE-2018-6927: Integer overflow in futex.c:futux_requeue can lead to denial of service or unspecified impact. 2019-01-11
CVE-2018-5333: kernel: Null pointer dereference in rds_atomic_free_op() allows denial of service. 2019-01-11
CVE-2017-12190: Memory leak when merging small consecutive buffers in SCSI I/O vectors. 2019-01-11
CVE-2017-18079: Race condition leading to denial of service or possible arbitrary code execution. 2019-01-11
CVE-2018-5332: kernel: rds_message_alloc_sgs() function doesn't validate value used during DMA page allocation, causing heap out-of-bounds write. 2019-01-11
CVE-2017-1000253: kernel: load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary. 2019-01-11
CVE-2017-16533: Local denial of service vulnerability. 2019-01-11
CVE-2017-1000111: Linux kernel packet_set_ring() race condition lets local users obtain root privileges. 2019-01-11
CVE-2017-1000407: Linux kernel >= 2.6.32 DoS by flooding diagnostic port 0x80 (Intel x86). 2019-01-11
CVE-2017-15274: Local denial of service vulnerability. 2019-01-11
CVE-2017-16531: Local denial of service vulnerability. 2019-01-11
CVE-2017-16526: Invalid pointer dereference results in DOS by local user. 2019-01-11
CVE-2017-16994: kernel:mm/pagewalk.c:walk_hugetlb_range function mishandles holes in hugetlb ranges causing information leak. 2019-01-11
CVE-2017-12192: kernel: NULL pointer dereference due to KEYCTL_READ on negative key. 2019-01-11
CVE-2010-5328: Potential DOS attack within the Linux kernel. 2019-01-10
Performing a port scan with Nessus against a SteelFusion Edge triggers a false alarm suggesting there is a problem with Edge HA connectivity, even though the two nodes remain connected. 2018-12-13
OpenSSH before 7.4 has security vulnerabilities: CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, and CVE-2016-10012. 2018-11-28
CVE-2017-9077: kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance. 2018-11-12
CVE-2017-16939 : The XFRM dump policy implementation allowed local users to gain privileges or cause a denial of service 2018-10-08
CVE-2013-2094 : Linux kernel before 3.8.9 incorrect integer data type local privilege escalation 2018-10-08
The nginx proxy server has a security vulnerability CVE-2016-4450: NULL pointer de-reference while writing to client request body. 2018-09-03
CVE-2017-18203: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service. 2018-08-23
CVE-2017-9242: Potential local user denial of service attack. 2018-08-15
CVE-2017-0605: Linux kernel trace privilege elevation. 2018-08-15