Filtered by vendor F5
Subscriptions
Total
840 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-2028 | 2 F5, Fedoraproject | 2 Nginx, Fedora | 2024-11-21 | N/A |
| The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow. | ||||
| CVE-2013-0337 | 1 F5 | 1 Nginx | 2024-11-21 | N/A |
| The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files. | ||||
| CVE-2013-0150 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | N/A |
| Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned," allows remote attackers to upload and execute arbitrary files via a .. (dot dot) in the filename parameter. | ||||
| CVE-2012-3163 | 6 Canonical, Debian, F5 and 3 more | 22 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 19 more | 2024-11-21 | N/A |
| Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema. | ||||
| CVE-2012-3000 | 1 F5 | 10 Big-ip Access Policy Manager, Big-ip Analytics, Big-ip Application Security Manager and 7 more | 2024-11-21 | N/A |
| Multiple SQL injection vulnerabilities in sam/admin/reports/php/saveSettings.php in the (1) APM WebGUI in F5 BIG-IP LTM, GTM, ASM, Link Controller, PSM, APM, Edge Gateway, and Analytics and (2) AVR WebGUI in WebAccelerator and WOM 11.2.x before 11.2.0-HF3 and 11.2.x before 11.2.1-HF3 allow remote authenticated users to execute arbitrary SQL commands via the defaultQuery parameter. | ||||
| CVE-2012-2997 | 1 F5 | 1 Big-ip Configuration Utility | 2024-11-21 | N/A |
| XML External Entity (XXE) vulnerability in sam/admin/vpe2/public/php/server.php in F5 BIG-IP 10.0.0 through 10.2.4 and 11.0.0 through 11.2.1 allows remote authenticated users to read arbitrary files via a crafted XML file. | ||||
| CVE-2012-2975 | 1 F5 | 1 Application Security Manager Appliance | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the traffic overview page on the F5 ASM appliance 10.0.0 through 11.2.0 HF2 allows remote attackers to inject arbitrary web script or HTML via crafted requests that are later listed on a summary page. | ||||
| CVE-2012-2089 | 2 F5, Fedoraproject | 2 Nginx, Fedora | 2024-11-21 | N/A |
| Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file. | ||||
| CVE-2012-2053 | 1 F5 | 1 Firepass | 2024-11-21 | N/A |
| The sudoers file in the Linux system configuration in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 does not require a password for executing commands as root, which allows local users to gain privileges via the sudo program, as demonstrated by the user account that executes PHP scripts, a different vulnerability than CVE-2012-1777. | ||||
| CVE-2012-1777 | 1 F5 | 1 Firepass | 2024-11-21 | N/A |
| SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter. | ||||
| CVE-2012-1493 | 1 F5 | 25 Big-ip 1000, Big-ip 11000, Big-ip 11050 and 22 more | 2024-11-21 | N/A |
| F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option. | ||||
| CVE-2012-1180 | 3 Debian, F5, Fedoraproject | 3 Debian Linux, Nginx, Fedora | 2024-11-21 | N/A |
| Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. | ||||
| CVE-2011-4968 | 2 Debian, F5 | 2 Debian Linux, Nginx | 2024-11-21 | 4.8 Medium |
| nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM) | ||||
| CVE-2011-4963 | 2 F5, Microsoft | 2 Nginx, Windows | 2024-11-21 | N/A |
| nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request. | ||||
| CVE-2011-4315 | 3 F5, Fedoraproject, Suse | 5 Nginx, Fedora, Studio and 2 more | 2024-11-21 | N/A |
| Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. | ||||
| CVE-2011-3188 | 3 F5, Linux, Redhat | 17 Arx, Big-ip Access Policy Manager, Big-ip Analytics and 14 more | 2024-11-21 | 9.1 Critical |
| The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets. | ||||
| CVE-2010-4180 | 8 Canonical, Debian, F5 and 5 more | 11 Ubuntu Linux, Debian Linux, Nginx and 8 more | 2024-11-21 | N/A |
| OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. | ||||
| CVE-2010-2266 | 1 F5 | 1 Nginx | 2024-11-21 | N/A |
| nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence. | ||||
| CVE-2010-2263 | 2 F5, Microsoft | 2 Nginx, Windows | 2024-11-21 | N/A |
| nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI. | ||||
| CVE-2009-4487 | 1 F5 | 1 Nginx | 2024-11-21 | N/A |
| nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. | ||||