Vulnerabilities (CVE)

Filtered by vendor F5 Subscribe
Total 833 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-2975 1 F5 1 Application Security Manager Appliance 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the traffic overview page on the F5 ASM appliance 10.0.0 through 11.2.0 HF2 allows remote attackers to inject arbitrary web script or HTML via crafted requests that are later listed on a summary page.
CVE-2012-2089 2 F5, Fedoraproject 2 Nginx, Fedora 2024-11-21 6.8 MEDIUM N/A
Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
CVE-2012-2053 1 F5 1 Firepass 2024-11-21 7.2 HIGH N/A
The sudoers file in the Linux system configuration in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 does not require a password for executing commands as root, which allows local users to gain privileges via the sudo program, as demonstrated by the user account that executes PHP scripts, a different vulnerability than CVE-2012-1777.
CVE-2012-1777 1 F5 1 Firepass 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter.
CVE-2012-1493 1 F5 25 Big-ip 1000, Big-ip 11000, Big-ip 11050 and 22 more 2024-11-21 7.8 HIGH N/A
F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option.
CVE-2012-1180 3 Debian, F5, Fedoraproject 3 Debian Linux, Nginx, Fedora 2024-11-21 5.0 MEDIUM N/A
Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
CVE-2011-4968 2 Debian, F5 2 Debian Linux, Nginx 2024-11-21 5.8 MEDIUM 4.8 MEDIUM
nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)
CVE-2011-4963 2 F5, Microsoft 2 Nginx, Windows 2024-11-21 5.0 MEDIUM N/A
nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
CVE-2011-4315 3 F5, Fedoraproject, Suse 5 Nginx, Fedora, Studio and 2 more 2024-11-21 6.8 MEDIUM N/A
Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
CVE-2011-3188 3 F5, Linux, Redhat 15 Arx, Big-ip Access Policy Manager, Big-ip Analytics and 12 more 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets.
CVE-2010-4180 7 Canonical, Debian, F5 and 4 more 9 Ubuntu Linux, Debian Linux, Nginx and 6 more 2024-11-21 4.3 MEDIUM N/A
OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
CVE-2010-2266 1 F5 1 Nginx 2024-11-21 5.0 MEDIUM N/A
nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
CVE-2010-2263 2 F5, Microsoft 2 Nginx, Windows 2024-11-21 5.0 MEDIUM N/A
nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
CVE-2009-4487 1 F5 1 Nginx 2024-11-21 6.8 MEDIUM N/A
nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
CVE-2009-4420 1 F5 3 Big-ip Application Security Manager, Big-ip Protocol Security Manager, Big-ip Protocol Security Module 2024-11-21 7.8 HIGH N/A
Buffer overflow in the bd daemon in F5 Networks BIG-IP Application Security Manager (ASM) 9.4.4 through 9.4.7 and 10.0.0 through 10.0.1, and Protocol Security Manager (PSM) 9.4.5 through 9.4.7 and 10.0.0 through 10.0.1, allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: some of these details are obtained from third party information.
CVE-2009-3898 2 F5, Nginx 2 Nginx, Nginx 2024-11-21 4.9 MEDIUM N/A
Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
CVE-2009-3896 2 F5, Nginx 2 Nginx, Nginx 2024-11-21 5.0 MEDIUM N/A
src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
CVE-2009-3555 8 Apache, Canonical, Debian and 5 more 8 Http Server, Ubuntu Linux, Debian Linux and 5 more 2024-11-21 5.8 MEDIUM N/A
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
CVE-2009-2629 3 Debian, F5, Fedoraproject 3 Debian Linux, Nginx, Fedora 2024-11-21 7.5 HIGH N/A
Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
CVE-2009-2119 1 F5 1 Firepass Ssl Vpn 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the login interface (my.logon.php3) in F5 FirePass SSL VPN 5.5 through 5.5.2 and 6.0 through 6.0.3 allows remote attackers to inject arbitrary web script or HTML via a base64-encoded xcho parameter.