Lucene search

K

F5 Security Vulnerabilities

cve
cve

CVE-2014-6032

Multiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, ASM, GTM, and Link Controller 11.0 through 11.6.0 and 10.0.0 through 10.2.4, AAM 11.4.0 through 11.6.0, ARM 11.3.0 through 11.6.0, Analytics 11.0.0 through 11.6.0, APM and Edge Gateway 11.0.0 through.....

6.7AI Score

0.008EPSS

2014-11-01 11:55 PM
27
cve
cve

CVE-2014-4023

Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.jsp in the Configuration utility in F5 BIG-IP LTM, APM, ASM, GTM, and Link Controller 11.0.0 before 11.6.0 and 10.1.0 through 10.2.4, AAM 11.4.0 before 11.6.0, AFM and PEM 11.3.0 before 11.6.0, Analytics 11.0.0 through 11.5.1, Edge...

5.7AI Score

0.002EPSS

2014-10-28 02:55 PM
25
cve
cve

CVE-2014-2927

The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require authentication, which allows...

6.6AI Score

0.099EPSS

2014-10-15 02:55 PM
32
cve
cve

CVE-2014-2949

SQL injection vulnerability in the web service in F5 ARX Data Manager 3.0.0 through 3.1.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified...

8AI Score

0.003EPSS

2014-06-18 04:55 PM
20
cve
cve

CVE-2014-3468

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1...

5.8AI Score

0.007EPSS

2014-06-05 08:55 PM
57
cve
cve

CVE-2014-3467

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1...

6AI Score

0.02EPSS

2014-06-05 08:55 PM
61
cve
cve

CVE-2014-3959

Cross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link Controller 11.2.1 through 11.5.1, AAM 11.4.0 through 11.5.1 PEM 11.3.0 through 11.5.1, PSM 11.2.1 through 11.4.1, WebAccelerator and WOM 11.2.1 through...

5.8AI Score

0.002EPSS

2014-06-03 02:55 PM
22
cve
cve

CVE-2014-2928

The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 10.1.0 through...

7.5AI Score

0.624EPSS

2014-05-12 02:55 PM
33
cve
cve

CVE-2014-3220

F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in...

6.5AI Score

0.013EPSS

2014-05-05 05:06 PM
22
cve
cve

CVE-2014-0088

The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted...

7.5AI Score

0.015EPSS

2014-04-29 02:38 PM
60
cve
cve

CVE-2014-0133

Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted...

9.5AI Score

0.037EPSS

2014-03-28 03:55 PM
304
cve
cve

CVE-2013-6024

The Edge Client components in F5 BIG-IP APM 10.x, 11.x, 12.x, 13.x, and 14.x, BIG-IP Edge Gateway 10.x and 11.x, and FirePass 7.0.0 allow attackers to obtain sensitive information from process memory via unspecified...

6AI Score

0.001EPSS

2014-02-10 06:15 PM
25
cve
cve

CVE-2012-3000

Multiple SQL injection vulnerabilities in sam/admin/reports/php/saveSettings.php in the (1) APM WebGUI in F5 BIG-IP LTM, GTM, ASM, Link Controller, PSM, APM, Edge Gateway, and Analytics and (2) AVR WebGUI in WebAccelerator and WOM 11.2.x before 11.2.0-HF3 and 11.2.x before 11.2.1-HF3 allow remote.....

8.1AI Score

0.003EPSS

2014-01-30 03:06 PM
23
cve
cve

CVE-2012-2997

XML External Entity (XXE) vulnerability in sam/admin/vpe2/public/php/server.php in F5 BIG-IP 10.0.0 through 10.2.4 and 11.0.0 through 11.2.1 allows remote authenticated users to read arbitrary files via a crafted XML...

6.2AI Score

0.015EPSS

2014-01-21 06:55 PM
18
cve
cve

CVE-2013-4547

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a...

9.2AI Score

0.954EPSS

2013-11-23 06:55 PM
360
cve
cve

CVE-2013-0337

The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the...

5.7AI Score

0.002EPSS

2013-10-27 12:55 AM
195
cve
cve

CVE-2013-6016

The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, APM, ASM, Edge Gateway, GTM, Link Controller, and WOM 10.0.0 through 10.2.2 and 11.0.0; Analytics 11.0.0; PSM 9.4.0 through 9.4.8, 10.0.0 through 10.2.4, and 11.0.0 through 11.4.1; and WebAccelerator 9.4.0 through 9.4.8, 10.0.0 through...

6.8AI Score

0.011EPSS

2013-10-26 05:55 PM
20
cve
cve

CVE-2013-5975

The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 through 11.2.1 allows remote attackers to conduct clickjacking attacks via unspecified...

6.8AI Score

0.003EPSS

2013-10-01 08:55 PM
17
cve
cve

CVE-2013-5976

Cross-site scripting (XSS) vulnerability in the access policy logout page (logout.inc) in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.1.0 through 11.3.0 allows remote attackers to inject arbitrary web script or HTML via the LastMRH_Session...

5.9AI Score

0.002EPSS

2013-10-01 08:55 PM
21
4
cve
cve

CVE-2013-2070

http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a...

6.2AI Score

0.152EPSS

2013-07-20 03:37 AM
478
cve
cve

CVE-2013-2028

The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a...

7.5AI Score

0.152EPSS

2013-07-20 03:37 AM
171
2
cve
cve

CVE-2012-3163

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information...

4.2AI Score

0.002EPSS

2012-10-17 12:55 AM
164
cve
cve

CVE-2012-1180

Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client...

5.7AI Score

0.002EPSS

2012-04-17 09:55 PM
57
cve
cve

CVE-2012-2089

Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4...

7.9AI Score

0.024EPSS

2012-04-17 09:55 PM
47
cve
cve

CVE-2012-1777

SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state...

8.4AI Score

0.006EPSS

2012-04-05 02:55 PM
25
cve
cve

CVE-2012-2053

The sudoers file in the Linux system configuration in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 does not require a password for executing commands as root, which allows local users to gain privileges via the sudo program, as demonstrated by the user account that executes PHP scripts, a different...

7AI Score

0.006EPSS

2012-04-05 02:55 PM
25
cve
cve

CVE-2011-4315

Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long...

7.6AI Score

0.006EPSS

2011-12-08 08:55 PM
58
cve
cve

CVE-2010-4180

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing...

6.6AI Score

0.002EPSS

2010-12-06 09:05 PM
83
4
cve
cve

CVE-2010-2266

nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0."...

7.2AI Score

0.005EPSS

2010-06-15 02:04 PM
45
cve
cve

CVE-2010-2263

nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the...

7AI Score

0.027EPSS

2010-06-15 02:04 PM
38
cve
cve

CVE-2009-4487

nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal...

7.7AI Score

0.007EPSS

2010-01-13 08:30 PM
96
cve
cve

CVE-2009-4420

Buffer overflow in the bd daemon in F5 Networks BIG-IP Application Security Manager (ASM) 9.4.4 through 9.4.7 and 10.0.0 through 10.0.1, and Protocol Security Manager (PSM) 9.4.5 through 9.4.7 and 10.0.0 through 10.0.1, allows remote attackers to cause a denial of service (crash) via unknown...

6.9AI Score

0.038EPSS

2009-12-24 05:30 PM
36
cve
cve

CVE-2009-3898

Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE....

6.1AI Score

0.004EPSS

2009-11-24 05:30 PM
64
cve
cve

CVE-2009-3896

src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long...

6.1AI Score

0.086EPSS

2009-11-24 05:30 PM
73
cve
cve

CVE-2009-2629

Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP...

7.3AI Score

0.938EPSS

2009-09-15 10:30 PM
200
cve
cve

CVE-2008-7032

Web Management Console Cross-site request forgery (CSRF) vulnerability in the web management console in F5 BIG-IP 9.4.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrators and execute shell commands, as demonstrated using...

7.4AI Score

0.023EPSS

2009-08-24 10:30 AM
19
cve
cve

CVE-2009-2119

Cross-site scripting (XSS) vulnerability in the login interface (my.logon.php3) in F5 FirePass SSL VPN 5.5 through 5.5.2 and 6.0 through 6.0.3 allows remote attackers to inject arbitrary web script or HTML via a base64-encoded xcho...

5.8AI Score

0.003EPSS

2009-06-18 09:30 PM
23
cve
cve

CVE-2008-6474

The management interface in F5 BIG-IP 9.4.3 allows remote authenticated users with Resource Manager privileges to inject arbitrary Perl code via unspecified configuration settings related to Perl EP3 with templates, probably triggering static code...

7AI Score

0.003EPSS

2009-03-16 04:30 PM
22
2
cve
cve

CVE-2008-3149

The SNMP daemon in the F5 FirePass 1200 6.0.2 hotfix 3 allows remote attackers to cause a denial of service (daemon crash) by walking the hrSWInstalled OID branch in...

6.6AI Score

0.013EPSS

2008-07-11 07:41 PM
18
cve
cve

CVE-2008-2637

Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the sql_matchscope...

5.9AI Score

0.005EPSS

2008-06-10 12:32 AM
22
cve
cve

CVE-2008-2030

Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 and 6.0-6.2 allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: the provenance of this information is unknown; the details are obtained solely from third...

5.6AI Score

0.002EPSS

2008-04-30 04:17 PM
17
cve
cve

CVE-2008-1503

Cross-site scripting (XSS) vulnerability in the web management interface in F5 BIG-IP 9.4.3 allows remote attackers to inject arbitrary web script or HTML via (1) the name of a node object, or the (2) sysContact or (3) sysLocation SNMP configuration field, aka "Audit Log XSS." NOTE: these issues...

6AI Score

0.002EPSS

2008-03-25 07:44 PM
26
cve
cve

CVE-2007-6704

Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2)...

5.8AI Score

0.008EPSS

2008-03-05 11:44 PM
34
4
cve
cve

CVE-2007-6258

Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host...

7.7AI Score

0.159EPSS

2008-02-19 12:00 AM
20
cve
cve

CVE-2008-0265

Multiple cross-site scripting (XSS) vulnerabilities in the Search function in the web management interface in F5 BIG-IP 9.4.3 allow remote attackers to inject arbitrary web script or HTML via the SearchString parameter to (1) list_system.jsp, (2) list_pktfilter.jsp, (3) list_ltm.jsp, (4)...

5.7AI Score

0.005EPSS

2008-01-15 08:00 PM
23
cve
cve

CVE-2007-5979

Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 Firepass 4100 SSL VPN 5.4 through 5.5.2 and 6.0 through 6.0.1 allows remote attackers to inject arbitrary web script or HTML via the backurl...

5.7AI Score

0.006EPSS

2007-11-15 12:46 AM
20
cve
cve

CVE-2007-3097

my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote attackers to execute arbitrary shell commands via shell metacharacters in the username...

7.6AI Score

0.02EPSS

2007-06-06 10:30 PM
35
cve
cve

CVE-2007-0195

my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to confirm the validity of an LDAP...

6.7AI Score

0.009EPSS

2007-01-12 05:04 AM
21
cve
cve

CVE-2007-0187

F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via (1) a trailing null byte, (2) multiple leading slashes, (3) Unicode encoding, (4) URL-encoded directory traversal or same-directory characters, or (5) upper case letters in the domain...

6.7AI Score

0.017EPSS

2007-01-12 05:04 AM
21
cve
cve

CVE-2007-0186

Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN allow remote attackers to inject arbitrary web script or HTML via (1) the xcho parameter to my.logon.php3; the (2) topblue, (3) midblue, (4) wtopblue, and certain other Custom color parameters in a per action to...

5.7AI Score

0.047EPSS

2007-01-12 05:04 AM
28
Total number of security vulnerabilities858