ReportizFlow
Filtered by vendor F5
Subscriptions
Total
964 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-4963 | 2 F5, Microsoft | 2 Nginx, Windows | 2025-04-11 | N/A |
| nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request. | ||||
| CVE-2012-3163 | 6 Canonical, Debian, F5 and 3 more | 22 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 19 more | 2025-04-11 | N/A |
| Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema. | ||||
| CVE-2010-4180 | 8 Canonical, Debian, F5 and 5 more | 11 Ubuntu Linux, Debian Linux, Nginx and 8 more | 2025-04-11 | N/A |
| OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. | ||||
| CVE-2013-6024 | 1 F5 | 3 Big-ip Access Policy Manager, Big-ip Edge Gateway, Firepass | 2025-04-11 | N/A |
| The Edge Client components in F5 BIG-IP APM 10.x, 11.x, 12.x, 13.x, and 14.x, BIG-IP Edge Gateway 10.x and 11.x, and FirePass 7.0.0 allow attackers to obtain sensitive information from process memory via unspecified vectors. | ||||
| CVE-2013-5975 | 1 F5 | 1 Big-ip Access Policy Manager | 2025-04-11 | N/A |
| The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 through 11.2.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | ||||
| CVE-2012-2975 | 1 F5 | 1 Application Security Manager Appliance | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the traffic overview page on the F5 ASM appliance 10.0.0 through 11.2.0 HF2 allows remote attackers to inject arbitrary web script or HTML via crafted requests that are later listed on a summary page. | ||||
| CVE-2011-4315 | 3 F5, Fedoraproject, Suse | 5 Nginx, Fedora, Studio and 2 more | 2025-04-11 | N/A |
| Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. | ||||
| CVE-2013-2070 | 2 Debian, F5 | 2 Debian Linux, Nginx | 2025-04-11 | N/A |
| http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028. | ||||
| CVE-2010-2263 | 2 F5, Microsoft | 2 Nginx, Windows | 2025-04-11 | N/A |
| nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI. | ||||
| CVE-2013-4547 | 3 F5, Opensuse, Suse | 5 Nginx, Opensuse, Lifecycle Management Server and 2 more | 2025-04-11 | N/A |
| nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. | ||||
| CVE-2013-6016 | 1 F5 | 9 Big-ip Access Policy Manager, Big-ip Application Security Manager, Big-ip Edge Gateway and 6 more | 2025-04-11 | N/A |
| The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, APM, ASM, Edge Gateway, GTM, Link Controller, and WOM 10.0.0 through 10.2.2 and 11.0.0; Analytics 11.0.0; PSM 9.4.0 through 9.4.8, 10.0.0 through 10.2.4, and 11.0.0 through 11.4.1; and WebAccelerator 9.4.0 through 9.4.8, 10.0.0 through 10.2.4, and 11.0.0 through 11.3.0 might change a TCP connection to the ESTABLISHED state before receiving the ACK packet, which allows remote attackers to cause a denial of service (SIGFPE or assertion failure and TMM restart) via unspecified vectors. | ||||
| CVE-2010-2266 | 1 F5 | 1 Nginx | 2025-04-11 | N/A |
| nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence. | ||||
| CVE-2012-1777 | 1 F5 | 1 Firepass | 2025-04-11 | N/A |
| SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter. | ||||
| CVE-2013-0337 | 1 F5 | 1 Nginx | 2025-04-11 | N/A |
| The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files. | ||||
| CVE-2013-5976 | 1 F5 | 1 Big-ip Access Policy Manager | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the access policy logout page (logout.inc) in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.1.0 through 11.3.0 allows remote attackers to inject arbitrary web script or HTML via the LastMRH_Session cookie. | ||||
| CVE-2023-28724 | 1 F5 | 3 Nginx Api Connectivity Manager, Nginx Instance Manager, Nginx Security Monitoring | 2025-04-10 | 7.1 High |
| NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2007-0188 | 1 F5 | 1 Firepass | 2025-04-09 | N/A |
| F5 FirePass 5.4 through 5.5.1 does not properly enforce host access restrictions when a client uses a single integer (dword) representation of an IP address ("dotless IP address"), which allows remote authenticated users to connect to the FirePass administrator console and certain other network resources. | ||||
| CVE-2008-0539 | 1 F5 | 1 Big-ip Application Security Manager | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in dms/policy/rep_request.php in F5 BIG-IP Application Security Manager (ASM) 9.4.3 allows remote attackers to inject arbitrary web script or HTML via the report_type parameter. | ||||
| CVE-2007-3097 | 1 F5 | 1 Firepass 4100 | 2025-04-09 | N/A |
| my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote attackers to execute arbitrary shell commands via shell metacharacters in the username parameter. | ||||
| CVE-2008-2030 | 1 F5 | 2 Firepass 4100, Firepass Ssl Vpn | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 and 6.0-6.2 allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||