Filtered by vendor F5
Subscriptions
Total
846 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2008-0265 | 1 F5 | 1 Tmos | 2024-11-21 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Search function in the web management interface in F5 BIG-IP 9.4.3 allow remote attackers to inject arbitrary web script or HTML via the SearchString parameter to (1) list_system.jsp, (2) list_pktfilter.jsp, (3) list_ltm.jsp, (4) resources_audit.jsp, and (5) list_asm.jsp in tmui/Control/jspmap/tmui/system/log/; and (6) list.jsp in certain directories. | ||||
CVE-2007-6704 | 1 F5 | 1 Firepass 4100 | 2024-11-21 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3. | ||||
CVE-2007-6258 | 2 Apache, F5 | 2 Mod Jk, Big-ip | 2024-11-21 | N/A |
Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header. | ||||
CVE-2007-5979 | 1 F5 | 1 Firepass 4100 | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 Firepass 4100 SSL VPN 5.4 through 5.5.2 and 6.0 through 6.0.1 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter. | ||||
CVE-2007-3097 | 1 F5 | 1 Firepass 4100 | 2024-11-21 | N/A |
my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote attackers to execute arbitrary shell commands via shell metacharacters in the username parameter. | ||||
CVE-2007-0195 | 1 F5 | 1 Firepass | 2024-11-21 | N/A |
my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to confirm the validity of an LDAP account. | ||||
CVE-2007-0188 | 1 F5 | 1 Firepass | 2024-11-21 | N/A |
F5 FirePass 5.4 through 5.5.1 does not properly enforce host access restrictions when a client uses a single integer (dword) representation of an IP address ("dotless IP address"), which allows remote authenticated users to connect to the FirePass administrator console and certain other network resources. | ||||
CVE-2007-0187 | 1 F5 | 1 Firepass | 2024-11-21 | N/A |
F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via (1) a trailing null byte, (2) multiple leading slashes, (3) Unicode encoding, (4) URL-encoded directory traversal or same-directory characters, or (5) upper case letters in the domain name. | ||||
CVE-2007-0186 | 1 F5 | 1 Firepass 4100 | 2024-11-21 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN allow remote attackers to inject arbitrary web script or HTML via (1) the xcho parameter to my.logon.php3; the (2) topblue, (3) midblue, (4) wtopblue, and certain other Custom color parameters in a per action to vdesk/admincon/index.php; the (5) h321, (6) h311, (7) h312, and certain other Front Door custom text color parameters in a per action to vdesk/admincon/index.php; the (8) ua parameter in a bro action to vdesk/admincon/index.php; the (9) app_param and (10) app_name parameters to webyfiers.php; (11) double eval functions; (12) JavaScript contained in an <FP_DO_NOT_TOUCH> element; and (13) the vhost parameter to my.activation.php. NOTE: it is possible that this candidate overlaps CVE-2006-3550. | ||||
CVE-2006-5416 | 1 F5 | 1 Firepass 1000 | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in my.acctab.php3 in F5 Networks FirePass 1000 SSL VPN 5.5, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the sid parameter. | ||||
CVE-2006-3550 | 1 F5 | 1 Firepass 4100 | 2024-11-21 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in F5 Networks FirePass 4100 5.x allow remote attackers to inject arbitrary web script or HTML via unspecified "writable form fields and hidden fields," including "authentication frontends." | ||||
CVE-2006-1357 | 1 F5 | 1 Firepass 4100 | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in my.support.php3 in F5 Firepass 4100 SSL VPN 5.4.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter. | ||||
CVE-2005-2245 | 1 F5 | 1 Tmos | 2024-11-21 | N/A |
Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers to "subvert the authentication of SSL transactions," via unknown attack vectors, possibly involving NATIVE ciphers. | ||||
CVE-2005-0356 | 9 Alaxala, Cisco, F5 and 6 more | 76 Alaxala Networks, Agent Desktop, Aironet Ap1200 and 73 more | 2024-11-21 | N/A |
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. | ||||
CVE-2004-1307 | 11 Apple, Avaya, Conectiva and 8 more | 20 Mac Os X, Mac Os X Server, Call Management System Server and 17 more | 2024-11-21 | N/A |
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow. | ||||
CVE-2002-20001 | 6 Balasys, F5, Hpe and 3 more | 49 Dheater, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 46 more | 2024-11-21 | 7.5 High |
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE. | ||||
CVE-1999-1550 | 1 F5 | 1 Tmos | 2024-11-21 | N/A |
bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to read arbitrary files by specifying the target file in the "file" parameter. | ||||
CVE-2024-10318 | 1 F5 | 4 Nginx Api Connectivity Manager, Nginx Ingress Controller, Nginx Instance Manager and 1 more | 2024-11-08 | 5.4 Medium |
A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. This flaw allows an attacker to fix a victim's session to an attacker-controlled account. As a result, although the attacker cannot log in as the victim, they can force the session to associate it with the attacker-controlled account, leading to potential misuse of the victim's session. | ||||
CVE-2024-39809 | 1 F5 | 1 Big-ip Next Central Manager | 2024-08-22 | 7.5 High |
The Central Manager user session refresh token does not expire when a user logs out. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
CVE-2024-37028 | 1 F5 | 1 Big-ip Next Central Manager | 2024-08-20 | 5.3 Medium |
BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |