Filtered by vendor F5
Subscribe
Total
823 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5867 | 2 F5, Netapp | 2 Nginx Controller, Cloud Backup | 2022-04-26 | 6.8 MEDIUM | 8.1 HIGH |
| In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages | |||||
| CVE-2020-5865 | 2 F5, Netapp | 2 Nginx Controller, Cloud Backup | 2022-04-26 | 5.8 MEDIUM | 4.8 MEDIUM |
| In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle (MiTM) attacks. | |||||
| CVE-2020-5863 | 2 F5, Netapp | 2 Nginx Controller, Cloud Backup | 2022-04-22 | 7.5 HIGH | 8.6 HIGH |
| In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system. | |||||
| CVE-2018-5546 | 3 Apple, F5, Linux | 4 Macos, Big-ip Access Policy Manager, Big-ip Access Policy Manager Client and 1 more | 2022-04-18 | 7.2 HIGH | 7.8 HIGH |
| The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or assume super-user privileges on the local client host. | |||||
| CVE-2020-24348 | 1 F5 | 1 Njs | 2022-04-15 | 2.1 LOW | 5.5 MEDIUM |
| njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c. | |||||
| CVE-2020-24347 | 1 F5 | 1 Njs | 2022-04-15 | 2.1 LOW | 5.5 MEDIUM |
| njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c. | |||||
| CVE-2020-24346 | 1 F5 | 1 Njs | 2022-04-15 | 6.8 MEDIUM | 7.8 HIGH |
| njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c. | |||||
| CVE-2019-20372 | 5 Apple, Canonical, F5 and 2 more | 5 Xcode, Ubuntu Linux, Nginx and 2 more | 2022-04-06 | 4.3 MEDIUM | 5.3 MEDIUM |
| NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer. | |||||
| CVE-2022-25139 | 1 F5 | 1 Njs | 2022-03-24 | 7.5 HIGH | 9.8 CRITICAL |
| njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled. | |||||
| CVE-2021-46462 | 1 F5 | 1 Njs | 2022-03-24 | 5.0 MEDIUM | 7.5 HIGH |
| njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njs_object_set_prototype in /src/njs_object.c. | |||||
| CVE-2021-46463 | 1 F5 | 1 Njs | 2022-03-24 | 7.5 HIGH | 9.8 CRITICAL |
| njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then(). | |||||
| CVE-2019-13617 | 1 F5 | 1 Njs | 2022-03-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an njs_parser_lexer_error call and then an njs_parser_scope_error call. | |||||
| CVE-2019-13067 | 1 F5 | 1 Njs | 2022-03-24 | 7.5 HIGH | 9.8 CRITICAL |
| njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for CVE-2019-12207 is in place. | |||||
| CVE-2019-12208 | 1 F5 | 1 Njs | 2022-03-24 | 7.5 HIGH | 9.8 CRITICAL |
| njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c. | |||||
| CVE-2019-12207 | 1 F5 | 1 Njs | 2022-03-24 | 7.5 HIGH | 9.8 CRITICAL |
| njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. | |||||
| CVE-2019-12206 | 1 F5 | 1 Njs | 2022-03-24 | 7.5 HIGH | 9.8 CRITICAL |
| njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c. | |||||
| CVE-2019-11839 | 1 F5 | 1 Njs | 2022-03-24 | 7.5 HIGH | 9.8 CRITICAL |
| njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njs_array_prototype_push in njs/njs_array.c, because of njs_array_expand size mishandling. | |||||
| CVE-2019-11838 | 1 F5 | 1 Njs | 2022-03-24 | 7.5 HIGH | 9.8 CRITICAL |
| njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_prototype_splice in njs/njs_array.c, because of njs_array_expand size mishandling. | |||||
| CVE-2019-11837 | 1 F5 | 1 Njs | 2022-03-24 | 5.0 MEDIUM | 7.5 HIGH |
| njs through 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative arguments, related to nxt_utf8_next in nxt/nxt_utf8.h and njs_string_offset in njs/njs_string.c. | |||||
| CVE-2018-16845 | 5 Apple, Canonical, Debian and 2 more | 5 Xcode, Ubuntu Linux, Debian Linux and 2 more | 2022-02-22 | 5.8 MEDIUM | 6.1 MEDIUM |
| nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module. | |||||