Filtered by vendor F5
Subscribe
Total
823 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0133 | 2 F5, Opensuse | 2 Nginx, Opensuse | 2021-11-10 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request. | |||||
| CVE-2013-2028 | 2 F5, Fedoraproject | 2 Nginx, Fedora | 2021-11-10 | 7.5 HIGH | N/A |
| The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow. | |||||
| CVE-2014-3556 | 1 F5 | 1 Nginx | 2021-11-10 | 6.8 MEDIUM | N/A |
| The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. | |||||
| CVE-2014-3616 | 2 Debian, F5 | 2 Debian Linux, Nginx | 2021-11-10 | 4.3 MEDIUM | N/A |
| nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks. | |||||
| CVE-2011-4968 | 2 Debian, F5 | 2 Debian Linux, Nginx | 2021-11-10 | 5.8 MEDIUM | 4.8 MEDIUM |
| nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM) | |||||
| CVE-2013-0337 | 1 F5 | 1 Nginx | 2021-11-10 | 7.5 HIGH | N/A |
| The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files. | |||||
| CVE-2011-4963 | 2 F5, Microsoft | 2 Nginx, Windows | 2021-11-10 | 5.0 MEDIUM | N/A |
| nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request. | |||||
| CVE-2012-1180 | 3 Debian, F5, Fedoraproject | 3 Debian Linux, Nginx, Fedora | 2021-11-10 | 5.0 MEDIUM | N/A |
| Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. | |||||
| CVE-2012-2089 | 2 F5, Fedoraproject | 2 Nginx, Fedora | 2021-11-10 | 6.8 MEDIUM | N/A |
| Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file. | |||||
| CVE-2011-4315 | 3 F5, Fedoraproject, Suse | 5 Nginx, Fedora, Studio and 2 more | 2021-11-10 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. | |||||
| CVE-2009-3898 | 2 F5, Nginx | 2 Nginx, Nginx | 2021-11-10 | 4.9 MEDIUM | N/A |
| Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method. | |||||
| CVE-2009-3896 | 2 F5, Nginx | 2 Nginx, Nginx | 2021-11-10 | 5.0 MEDIUM | N/A |
| src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI. | |||||
| CVE-2009-2629 | 3 Debian, F5, Fedoraproject | 3 Debian Linux, Nginx, Fedora | 2021-11-10 | 7.5 HIGH | N/A |
| Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests. | |||||
| CVE-2010-2263 | 2 F5, Microsoft | 2 Nginx, Windows | 2021-11-10 | 5.0 MEDIUM | N/A |
| nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI. | |||||
| CVE-2010-2266 | 1 F5 | 1 Nginx | 2021-11-10 | 5.0 MEDIUM | N/A |
| nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence. | |||||
| CVE-2009-4487 | 1 F5 | 1 Nginx | 2021-11-10 | 6.8 MEDIUM | N/A |
| nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. | |||||
| CVE-2021-23054 | 1 F5 | 1 Big-ip Access Policy Manager | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| On version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-23031 | 1 F5 | 2 Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager | 2021-09-30 | 6.5 MEDIUM | 9.9 CRITICAL |
| On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, an authenticated user may perform a privilege escalation on the BIG-IP Advanced WAF and ASM Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-23026 | 1 F5 | 15 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 12 more | 2021-09-29 | 6.8 MEDIUM | 8.8 HIGH |
| BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x and all versions of BIG-IQ 8.x, 7.x, and 6.x are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-23030 | 1 F5 | 2 Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager | 2021-09-29 | 5.0 MEDIUM | 7.5 HIGH |
| On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||