Vulnerabilities > F5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-09-11 | CVE-2012-2975 | Cross-Site Scripting vulnerability in F5 Application Security Manager Appliance 10.0.0/11.2.0 Cross-site scripting (XSS) vulnerability in the traffic overview page on the F5 ASM appliance 10.0.0 through 11.2.0 HF2 allows remote attackers to inject arbitrary web script or HTML via crafted requests that are later listed on a summary page. | 4.3 |
| 2012-07-26 | CVE-2011-4963 | Unspecified vulnerability in F5 Nginx nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . | 5.0 |
| 2012-07-09 | CVE-2012-1493 | Credentials Management vulnerability in F5 products F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option. | 7.8 |
| 2012-05-24 | CVE-2011-3188 | The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets. | 9.1 |
| 2012-04-17 | CVE-2012-2089 | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file. | 6.8 |
| 2012-04-17 | CVE-2012-1180 | Use After Free vulnerability in multiple products Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. | 5.0 |
| 2012-04-05 | CVE-2012-2053 | Permissions, Privileges, and Access Controls vulnerability in F5 Firepass 6.0/6.1.0/7.0.0 The sudoers file in the Linux system configuration in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 does not require a password for executing commands as root, which allows local users to gain privileges via the sudo program, as demonstrated by the user account that executes PHP scripts, a different vulnerability than CVE-2012-1777. | 7.2 |
| 2012-04-05 | CVE-2012-1777 | SQL Injection vulnerability in F5 Firepass 6.0/6.1.0/7.0.0 SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter. | 7.5 |
| 2011-12-08 | CVE-2011-4315 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. | 6.8 |
| 2010-12-06 | CVE-2010-4180 | OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. | 4.3 |