Vulnerabilities > F5 > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-07-09 | CVE-2012-1493 | Credentials Management vulnerability in F5 products F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option. | 7.8 |
2012-04-05 | CVE-2012-2053 | Permissions, Privileges, and Access Controls vulnerability in F5 Firepass 6.0/6.1.0/7.0.0 The sudoers file in the Linux system configuration in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 does not require a password for executing commands as root, which allows local users to gain privileges via the sudo program, as demonstrated by the user account that executes PHP scripts, a different vulnerability than CVE-2012-1777. | 7.2 |
2012-04-05 | CVE-2012-1777 | SQL Injection vulnerability in F5 Firepass 6.0/6.1.0/7.0.0 SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter. | 7.5 |
2009-12-24 | CVE-2009-4420 | Buffer Errors vulnerability in F5 products Buffer overflow in the bd daemon in F5 Networks BIG-IP Application Security Manager (ASM) 9.4.4 through 9.4.7 and 10.0.0 through 10.0.1, and Protocol Security Manager (PSM) 9.4.5 through 9.4.7 and 10.0.0 through 10.0.1, allows remote attackers to cause a denial of service (crash) via unknown vectors. | 7.8 |
2009-09-15 | CVE-2009-2629 | Out-of-bounds Write vulnerability in multiple products Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests. | 7.5 |
2008-07-11 | CVE-2008-3149 | Path Traversal vulnerability in F5 Firepass 1200 6.0.2 The SNMP daemon in the F5 FirePass 1200 6.0.2 hotfix 3 allows remote attackers to cause a denial of service (daemon crash) by walking the hrSWInstalled OID branch in HOST-RESOURCES-MIB. | 7.8 |
2008-02-19 | CVE-2007-6258 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header. | 7.5 |
2007-06-06 | CVE-2007-3097 | Remote Command Injection vulnerability in F5 FirePass 4100 SSL VPN My.Activiation.PHP3 my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote attackers to execute arbitrary shell commands via shell metacharacters in the username parameter. | 7.5 |
2007-01-12 | CVE-2007-0187 | Input Validation vulnerability in F5 Firepass F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via (1) a trailing null byte, (2) multiple leading slashes, (3) Unicode encoding, (4) URL-encoded directory traversal or same-directory characters, or (5) upper case letters in the domain name. | 7.5 |
2005-07-12 | CVE-2005-2245 | SSL Authentication Bypass vulnerability in F5 BIG-IP Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers to "subvert the authentication of SSL transactions," via unknown attack vectors, possibly involving NATIVE ciphers. | 7.5 |