VIR Vulnerability Intelligence Relay

Search

Found 115 results in 23ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2013-4547 high 8.5 EXPFIX debian debiansuse suse f5susenginx 13y ago nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.
CVE-2013-0337 high 7.5 debian debian f5nginx 13y ago The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive informati…
CVE-2013-6016 high 7.8 f5 13y ago The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, APM, ASM, Edge Gateway, GTM, Link Controller, and WOM 10.0.0 through 10.2.2 and 11.0.0; Analytics 11.0.0; PSM 9.4.0 through 9.4.8, 10.0.0 th…
CVE-2013-5976 medium 4.3 f5 13y ago Cross-site scripting (XSS) vulnerability in the access policy logout page (logout.inc) in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.1.0 through 11.3.0 allows remote attackers to inject arbitrary web…
CVE-2013-5975 medium 4.3 f5 13y ago The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 through 11.2.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
CVE-2013-2070 medium 5.8 FIX slesdebian debian f5nginx 13y ago http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (c…
CVE-2013-2028 high 8.5 EXPFIX slesdebian debianfedora fedora f5nginx 13y ago The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfe…
CVE-2011-4963 medium 5.0 FIX debian debian f5nginx 14y ago nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_al…
CVE-2012-1493 high 8.8 EXP f5 14y ago F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x befor…
CVE-2012-2089 medium 6.8 FIX fedora fedoradebian debian f5nginx 14y ago Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a d…
CVE-2012-1180 medium 5.0 FIX debian debianfedora fedora f5nginx 14y ago Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjuncti…
CVE-2011-4315 medium 6.8 FIX fedora fedoradebian debian f5susenginx 15y ago Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspeci…
CVE-2010-4180 medium 4.3 FIX suse susedebian debianubuntu ubuntu opensslf5nginx 16y ago OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows r…
CVE-2010-2266 medium 6.0 EXPFIX debian debian f5nginx 16y ago nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequen…
CVE-2010-2263 medium 6.0 EXPFIX debian debian f5nginx 16y ago nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending :…