CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2012-2975
https://notcve.org/view.php?id=CVE-2012-2975
11 Sep 2012 — Cross-site scripting (XSS) vulnerability in the traffic overview page on the F5 ASM appliance 10.0.0 through 11.2.0 HF2 allows remote attackers to inject arbitrary web script or HTML via crafted requests that are later listed on a summary page. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la página de la información de tráfico en F5 ASM v10.0.0 hasta v11.2.0 HF2, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de solicitudes modificadas qu... • http://www.kb.cert.org/vuls/id/143395 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4963
https://notcve.org/view.php?id=CVE-2011-4963
26 Jul 2012 — nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request. nginx/Windows v1.3.x antes de v1.3.1 y v1.2.x antes de v1.2.1 permite a atacantes remotos eludir restricciones de acceso y acceder a archivos restringidos a través de (1) un . (punto) final o (2) una serie de secuencias "$index_allocation" en una solicitud. • http://english.securitylab.ru/lab/PT-2012-06 •
CVSS: 8.8EPSS: 41%CPEs: 114EXPL: 4CVE-2012-1493 – F5 BIG-IP - Authentication Bypass (PoC)
https://notcve.org/view.php?id=CVE-2012-1493
09 Jul 2012 — F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option. El dispositivo F5 BIG-IP v9.x anteriores a v9.4.8-HF5, v10.x anteriores a v10.... • https://www.exploit-db.com/exploits/19064 • CWE-255: Credentials Management Errors •
CVSS: 9.1EPSS: 1%CPEs: 26EXPL: 0CVE-2011-3188 – kernel: net: improve sequence number generation
https://notcve.org/view.php?id=CVE-2011-3188
24 May 2012 — The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets. Las implementaciones de (1) IPv4 y (2) IPv6 en el kernel de Linux antes de v3.1 utiliza una versión modificada de algoritmo MD4 para generar números de secuencia y val... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6e5714eaf77d79ae1c8b47e3e040ff5411b717ec •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2012-1180
https://notcve.org/view.php?id=CVE-2012-1180
17 Apr 2012 — Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. Una vulnerabilidad de uso después de liberación en nginx v1.0.14 y v1.1.x antes de v1.1.17 permite obtener información sensible de la memoria del proceso a servidores remotos de HTTP a través de una respuesta del backend modificada, junto con una petición de cliente. • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077966.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 12%CPEs: 5EXPL: 0CVE-2012-2089
https://notcve.org/view.php?id=CVE-2012-2089
17 Apr 2012 — Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file. Un desbordamiento de búfer en ngx_http_mp4_module.c en el módulo de ngx_http_mp4_module en nginx v1.0.7 a v1.0.14 y en v1.1.3 a v1.1.18, cuando se usa la directiva mp4, permite a atacantes remotos causar una denegación... • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079388.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2012-1777
https://notcve.org/view.php?id=CVE-2012-1777
04 Apr 2012 — SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter. Una vulnerabilidad de inyección SQL en my.activation.php3 en F5 FirePass v6.0.0 a 6.1.0 y v7.0.0 permite a atacantes remotos ejecutar comandos SQL a través del parámetro state. • http://packetstormsecurity.org/files/111276/F5-FirePass-SSL-VPN-6.x-7.x-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2012-2053
https://notcve.org/view.php?id=CVE-2012-2053
04 Apr 2012 — The sudoers file in the Linux system configuration in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 does not require a password for executing commands as root, which allows local users to gain privileges via the sudo program, as demonstrated by the user account that executes PHP scripts, a different vulnerability than CVE-2012-1777. El archivo sudoers de la configuración del sistema Linux en F5 FirePass v6.0.0 a v6.1.0 y v7.0.0 no requiere una contraseña para ejecutar comandos como root, lo que permite a usuari... • https://exchange.xforce.ibmcloud.com/vulnerabilities/74813 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2011-4315
https://notcve.org/view.php?id=CVE-2011-4315
08 Dec 2011 — Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. Desbordamiento de búfer basado en memoria dinámica en el procesamiento de compresión puntero en core/ngx_resolver.c en nginx antes de v1.0.10 permite a resolvers remotos causar una denegación de servicio (caída del demonio) o posiblemente tener un impacto no especificado a ... • http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070569.html • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 13%CPEs: 22EXPL: 0CVE-2010-4180 – openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack
https://notcve.org/view.php?id=CVE-2010-4180
06 Dec 2010 — OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. OpenSSL en versiones anteriores a 0.9.8q y 1.0.x en versiones anteriores a 1.0.0c, cuando SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG está habilitado, no previene adecuadame... • http://cvs.openssl.org/chngview?cn=20131 •