Search Results (Refine Search)
- CPE Product Version: cpe:/a:f5:big-ip_access_policy_manager:11.2.1
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-0101 |
The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk. Published: March 11, 2014; 9:01:06 AM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2013-6024 |
The Edge Client components in F5 BIG-IP APM 10.x, 11.x, 12.x, 13.x, and 14.x, BIG-IP Edge Gateway 10.x and 11.x, and FirePass 7.0.0 allow attackers to obtain sensitive information from process memory via unspecified vectors. Published: February 10, 2014; 1:15:10 PM -0500 |
V3.x:(not available) V2.0: 4.4 MEDIUM |
CVE-2012-3000 |
Multiple SQL injection vulnerabilities in sam/admin/reports/php/saveSettings.php in the (1) APM WebGUI in F5 BIG-IP LTM, GTM, ASM, Link Controller, PSM, APM, Edge Gateway, and Analytics and (2) AVR WebGUI in WebAccelerator and WOM 11.2.x before 11.2.0-HF3 and 11.2.x before 11.2.1-HF3 allow remote authenticated users to execute arbitrary SQL commands via the defaultQuery parameter. Published: January 30, 2014; 10:06:21 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-5975 |
The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 through 11.2.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. Published: October 01, 2013; 4:55:34 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-0150 |
Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned," allows remote attackers to upload and execute arbitrary files via a .. (dot dot) in the filename parameter. Published: August 09, 2013; 4:56:06 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-3163 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema. Published: October 16, 2012; 8:55:01 PM -0400 |
V3.x:(not available) V2.0: 9.0 HIGH |