Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
f5 nginx controller vulnerabilities and exploits
(subscribe to this query)
7
CVSSv3
CVE-2022-41743
NGINX Plus prior to R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module that might allow a local malicious user to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. The issue affects o...
F5 Nginx Plus
F5 Nginx Ingress Controller
7.8
CVSSv3
CVE-2022-41741
NGINX Open Source prior to 1.23.2 and 1.22.1, NGINX Open Source Subscription prior to R2 P1 and R1 P1, and NGINX Plus prior to R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local malicious user to corrupt NGINX worker memory, resultin...
F5 Nginx Ingress Controller
F5 Nginx
F5 Nginx 1.23.1
F5 Nginx 1.23.0
F5 Nginx R2
F5 Nginx R1
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Debian Debian Linux 10.0
Debian Debian Linux 11.0
1 Github repository
7.1
CVSSv3
CVE-2022-41742
NGINX Open Source prior to 1.23.2 and 1.22.1, NGINX Open Source Subscription prior to R2 P1 and R1 P1, and NGINX Plus prior to R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local malicious user to cause a worker process crash, or migh...
F5 Nginx Ingress Controller
F5 Nginx
F5 Nginx 1.23.1
F5 Nginx 1.23.0
F5 Nginx R2
F5 Nginx R1
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Debian Debian Linux 10.0
Debian Debian Linux 11.0
8.1
CVSSv3
CVE-2020-5894
On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out.
F5 Nginx Controller
7.8
CVSSv3
CVE-2020-5895
On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault (SIGSEGV) by writ...
F5 Nginx Controller
7.8
CVSSv3
CVE-2020-5899
In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset us...
F5 Nginx Controller
9.6
CVSSv3
CVE-2020-5901
In NGINX Controller 3.3.0-3.4.0, undisclosed API endpoints may allow for a reflected Cross Site Scripting (XSS) attack. If the victim user is logged in as admin this could result in a complete compromise of the system.
F5 Nginx Controller
7.4
CVSSv3
CVE-2021-23018
Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x prior to 3.4.0 namespace are using cleartext protocols inside the cluster.
F5 Nginx Controller
7.8
CVSSv3
CVE-2021-23019
The NGINX Controller 2.0.0 thru 2.9.0 and 3.x prior to 3.15.0 Administrator password may be exposed in the systemd.txt file that is included in the NGINX support package.
F5 Nginx Controller
5.5
CVSSv3
CVE-2021-23020
The NAAS 3.x prior to 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys.
F5 Nginx Controller
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044
client side
CVE-2021-47601
deserialization
CVE-2024-34994
encryption
CVE-2021-47609
CVE-2024-37079
CVE-2024-38608
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »