Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nginx vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-5900
In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient cross-site request forgery (CSRF) protections for the NGINX Controller user interface.
F5 Nginx Controller 1.0.1
F5 Nginx Controller
7.5
CVSSv3
CVE-2020-5910
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
F5 Nginx Controller 1.0.1
F5 Nginx Controller
8.8
CVSSv3
CVE-2024-22197
Nginx-ui is online statistics for Server Indicators?? Monitor CPU usage, memory usage, load average, and disk usage in real-time. The `Home > Preference` page exposes a small list of nginx settings such as `Nginx Access Log Path` and `Nginx Error Log Path`. However, the API al...
Nginxui Nginx Ui
Nginxui Nginx Ui 2.0.0
8.8
CVSSv3
CVE-2024-22198
Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. The `Home > Preference` page exposes a list of system settings such as `Run Mode`, `Jwt Secret`, `Node Secret` and `Terminal Start...
Nginxui Nginx Ui
Nginxui Nginx Ui 2.0.0
9.8
CVSSv3
CVE-2020-19695
Buffer Overflow found in Nginx NJS allows a remote malicious user to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c function.
Nginx Njs 2019-06-27
Nginx Njs
7
CVSSv3
CVE-2022-41743
NGINX Plus prior to R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module that might allow a local malicious user to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. The issue affects o...
F5 Nginx Plus
F5 Nginx Ingress Controller
6.5
CVSSv3
CVE-2024-22196
Nginx-UI is an online statistics for Server Indicators?? Monitor CPU usage, memory usage, load average, and disk usage in real-time. This issue may lead to information disclosure. By using `DefaultQuery`, the `"desc"` and `"id"` values are used as default valu...
Nginxui Nginx Ui
Nginxui Nginx Ui 2.0.0
7.3
CVSSv3
CVE-2020-5911
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.
F5 Nginx Controller 1.0.1
F5 Nginx Controller
7.4
CVSSv3
CVE-2020-5864
In versions of NGINX Controller before 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default.
F5 Nginx Controller 1.0.1
F5 Nginx Controller
5.5
CVSSv3
CVE-2020-5866
In versions of NGINX Controller before 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments.
F5 Nginx Controller 1.0.1
F5 Nginx Controller
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »