Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
f5 nginx vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2020-5865
In versions before 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle (MiTM) attacks.
F5 Nginx Controller
F5 Nginx Controller 1.0.1
Netapp Cloud Backup -
8.6
CVSSv3
CVE-2020-5863
In NGINX Controller versions before 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of t...
F5 Nginx Controller
F5 Nginx Controller 1.0.1
Netapp Cloud Backup -
8.1
CVSSv3
CVE-2020-5867
In versions before 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages
F5 Nginx Controller
F5 Nginx Controller 1.0.1
Netapp Cloud Backup -
6.5
CVSSv3
CVE-2022-27495
On all versions 1.3.x (fixed in 1.4.0) NGINX Service Mesh control plane endpoints are exposed to the cluster overlay network. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
F5 Nginx Service Mesh 1.3.0
F5 Nginx Service Mesh 1.3.1
9.8
CVSSv3
CVE-2020-27730
In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities.
F5 Nginx Controller
F5 Nginx Controller 1.0.1
Netapp Cloud Backup -
5
CVSSv2
CVE-2010-2266
nginx 0.8.36 allows remote malicious users to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
F5 Nginx
1 EDB exploit
5
CVSSv2
CVE-2010-2263
nginx 0.8 prior to 0.8.40 and 0.7 prior to 0.7.66, when running on Windows, allows remote malicious users to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
F5 Nginx
2 EDB exploits
6.8
CVSSv2
CVE-2014-3556
The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x prior to 1.6.1 and 1.7.x prior to 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle malicious users to insert commands into encrypted SMTP sessions ...
F5 Nginx
6.8
CVSSv2
CVE-2009-4487
nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote malicious users to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a termina...
F5 Nginx 0.7.64
1 EDB exploit
7.8
CVSSv3
CVE-2021-23019
The NGINX Controller 2.0.0 thru 2.9.0 and 3.x prior to 3.15.0 Administrator password may be exposed in the systemd.txt file that is included in the NGINX support package.
F5 Nginx Controller
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
SQL
IDOR
CVE-2024-6387
CVE-2025-22365
CVE-2024-12430
CVE-2024-54006
CVE-2025-22538
template injection
CVE-2024-43405
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »