Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
f5 nginx vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2020-5865
In versions before 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle (MiTM) attacks.
F5 Nginx Controller
F5 Nginx Controller 1.0.1
Netapp Cloud Backup -
8.1
CVSSv3
CVE-2020-5867
In versions before 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages
F5 Nginx Controller
F5 Nginx Controller 1.0.1
Netapp Cloud Backup -
NA
CVE-2010-2263
nginx 0.8 prior to 0.8.40 and 0.7 prior to 0.7.66, when running on Windows, allows remote malicious users to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
F5 Nginx
2 EDB exploits
NA
CVE-2010-2266
nginx 0.8.36 allows remote malicious users to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
F5 Nginx
1 EDB exploit
NA
CVE-2014-3556
The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x prior to 1.6.1 and 1.7.x prior to 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle malicious users to insert commands into encrypted SMTP sessions ...
F5 Nginx
9.6
CVSSv3
CVE-2020-5901
In NGINX Controller 3.3.0-3.4.0, undisclosed API endpoints may allow for a reflected Cross Site Scripting (XSS) attack. If the victim user is logged in as admin this could result in a complete compromise of the system.
F5 Nginx Controller
7.4
CVSSv3
CVE-2021-23018
Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x prior to 3.4.0 namespace are using cleartext protocols inside the cluster.
F5 Nginx Controller
7.8
CVSSv3
CVE-2021-23019
The NGINX Controller 2.0.0 thru 2.9.0 and 3.x prior to 3.15.0 Administrator password may be exposed in the systemd.txt file that is included in the NGINX support package.
F5 Nginx Controller
5.5
CVSSv3
CVE-2021-23020
The NAAS 3.x prior to 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys.
F5 Nginx Controller
5.5
CVSSv3
CVE-2021-23021
The Nginx Controller 3.x prior to 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644.
F5 Nginx Controller
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site request forgery
CVE-2024-34351
CVE-2024-1076
CVE-2024-25522
CVE-2024-34547
CVE-2024-4644
unauthorized
remote
CVE-2024-4671
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »