Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nginx vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-1550
Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 prior to 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is...
F5 Nginx Agent
F5 Nginx Instance Manager
5.8
CVSSv2
CVE-2020-5864
In versions of NGINX Controller before 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default.
F5 Nginx Controller 1.0.1
F5 Nginx Controller
5.8
CVSSv2
CVE-2020-5909
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
F5 Nginx Controller 1.0.1
F5 Nginx Controller
5.5
CVSSv2
CVE-2021-25742
A security issue exists in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.
Kubernetes Ingress-nginx
Kubernetes Ingress-nginx 1.0.0
Netapp Trident -
2 Github repositories
7.5
CVSSv2
CVE-2020-27730
In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities.
F5 Nginx Controller
F5 Nginx Controller 1.0.1
Netapp Cloud Backup -
7.5
CVSSv2
CVE-2020-5863
In NGINX Controller versions before 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of t...
F5 Nginx Controller 1.0.1
F5 Nginx Controller
Netapp Cloud Backup -
5.8
CVSSv2
CVE-2020-5865
In versions before 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle (MiTM) attacks.
F5 Nginx Controller
F5 Nginx Controller 1.0.1
Netapp Cloud Backup -
3.3
CVSSv2
CVE-2022-27495
On all versions 1.3.x (fixed in 1.4.0) NGINX Service Mesh control plane endpoints are exposed to the cluster overlay network. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
F5 Nginx Service Mesh 1.3.1
F5 Nginx Service Mesh 1.3.0
6.8
CVSSv2
CVE-2020-5867
In versions before 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages
F5 Nginx Controller
F5 Nginx Controller 1.0.1
Netapp Cloud Backup -
7.5
CVSSv2
CVE-2019-7401
NGINX Unit prior to 1.7.1 might allow an malicious user to cause a heap-based buffer overflow in the router process with a specially crafted request. This may result in a denial of service (router process crash) or possibly have unspecified other impact.
Nginx Unit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »