Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
f5 nginx vulnerabilities and exploits
(subscribe to this query)
8.6
CVSSv3
CVE-2020-5863
In NGINX Controller versions before 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of t...
F5 Nginx Controller 1.0.1
F5 Nginx Controller
Netapp Cloud Backup -
4.8
CVSSv3
CVE-2020-5865
In versions before 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle (MiTM) attacks.
F5 Nginx Controller
F5 Nginx Controller 1.0.1
Netapp Cloud Backup -
NA
CVE-2010-2263
nginx 0.8 prior to 0.8.40 and 0.7 prior to 0.7.66, when running on Windows, allows remote malicious users to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
F5 Nginx
2 EDB exploits
NA
CVE-2010-2266
nginx 0.8.36 allows remote malicious users to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
F5 Nginx
1 EDB exploit
NA
CVE-2014-3556
The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x prior to 1.6.1 and 1.7.x prior to 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle malicious users to insert commands into encrypted SMTP sessions ...
F5 Nginx
7.4
CVSSv3
CVE-2021-23018
Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x prior to 3.4.0 namespace are using cleartext protocols inside the cluster.
F5 Nginx Controller
5.5
CVSSv3
CVE-2021-23021
The Nginx Controller 3.x prior to 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644.
F5 Nginx Controller
8.1
CVSSv3
CVE-2020-5894
On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out.
F5 Nginx Controller
7.8
CVSSv3
CVE-2020-5895
On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault (SIGSEGV) by writ...
F5 Nginx Controller
7.8
CVSSv3
CVE-2020-5899
In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset us...
F5 Nginx Controller
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »