Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
f5 nginx vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2014-3556
The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x prior to 1.6.1 and 1.7.x prior to 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle malicious users to insert commands into encrypted SMTP sessions ...
F5 Nginx
605
VMScore
CVE-2012-2089
Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 up to and including 1.0.14 and 1.1.3 up to and including 1.1.18, when the mp4 directive is used, allows remote malicious users to cause a denial of service (memory overwrite) or possibly exe...
F5 Nginx
Fedoraproject Fedora 15
Fedoraproject Fedora 16
Fedoraproject Fedora 17
605
VMScore
CVE-2011-4315
Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx prior to 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
F5 Nginx
Fedoraproject Fedora 16
Suse Studio 1.2
Suse Studio Onsite 1.2
Suse Webyast 1.2
593
VMScore
CVE-2009-3555
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and previous versions, OpenSSL prior to 0.9.8l, GnuTLS 2.8.5 and previous versions, Mozilla Network Security Ser...
Openssl Openssl 1.0
Apache Http Server
Openssl Openssl
Gnu Gnutls
Mozilla Nss
Debian Debian Linux 5.0
Canonical Ubuntu Linux 10.10
Fedoraproject Fedora 11
Fedoraproject Fedora 13
Debian Debian Linux 4.0
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Canonical Ubuntu Linux 9.04
Debian Debian Linux 6.0
Fedoraproject Fedora 12
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 8.10
Canonical Ubuntu Linux 9.10
Fedoraproject Fedora 14
F5 Nginx
2 EDB exploits
10 Github repositories
516
VMScore
CVE-2021-3618
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer c...
F5 Nginx
Sendmail Sendmail
Vsftpd Project Vsftpd
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 10.0
1 Github repository
516
VMScore
CVE-2021-23018
Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x prior to 3.4.0 namespace are using cleartext protocols inside the cluster.
F5 Nginx Controller
516
VMScore
CVE-2020-5909
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
F5 Nginx Controller 1.0.1
F5 Nginx Controller
516
VMScore
CVE-2020-5894
On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out.
F5 Nginx Controller
516
VMScore
CVE-2020-5864
In versions of NGINX Controller before 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default.
F5 Nginx Controller 1.0.1
F5 Nginx Controller
516
VMScore
CVE-2020-5865
In versions before 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle (MiTM) attacks.
F5 Nginx Controller
F5 Nginx Controller 1.0.1
Netapp Cloud Backup -
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »