Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
f5 nginx vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-23050
On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x prior to 16.0.1.2 and 15.1.x prior to 15.1.3 and NGINX App Protect on all versions prior to 3.5.0, when a cross-site request forgery (CSRF)-enabled policy is configured on a virtual server, an undisclosed HTML response may caus...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
F5 Nginx App Protect
7.5
CVSSv2
CVE-2017-20005
NGINX prior to 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module.
F5 Nginx
Debian Debian Linux 9.0
6.9
CVSSv2
CVE-2021-23019
The NGINX Controller 2.0.0 thru 2.9.0 and 3.x prior to 3.15.0 Administrator password may be exposed in the systemd.txt file that is included in the NGINX support package.
F5 Nginx Controller
2.1
CVSSv2
CVE-2021-23021
The Nginx Controller 3.x prior to 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644.
F5 Nginx Controller
6.8
CVSSv2
CVE-2021-23017
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
F5 Nginx
Openresty Openresty
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Netapp Ontap Select Deploy Administration Utility -
Oracle Communications Operations Monitor 3.4
Oracle Enterprise Session Border Controller 8.4
Oracle Communications Operations Monitor 4.2
Oracle Communications Operations Monitor 4.3
Oracle Communications Session Border Controller 8.4
Oracle Enterprise Session Border Controller 9.0
Oracle Communications Session Border Controller 9.0
Oracle Enterprise Communications Broker 3.3.0
Oracle Enterprise Telephony Fraud Monitor 4.2
Oracle Enterprise Telephony Fraud Monitor 4.3
Oracle Enterprise Telephony Fraud Monitor 4.4
Oracle Enterprise Telephony Fraud Monitor 3.4
Oracle Communications Operations Monitor 4.4
Oracle Communications Fraud Monitor
Oracle Communications Control Plane Monitor 4.2
Oracle Communications Control Plane Monitor 4.3
Oracle Communications Control Plane Monitor 4.4
28 Github repositories
1 Article
2.1
CVSSv2
CVE-2021-23020
The NAAS 3.x prior to 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys.
F5 Nginx Controller
5.8
CVSSv2
CVE-2021-23018
Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x prior to 3.4.0 namespace are using cleartext protocols inside the cluster.
F5 Nginx Controller
7.5
CVSSv2
CVE-2020-27730
In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities.
F5 Nginx Controller
F5 Nginx Controller 1.0.1
Netapp Cloud Backup -
6.8
CVSSv2
CVE-2020-24346
njs up to and including 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c.
F5 Njs
2.1
CVSSv2
CVE-2020-24347
njs up to and including 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c.
F5 Njs
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4956
validation
CVE-2024-35221
remote attackers
CVE-2023-30309
CVE-2024-36112
CVE-2024-23109
CVE-2023-43850
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »