Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nginx vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2009-4487
nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote malicious users to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a termina...
F5 Nginx 0.7.64
1 EDB exploit
5.8
CVSSv2
CVE-2021-23018
Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x prior to 3.4.0 namespace are using cleartext protocols inside the cluster.
F5 Nginx Controller
6.9
CVSSv2
CVE-2021-23019
The NGINX Controller 2.0.0 thru 2.9.0 and 3.x prior to 3.15.0 Administrator password may be exposed in the systemd.txt file that is included in the NGINX support package.
F5 Nginx Controller
2.1
CVSSv2
CVE-2021-23021
The Nginx Controller 3.x prior to 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644.
F5 Nginx Controller
2.1
CVSSv2
CVE-2021-23020
The NAAS 3.x prior to 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys.
F5 Nginx Controller
NA
CVE-2022-35173
An issue exists in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation.
Nginx Njs 0.7.5
5.5
CVSSv2
CVE-2021-25746
A security issue exists in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configur...
Kubernetes Ingress-nginx
NA
CVE-2021-25748
A security issue exists in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obta...
Kubernetes Ingress-nginx
NA
CVE-2022-4886
Ingress-nginx `path` sanitization can be bypassed with `log_format` directive.
Kubernetes Ingress-nginx
1 Article
7.5
CVSSv2
CVE-2014-0088
The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 prior to 1.5.11, when running on a 32-bit platform, allows remote malicious users to execute arbitrary code via a crafted request.
F5 Nginx 1.5.10
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »