Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
f5 nginx vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2011-4963
nginx/Windows 1.3.x prior to 1.3.1 and 1.2.x prior to 1.2.1 allows remote malicious users to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
F5 Nginx
F5 Nginx 1.3.0
5
CVSSv2
CVE-2012-1180
Use-after-free vulnerability in nginx prior to 1.0.14 and 1.1.x prior to 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
F5 Nginx
Fedoraproject Fedora 15
Fedoraproject Fedora 16
Fedoraproject Fedora 17
Debian Debian Linux 6.0
5
CVSSv2
CVE-2010-2263
nginx 0.8 prior to 0.8.40 and 0.7 prior to 0.7.66, when running on Windows, allows remote malicious users to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
F5 Nginx
2 EDB exploits
5
CVSSv2
CVE-2010-2266
nginx 0.8.36 allows remote malicious users to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
F5 Nginx
1 EDB exploit
5
CVSSv2
CVE-2009-3896
src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 up to and including 0.4.14, 0.5.x prior to 0.5.38, 0.6.x prior to 0.6.39, 0.7.x prior to 0.7.62, and 0.8.x prior to 0.8.14 allows remote malicious users to cause a denial of service (NULL pointer dereference and worker proce...
F5 Nginx 0.3.13
F5 Nginx 0.3.12
F5 Nginx 0.3.11
F5 Nginx 0.3.0
F5 Nginx 0.1.0
F5 Nginx 0.2.1
F5 Nginx 0.1.44
F5 Nginx 0.1.36
F5 Nginx 0.1.37
F5 Nginx 0.3.41
F5 Nginx 0.3.40
F5 Nginx 0.3.33
F5 Nginx 0.3.32
F5 Nginx 0.3.25
F5 Nginx 0.3.18
F5 Nginx 0.3.17
F5 Nginx 0.1.11
F5 Nginx 0.1.4
F5 Nginx 0.1.19
F5 Nginx 0.1.26
F5 Nginx 0.1.27
F5 Nginx 0.1.34
4.9
CVSSv2
CVE-2009-3898
Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) prior to 0.7.63, and 0.8.x prior to 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDA...
F5 Nginx 0.3.48
F5 Nginx 0.3.11
F5 Nginx 0.3.10
F5 Nginx 0.2.6
F5 Nginx 0.2.4
F5 Nginx 0.1.45
F5 Nginx 0.1.42
F5 Nginx 0.1.37
F5 Nginx 0.3.43
F5 Nginx 0.3.35
F5 Nginx 0.3.34
F5 Nginx 0.3.26
F5 Nginx 0.3.27
F5 Nginx 0.3.18
F5 Nginx 0.3.19
F5 Nginx 0.3.20
F5 Nginx 0.1.10
F5 Nginx 0.1.9
F5 Nginx 0.1.18
F5 Nginx 0.1.17
F5 Nginx 0.1.24
F5 Nginx 0.1.25
1 EDB exploit
4.6
CVSSv2
CVE-2020-5899
In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset us...
F5 Nginx Controller
4.6
CVSSv2
CVE-2020-5895
On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault (SIGSEGV) by writ...
F5 Nginx Controller
4.3
CVSSv2
CVE-2022-32414
Nginx NJS v0.7.2 exists to contain a segmentation violation in the function njs_vmcode_interpreter at src/njs_vmcode.c.
F5 Njs 0.7.2
4.3
CVSSv2
CVE-2022-31306
Nginx NJS v0.7.2 exists to contain a segmentation violation in the function njs_array_convert_to_slow_array at src/njs_array.c.
F5 Njs 0.7.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »