Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
f5 nginx vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2011-4963
nginx/Windows 1.3.x prior to 1.3.1 and 1.2.x prior to 1.2.1 allows remote malicious users to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
F5 Nginx
F5 Nginx 1.3.0
5
CVSSv2
CVE-2012-1180
Use-after-free vulnerability in nginx prior to 1.0.14 and 1.1.x prior to 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
F5 Nginx
Fedoraproject Fedora 15
Fedoraproject Fedora 16
Fedoraproject Fedora 17
Debian Debian Linux 6.0
5
CVSSv2
CVE-2010-2263
nginx 0.8 prior to 0.8.40 and 0.7 prior to 0.7.66, when running on Windows, allows remote malicious users to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
F5 Nginx
2 EDB exploits
5
CVSSv2
CVE-2010-2266
nginx 0.8.36 allows remote malicious users to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
F5 Nginx
1 EDB exploit
5
CVSSv2
CVE-2009-3896
src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 up to and including 0.4.14, 0.5.x prior to 0.5.38, 0.6.x prior to 0.6.39, 0.7.x prior to 0.7.62, and 0.8.x prior to 0.8.14 allows remote malicious users to cause a denial of service (NULL pointer dereference and worker proce...
F5 Nginx 0.3.13
F5 Nginx 0.3.12
F5 Nginx 0.3.11
F5 Nginx 0.3.0
F5 Nginx 0.1.0
F5 Nginx 0.2.1
F5 Nginx 0.1.44
F5 Nginx 0.1.36
F5 Nginx 0.1.37
F5 Nginx 0.3.41
F5 Nginx 0.3.40
F5 Nginx 0.3.33
F5 Nginx 0.3.32
F5 Nginx 0.3.25
F5 Nginx 0.3.18
F5 Nginx 0.3.17
F5 Nginx 0.1.11
F5 Nginx 0.1.4
F5 Nginx 0.1.19
F5 Nginx 0.1.26
F5 Nginx 0.1.27
F5 Nginx 0.1.34
4.9
CVSSv2
CVE-2009-3898
Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) prior to 0.7.63, and 0.8.x prior to 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDA...
F5 Nginx 0.3.48
F5 Nginx 0.3.11
F5 Nginx 0.3.10
F5 Nginx 0.2.6
F5 Nginx 0.2.4
F5 Nginx 0.1.45
F5 Nginx 0.1.42
F5 Nginx 0.1.37
F5 Nginx 0.3.43
F5 Nginx 0.3.35
F5 Nginx 0.3.34
F5 Nginx 0.3.26
F5 Nginx 0.3.27
F5 Nginx 0.3.18
F5 Nginx 0.3.19
F5 Nginx 0.3.20
F5 Nginx 0.1.10
F5 Nginx 0.1.9
F5 Nginx 0.1.18
F5 Nginx 0.1.17
F5 Nginx 0.1.24
F5 Nginx 0.1.25
1 EDB exploit
4.6
CVSSv2
CVE-2020-5899
In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset us...
F5 Nginx Controller
4.6
CVSSv2
CVE-2020-5895
On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault (SIGSEGV) by writ...
F5 Nginx Controller
4.3
CVSSv2
CVE-2022-31306
Nginx NJS v0.7.2 exists to contain a segmentation violation in the function njs_array_convert_to_slow_array at src/njs_array.c.
F5 Njs 0.7.2
4.3
CVSSv2
CVE-2022-31307
Nginx NJS v0.7.2 exists to contain a segmentation violation in the function njs_string_offset at src/njs_string.c.
F5 Njs 0.7.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »