Lucene search
K

250 matches found

Chainguard
Chainguard
added 2023/10/25 8:15 p.m.72 views

CVE-2023-5044 vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller...

6.5CVSS7.4AI score0.56568EPSS
Exploits2
CNNVD
CNNVD
added 2023/10/25 12:0 a.m.5 views

Ingress NGINX Controller Injection Vulnerability

Ingress NGINX Controller is a Kubernetes open source entry controller for Kubernetes. A security vulnerability exists in Ingress NGINX Controller. An attacker can exploit this vulnerability to execute arbitrary commands...

8.8CVSS7.3AI score0.02234EPSS
Exploits0References5
Wolfi
Wolfi
added 2023/10/10 9:28 p.m.43 views

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: prometheus-adapter, kubeflow, terraform, aactl, dex, nats, kpt, external-dns, minio, kots, helm, gomplate, node-problem-detector, haproxy-ingress, secrets-store-csi-driver, gke-gcloud-auth-plugin, ollama, nghttp2, mc, gitness, cortex, src, rqlite, hey, cosign,...

5.8AI score
Exploits0
Wolfi
Wolfi
added 2023/10/10 2:15 p.m.1577 views

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: prometheus-adapter, kubeflow, terraform, aactl, dex, nats, kpt, external-dns, minio, kots, helm, gomplate, node-problem-detector, haproxy-ingress, secrets-store-csi-driver, gke-gcloud-auth-plugin, ollama, nghttp2, mc, gitness, cortex, src, rqlite, hey, cosign,...

7.5CVSS7.1AI score0.99999EPSS
Exploits19
NVD
NVD
added 2023/05/24 5:15 p.m.19 views

CVE-2021-25748

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the spec.rules.http.paths.path field of an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of...

7.6CVSS7.5AI score0.00694EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2023/02/21 7:57 p.m.46 views

K14631834: NGINX Controller vulnerability CVE-2020-5863

Security Advisory Description In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other...

8.6CVSS8.4AI score0.01122EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 7:27 p.m.35 views

K45263486: NGINX Controller vulnerability CVE-2021-23020

Security Advisory Description The NAAS API keys are generated using an insecure pseudo-random string and hashing algorithm, which may lead to predictable keys. CVE-2021-23020 Impact Local attackers are able to potentially generate a valid user key. Security Advisory Status F5 Product Development...

5.5CVSS5.5AI score0.00255EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 7:1 p.m.34 views

K27205552: NGINX Controller vulnerability CVE-2020-5864

Security Advisory Description Communication between NGINX Controller and NGINX Plus instances skip TLS verification by default. CVE-2020-5864 Impact This vulnerability enables a man-in-the-middle MITM attack that can intercept the communication channel and read/modify data in transit. Security...

7.4CVSS7.2AI score0.01033EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 7:0 p.m.25 views

K59209532: NGINX Controller NATS vulnerability CVE-2020-5910

Security Advisory Description The Neural Autonomic Transport System NATS messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized. CVE-2020-5910 Impact A malicious user with access to the host where NGINX...

7.5CVSS7.5AI score0.01154EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 7:0 p.m.24 views

K84084843: NGINX Controller installer vulnerability CVE-2020-5911

Security Advisory Description The NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system. CVE-2020-5911 Impact A man-in-the-middle MITM attacker can use this vulnerability to intercept the insecure HTTP channel and convincingly forge...

7.5CVSS7.4AI score0.01006EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:55 p.m.32 views

K95120415: NGINX Controller AVRD vulnerability CVE-2020-5895

Security Advisory Description AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault SIGSEGV by writing malformed messages to the...

7.8CVSS7.6AI score0.00292EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:55 p.m.38 views

K25434422: NGINX Controller vulnerability CVE-2020-5899

Security Advisory Description Recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset using the email address of...

7.8CVSS7.8AI score0.00185EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:53 p.m.29 views

K43520321: NGINX Controller API Vulnerability CVE-2020-5901

Security Advisory Description Undisclosed API endpoints may allow for a reflected Cross Site Scripting XSS attack. If the victim user is logged in as admin this could result in a complete compromise of the system. CVE-2020-5901 Impact For the attack to occur, a user must visit a specially crafted...

9.6CVSS8.1AI score0.01466EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:50 p.m.26 views

K11922628: NGINX Controller sensitive command-line arguments vulnerability CVE-2020-5866

Security Advisory Description The helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments. CVE-2020-5866 Impact The affected script causes sensitive items to display in the system process listing ps , top while the helper.s...

5.5CVSS5.6AI score0.00326EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:49 p.m.29 views

K00958787: NGINX Controller vulnerability CVE-2020-5867

Security Advisory Description The NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages. CVE-2020-5867 Impact A man-in-the-middle MITM attacker can use this vulnerability to intercept the insecure HTTP channel and convincingly forge any...

8.1CVSS7.9AI score0.004EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:47 p.m.35 views

K97002210: NGINX Controller vulnerability CVE-2021-23018

Security Advisory Description Intra-cluster communication does not use TLS. The services within the NGINX Controller namespace are using cleartext protocols inside the cluster. CVE-2021-23018 Impact Attackers with access to cluster may have the ability to read and modify the data being sent betwe...

7.4CVSS7.2AI score0.00544EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:47 p.m.29 views

K31044532: NGINX Controller vulnerability CVE-2020-5900

Security Advisory Description Insufficient cross-site request forgery CSRF protections for the NGINX Controller user interface. CVE-2020-5900 Impact An attacker can exploit this vulnerability by enticing a victim user to follow a malicious link. A successful exploit can allow the attacker to...

8.8CVSS8.6AI score0.00452EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:35 p.m.27 views

K31150658: NGINX Controller vulnerability CVE-2020-5909

Security Advisory Description When users run the command displayed in NGINX Controller user interface UI to fetch the agent installer, the server TLS certificate is not verified. CVE-2020-5909 Impact A man-in-the-middle MITM attacker can intercept the communication channel and read/modify data in...

5.8CVSS5.6AI score0.004EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:35 p.m.51 views

K57735782: NGINX Controller API Management vulnerability CVE-2022-23008

Security Advisory Description An authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data plane instances. CVE-2022-23008 Impact Successful exploitation...

5.5CVSS5.4AI score0.0053EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.32 views

K13028514: NGINX Controller webserver vulnerability CVE-2020-5894

Security Advisory Description The NGINX Controller webserver does not invalidate the server-side session token after users log out. CVE-2020-5894 Impact An attacker that successfully extracted a valid session token can use it before it expires on the server-side, even if the valid user has logged...

8.1CVSS8.2AI score0.01019EPSS
Exploits0Affected Software1
Rows per page
Query Builder