242 matches found
F5 NGINX Controller Authorization Issues Vulnerability
F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. An authorization issue vulnerability exists in F5 NGINX Controller versions 3.0.0 through 3.3.0, which stems from t...
F5 NGINX Controller Denial of Service Vulnerability
F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A security vulnerability exists in F5 NGINX Controller versions 3.1.0 through 3.3.0, which stems from AVRD setting...
CVE-2020-5895
On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault SIGSEGV by writing malformed...
CVE-2020-5894
On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out...
CVE-2020-5895
On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault SIGSEGV by writing malformed...
CVE-2020-5894
On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out...
Design/Logic Flaw
On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out...
Design/Logic Flaw
On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault SIGSEGV by writing malformed...
CVE-2020-5894
On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out...
CVE-2020-5894
The CVE-2020-5894 issue affects NGINX Controller webserver versions 3.0.0–3.3.0. The root cause is that server-side session tokens are not invalidated after logout, enabling a remote attacker who has a valid token to reuse it until it expires. The official advisory indicates that upgrades to 3.4....
F5 NGINX Controller Input Validation Error Vulnerability
F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A security vulnerability exists in F5 NGINX Controller versions prior to 3.3.0, which stems from an install.sh scri...
F5 NGINX Controller Trust Management Issue Vulnerability
F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A security vulnerability exists in F5 NGINX Controller versions prior to 3.2.0, which stems from the fact that by...
F5 NGINX Controller Information Disclosure Vulnerability (CNVD-2020-33346)
F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A security vulnerability exists in F5 NGINX Controller versions prior to 3.3.0 that originates when NGINX Controlle...
F5 NGINX Controller Information Disclosure Vulnerability
F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A security vulnerability exists in the helper.sh script in F5 NGINX Controller versions prior to 3.3.0. An attacker...
CVE-2020-5867
In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages...
CVE-2020-5867
In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages...
CVE-2020-5867
In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages...
CVE-2020-5866
In versions of NGINX Controller prior to 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments...
CVE-2020-5865
In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle MiTM attacks...
CVE-2020-5866
In versions of NGINX Controller prior to 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments...