CVE-2022-31306

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njsarrayconverttoslowarray at src/njsarray.c...

GHSA-JJCJ-FGFM-9G9R Phusion Passenger Race Condition Allows Privilege Escalation

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passengerinstanceregistrydir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...

Phusion Passenger Race Condition Allows Privilege Escalation

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passengerinstanceregistrydir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...

USN-5261-1 passenger vulnerabilities

It was discovered that Phusion Passenger incorrectly handled a file path in the application root folder. An attacker could possibly use this issue to read arbitrary files. CVE-2017-16355 It was discovered that Phusion Passenger had a race condition in the nginx module that could be used to perfor...

USN-5261-1: Phusion Passenger vulnerabilities

It was discovered that Phusion Passenger incorrectly handled a file path in the application root folder. An attacker could possibly use this issue to read arbitrary files. CVE-2017-16355 It was discovered that Phusion Passenger had a race condition in the nginx module that could be used to perfor...

new module: nginx:1.20

An update is available for nginx. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This enhancement update adds the nginx:1.20 module to Rocky Linux 8. BZ1945671...

SUSE: Security Advisory (SUSE-SU-2018:2039-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : netdata (openSUSE-2021-647)

This update for netdata fixes the following issues : - Update to 1.29.3 Release v1.29.3 is a patch release to improve the stability of the Netdata Agent. We discovered a bug that when proc.plugin attempts to collect the operstate parameter for a virtual network interface. If the chart is obsolete...

MTN Group: Cross-site Scripting (XSS) - Reflected on http://h1b4e.n2.ips.mtn.co.ug:8080 via Nginx-module

The Cross-site Scripting XSS vulnerability was discovered on http://h1b4e.n2.ips.mtn.co.ug:8080 via the Nginx module. The vulnerability allowed the injection of arbitrary JavaScript code through the URL, which could be executed in the victim's browser...

DEBIAN-CVE-2020-36309

ngxhttpluamodule aka lua-nginx-module before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header...

Cross site request forgery (csrf)

ngxhttpluamodule aka lua-nginx-module before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header...

UBUNTU-CVE-2020-36309

ngxhttpluamodule aka lua-nginx-module before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header...

CVE-2021-21335

In the SPNEGO HTTP Authentication Module for nginx spnego-http-auth-nginx-module before version 1.1.1 basic Authentication can be bypassed using a malformed username. This affects users of spnego-http-auth-nginx-module that have enabled basic authentication. This is fixed in version 1.1.1 of...

spnego-http-auth-nginx-module 授权问题漏洞

Sean Timothy Noonan spnego-http-auth-nginx-module is a Sean Timothy Noonan open source application. It provides a way to add SPNEGO support to nginx functionality. A security vulnerability exists in SPNEGO HTTP Authentication Module for nginx, which stems from the fact that basic authentication c...

The vulnerability of the nginx web server module in Phusion Passenger, related to the simultaneous use of shared resources and synchronization errors, allows attackers to gain access to confidential data.

The vulnerability of the nginx web server module in Phusion Passenger is related to the simultaneous use of a shared resource and synchronization errors when the passengerinstanceregistrydir configuration is not set strictly enough. Exploiting this vulnerability can allow an attacker to gain acce...

nginx: Excessive CPU usage via flaw in HTTP/2 implementation

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngxhttpv2module not compiled by default if the 'http2' option of the 'listen' directive is used in a configuration file...

SUSE-SU-2018:2039-1 Security update for rubygem-passenger

This update for rubygem-passenger fixes the following issue: The following security vulnerability was addressed: - CVE-2018-12029: Fixed a file system access race condition in the chown command, which allowed for local privilege escalation and affects the Nginx module bsc1097663...

Phusion Passenger nginx module elevation of privilege vulnerability

Phusion Passenger is an Apache module from the Dutch company Phusion for deploying Ruby on Rails projects on Apache and Nginx web servers. nginx module is one of the Nginx server modules. A security vulnerability in the nginx module in Phusion Passenger versions 5.3.2 through 3.x excluding versio...

CVE-2018-12029

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passengerinstanceregistrydir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...

DEBIAN-CVE-2018-12029

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passengerinstanceregistrydir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...