CVE-2024-45337 vulnerabilities

Vulnerabilities for packages: trivy, datadog-agent, restic-fips, caddy, crossplane-provider-azure-managedidentity, fulcio, kube-bench, postgres-operator-fips, rabbitmq-messaging-topology-operator, kube-state-metrics, kapp-controller-fips, rclone-fips, git-lfs, fq, snyk-cli,...

PT-2024-16388 · Nginx · Nginx

Name of the Vulnerable Software and Affected Versions: Opt-In Downloads plugin for WordPress versions up to, and including, 4.07 Description: The issue is related to missing file type validation in the admin upload function, allowing authenticated attackers with Subscriber-level access and above ...

Exploit for Off-by-one Error in F5 Nginx

CVE-2021-23017-POC A security issue in nginx resolver was iden...

ROS-20241203-11

A vulnerability in the ngxhttpv4module module of the NGINX Plus and NGINX OSS web servers is related to reading out-of-bounds memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Access Control Bypass

Overview docksible is a Deploy and set up Docker Compose based web apps with Ansible Affected versions of this package are vulnerable to Access Control Bypass. This vulnerability allows attackers to exploit the /xmlrpc.php endpoint in WordPress, enabling brute force attacks, DDoS attacks, and...

Exploit for Unprotected Alternate Channel in Rockwellautomation Allen-Bradley_Stratix_5200_Firmware

CVE-2023-20198 is a serious vulnerability in the Web UI function...

Fedora 37 : nginx (2022-12721789aa)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-12721789aa advisory. Security: processing of a specially crafted mp4 file by the ngxhttpmp4module might cause a worker process crash, worker process memory disclosure, o...

CVE-2024-44765

An Improper Authorization Access Control Misconfiguration vulnerability in MGT-COMMERCE GmbH CloudPanel v2.0.0 to v2.4.2 allows low-privilege users to bypass access controls and gain unauthorized access to sensitive configuration files and administrative functionality...

CVE-2024-44765

An Improper Authorization Access Control Misconfiguration vulnerability in MGT-COMMERCE GmbH CloudPanel v2.0.0 to v2.4.2 allows low-privilege users to bypass access controls and gain unauthorized access to sensitive configuration files and administrative functionality...

MGT-COMMERCE CloudPanel 安全漏洞

MGT-COMMERCE CloudPanel is a free solution from MGT-COMMERCE Open Source. Designed to ease the burden of managing self-hosted Linux servers. A security vulnerability exists in MGT-COMMERCE CloudPanel versions v2.0.0 through v2.4.2, which stems from improper authorization and allows an attacker to...

CVE-2024-44765

CVE-2024-44765 affects MGT-COMMERCE GmbH CloudPanel versions 2.0.0–2.4.2. The root cause is an improper authorization/access control misconfiguration that lets low-privilege users bypass controls and access sensitive configuration files and administrative functionality. Impact is described as pot...

CVE-2024-10318

A session fixation vulnerability was found in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. This flaw allows an attacker to fix a victim's session to an attacker-controlled account. As a result, although the attacker cannot log in as the victim,...

CVE-2024-10318

A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. This flaw allows an attacker to fix a victim's session to an attacker-controlled account. As a result, although the attacker cannot log in as the victim, they...

CVE-2024-10318

A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. This flaw allows an attacker to fix a victim's session to an attacker-controlled account. As a result, although the attacker cannot log in as the victim, they...

CVE-2024-10318 NGINX OpenID Connect Vulnerability

A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. This flaw allows an attacker to fix a victim's session to an attacker-controlled account. As a result, although the attacker cannot log in as the victim, they...

CVE-2024-10318

Summary of CVE-2024-10318: A session-fixation vulnerability in the NGINX OpenID Connect reference implementation arises from nonce validation being skipped at login. This allows an attacker to coerce a victim’s session to an attacker-controlled account, enabling potential misuse of the victim’s s...

CVE-2024-10318 NGINX OpenID Connect Vulnerability

A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. This flaw allows an attacker to fix a victim's session to an attacker-controlled account. As a result, although the attacker cannot log in as the victim, they...

K000148232: NGINX OpenID Connect vulnerability CVE-2024-10318

Security Advisory Description A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. This flaw allows an attacker to fix a victim's session to an attacker-controlled account. As a result, although the attacker...

F5 Nginx 授权问题漏洞

F5 Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from F5 USA, distributed under the BSD-like protocol. An authorization issue vulnerability exists in F5 Nginx that stems from not checking random numbers at login...

RHEL 7 : rh-nginx114-nginx (RHSA-2019:2775)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2775 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage...