RHEL 6 / 7 : rh-nginx110-nginx (RHSA-2017:2538)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:2538 advisory. Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance an...

GHSA-HXX2-7VCW-MQR3 Sinatra vulnerable to Reliance on Untrusted Inputs in a Security Decision

Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host XFH header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into...

CVE-2024-21510

Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host XFH header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into...

The vulnerability of the configuration settings in the directory /api/configs of the Nginx UI server’s user interface allows a malicious actor to read arbitrary files.

The vulnerability of the configuration settings in the directory /api/configs of the Nginx UI server’s user interface is related to deficiencies in the authentication process. Exploiting this vulnerability allows an attacker, operating remotely, to read arbitrary files...

The vulnerability of the GetConfPath() function in the Nginx UI server’s user interface allows a hacker to write arbitrary files.

The vulnerability of the GetConfPath function in the Nginx UI server’s user interface is related to the improper handling of JSON fields, resulting in incorrect values being retrieved without proper validation. This issue arises due to a faulty restriction on the path to the restricted directory...

The vulnerability of the logrotate configuration in the Nginx UI server’s user interface allows a hacker to execute arbitrary commands.

The vulnerability of the logrotate configuration in the Nginx UI server’s web interface is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary commands...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Nginx

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Nginx Vulnerability Details CVEID:CVE-2024-7646 DESCRIPTION: Kubernetes ingress-nginx could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by an annotation validatio...

Improper Input Validation

Nginx UI is vulnerable to Improper Input Validation. The vulnerability is due to improper input validation when configuring logrotate, where unverified input is directly passed to exec.Command, allowing arbitrary command execution...

Directory Traversal

Nginx UI is vulnerable to Directory Traversal. The vulnerability is due to a controllable log path which, when combined with directory traversal at /api/configs, allows reading of directories and file contents on the server...

GHSA-C479-WQ8G-57HR Pterodactyl Panel has plain-text logging of user passwords when two-factor authentication is disabled

Impact When a user disables two-factor authentication via the Panel, a DELETE request with their current password in a query parameter will be sent. While query parameters are encrypted when using TLS, many webservers including ones officially documented for use with Pterodactyl will log query...

Directory Traversal

github.com/0xJacky/Nginx-UI is vulnerable to Directory Traversal. The vulnerability is due to insufficient verification of values from the JSON field, allowing the construction of values in the form of ../../, which can lead to arbitrary file writing...

RHSA-2023:6120 Red Hat Security Advisory: nginx:1.22 security update

Bulletin has no description...

RHSA-2023:5713 Red Hat Security Advisory: nginx:1.22 security update

Bulletin has no description...

RHSA-2023:5715 Red Hat Security Advisory: nginx:1.20 security update

Bulletin has no description...

RHSA-2023:5712 Red Hat Security Advisory: nginx:1.20 security update

Bulletin has no description...

RHEA-2023:6562 Red Hat Enhancement Advisory: nginx:1.22 bug fix and enhancement update

Bulletin has no description...

CVE-2024-49367

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, the log path of nginxui is controllable. This issue can be combined with the directory traversal at /api/configs to read directories and file contents on the server. Version 2.0.0-beta.36 fixes the issue...

CVE-2024-49368

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, when Nginx UI configures logrotate, it does not verify the input and directly passes it to exec.Command, causing arbitrary command execution. Version 2.0.0-beta.36 fixes this issue...

CVE-2024-49366

Nginx UI is a web user interface for the Nginx web server. Nginx UI v2.0.0-beta.35 and earlier gets the value from the json field without verification, and can construct a value value in the form of ../../. Arbitrary files can be written to the server, which may result in loss of permissions...

CVE-2024-49368 Unchecked logrotate settings lead to arbitrary command execution

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, when Nginx UI configures logrotate, it does not verify the input and directly passes it to exec.Command, causing arbitrary command execution. Version 2.0.0-beta.36 fixes this issue...