CVE-2024-41668

The CVE-2024-41668 affects cBioPortal for Cancer Genomics. A publicly exposed proxy endpoint without authentication allows Server-Side Request Forgery (SSRF); logged-in users can exploit this on private instances too. A fix is available in version 6.0.12. As a workaround, disable the /proxy endpo...

CVE-2024-41668 cBioPortal Proxy Endpoint Vulnerabliity

The cBioPortal for Cancer Genomics provides visualization, analysis, and download of large-scale cancer genomics data sets. When running a publicly exposed proxy endpoint without authentication, cBioPortal could allow someone to perform a Server Side Request Forgery SSRF attack. Logged in users...

CVE-2024-41668 cBioPortal Proxy Endpoint Vulnerabliity

The cBioPortal for Cancer Genomics provides visualization, analysis, and download of large-scale cancer genomics data sets. When running a publicly exposed proxy endpoint without authentication, cBioPortal could allow someone to perform a Server Side Request Forgery SSRF attack. Logged in users...

OpenResty 安全漏洞

OpenResty is an American OpenResty open source web application server based on Nginx and Lua. A security vulnerability exists in OpenResty, which stems from a hash denial of service vulnerability discovered in ljstrhash.c. The vulnerability is caused by a hash denial of service vulnerability...

Photon OS 4.0: Nginx PHSA-2022-4.0-0172

An update of the nginx package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-4.0-0172. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 4.0: Nginx PHSA-2023-4.0-0342

An update of the nginx package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-4.0-0342. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 4.0: Nginx PHSA-2022-4.0-0272

An update of the nginx package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-4.0-0272. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 1.0: Nginx PHSA-2017-0038

An update of the nginx package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2017-0038. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid202835;...

Photon OS 3.0: Nginx PHSA-2019-3.0-0003

An update of the nginx package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-3.0-0003. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 3.0: Nginx PHSA-2019-3.0-0002

An update of the nginx package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-3.0-0002. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

RHEL 8 : nginx (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication...

RHEL 9 : nginx (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication...

Internet Bug Bounty: CVE-2024-3416: MTU of 4096 or greater without fragmentation may cause NGINX worker processes to leak previously freed memory

A vulnerability was discovered in NGINX Plus or NGINX OSS when configured to use the HTTP/3 QUIC module. If the network infrastructure supported a Maximum Transmission Unit MTU of 4096 or greater without fragmentation, undisclosed QUIC packets could cause NGINX worker processes to leak previously...

CVE-2024-27784

creationtimestamp| type| source ---|---|--- 2024-07-09 18:57:55+00:00| seen| https://t.me/cvedetector/372 2026-03-26 10:57:30+00:00| seen| https://www.acn.gov.it/portale/w/rilevate-vulnerabilita-in-nginx...

The vulnerability in the backend/script code of the proxy manager for NGINX Proxy Manager allows a perpetrator to execute arbitrary commands.

The vulnerability in the backend/script of the NGINX Proxy Manager for hosting management exists because measures to neutralize specific elements used in the operating system commands have not been taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by...

CVE-2024-39935

jc21 NGINX Proxy Manager before 2.11.3 allows backend/internal/certificate.js OS command injection by an authenticated user with certificate management privileges via untrusted input to the DNS provider configuration. NOTE: this is not part of any NGINX software shipped by F5...

CVE-2024-39935

jc21 NGINX Proxy Manager before 2.11.3 allows backend/internal/certificate.js OS command injection by an authenticated user with certificate management privileges via untrusted input to the DNS provider configuration. NOTE: this is not part of any NGINX software shipped by F5...

CVE-2024-39935

jc21 NGINX Proxy Manager before 2.11.3 allows backend/internal/certificate.js OS command injection by an authenticated user with certificate management privileges via untrusted input to the DNS provider configuration. NOTE: this is not part of any NGINX software shipped by F5...

CVE-2024-39935

CVE-2024-39935 affects jc21 NGINX Proxy Manager before 2.11.3. The vulnerability enables an authenticated user with certificate-management privileges to execute OS commands via untrusted input to the DNS provider configuration in the backend/internal/certificate.js, with potential for full impact...

Nginx Proxy Manager Security Vulnerability

Nginx Proxy Manager is a Docker container for Nginx Proxy Manager open source. It is used to manage Nginx proxy hosts through a simple and powerful interface. A security vulnerability exists in Nginx Proxy Manager versions prior to 2.11.3, which stems from a vulnerability that allows authenticate...