CVE-2023-20088

A vulnerability in the nginx configurations that are provided as part of the VPN-less reverse proxy for Cisco Finesse could allow an unauthenticated, remote attacker to create a denial of service DoS condition for new and existing users who are connected through a load balancer. This vulnerabilit...

CVE-2023-20088

A vulnerability in the nginx configurations that are provided as part of the VPN-less reverse proxy for Cisco Finesse could allow an unauthenticated, remote attacker to create a denial of service DoS condition for new and existing users who are connected through a load balancer. This vulnerabilit...

Design/Logic Flaw

A vulnerability in the nginx configurations that are provided as part of the VPN-less reverse proxy for Cisco Finesse could allow an unauthenticated, remote attacker to create a denial of service DoS condition for new and existing users who are connected through a load balancer. This vulnerabilit...

CVE-2023-20088 Cisco Finesse Reverse Proxy VPN-less Access to Finesse Desktop Denial of Service Vulnerability

A vulnerability in the nginx configurations that are provided as part of the VPN-less reverse proxy for Cisco Finesse could allow an unauthenticated, remote attacker to create a denial of service DoS condition for new and existing users who are connected through a load balancer. This vulnerabilit...

CVE-2023-20088 Cisco Finesse Reverse Proxy VPN-less Access to Finesse Desktop Denial of Service Vulnerability

A vulnerability in the nginx configurations that are provided as part of the VPN-less reverse proxy for Cisco Finesse could allow an unauthenticated, remote attacker to create a denial of service DoS condition for new and existing users who are connected through a load balancer. This vulnerabilit...

CVE-2023-20088

The vulnerability CVE-2023-20088 affects Cisco Finesse’s VPN-less reverse proxy, where the nginx-based reverse proxy improperly filters IP addresses. An unauthenticated, remote attacker can send crafted requests via the load balancer to cause a denial of service (DoS) for current and new users, a...

Vulnerability fixed in Cisco Finesse and Unified Contact Center

Cisco has fixed a vulnerability in Finesse and Unified Contact Center. The vulnerability is in the nginx component. When configured as a reverse proxy, an unauthenticated remote malicious person could exploit it to cause a denial-of-service on the system. Cisco has released updates to fix the...

CVE-2023-20088

A vulnerability in the nginx configurations that are provided as part of the VPN-less reverse proxy for Cisco Finesse could allow an unauthenticated, remote attacker to create a denial of service DoS condition for new and existing users who are connected through a load balancer. This vulnerabilit...

Cisco Finesse Reverse Proxy VPN-less Access to Finesse Desktop Denial of Service Vulnerability

A vulnerability in the nginx configurations that are provided as part of the VPN-less reverse proxy for Cisco Finesse could allow an unauthenticated, remote attacker to create a denial of service DoS condition for new and existing users who are connected through a load balancer. This vulnerabilit...

Exploit for OS Command Injection in Netgate Pfblockerng

CVE-2022-31814 text Reworked and optimized exploit scrip...

PT-2023-2225 · Cisco · Cisco Finesse

Name of the Vulnerable Software and Affected Versions: Cisco Finesse affected versions not specified Description: A vulnerability in the nginx configurations of the VPN-less reverse proxy for Cisco Finesse could allow an unauthenticated, remote attacker to create a denial of service DoS condition...

Important Photon OS Security Update - PHSA-2023-4.0-0342

Updates of 'nginx' packages of Photon OS have been released...

K30425568: Overview of F5 vulnerabilities (October 2022)

Security Advisory Description On October 19, 2022, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associate...

K01051452: NGINX Ingress Controller vulnerability CVE-2021-23055

Security Advisory Description The command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. CVE-2021-23055 Impact An attacker with privileges to deploy Ingress resources can inject configuration snippets that may allow them to gain access ...

K01112063: NGINX ngx_http_hls_module vulnerability CVE-2022-41743

Security Advisory Description NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttphlsmodule that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. The issu...

K12331123: NGINX Plus and Open Source vulnerability CVE-2021-23017

Security Advisory Description An issue in NGINX resolver may allow an attacker who is able to forge UDP packets from the specified DNS server to cause a 1-byte memory overwrite, resulting in a worker process crash or other unspecified impact. CVE-2021-23017 Impact A remote attacker can cause a...

K08250500: Nginx vulnerability CVE-2016-4450

Security Advisory Description os/unix/ngxfiles.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service NULL pointer dereference and worker process crash via a crafted request, involving writing a client request body to a temporary file. CVE-2016-4450...

K14631834: NGINX Controller vulnerability CVE-2020-5863

Security Advisory Description In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other...

K52125139: NGINX Ingress Controller vulnerability CVE-2022-30535

Security Advisory Description An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. CVE-2022-30535 Impact This vulnerability may allow an authenticated attacker with network access to NGINX Ingress Controller ingress objects t...

K23073482: Nginx vulnerabilities CVE-2016-0742, CVE-2016-0746, and CVE-2016-0747

Security Advisory Description CVE-2016-0742 The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service invalid pointer dereference and worker process crash via a crafted UDP DNS response. CVE-2016-0746 Use-after-free vulnerability in the resolv...