CVE-2022-35241

CVE-2022-35241 affects NGINX Instance Manager (NGINX IM) and is documented by F5 as an issue where undisclosed requests can cause increased disk resource utilization, enabling a remote, authenticated attacker to degrade system performance (DoS). Affected branches: NGINX IM 2.x (2.0.0–2.3.0) with ...

CVE-2022-35241 NGINX Instance Manager vulnerability CVE-2022-35241

In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2022-30535

CVE-2022-30535: summary Ingress Controller for NGINX (NGINX Ingress Controller) versions 2.x before 2.3.0 and all 1.x are affected. The issue allows an attacker who can create or update ingress objects to access secrets stored by the NGINX Ingress Controller, constituting a control-plane data dis...

CVE-2022-30535 NGINX Ingress Controller vulnerability CVE-2022-30535

In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

PT-2022-3993 · Nginx · Nginx Instance Manager

Name of the Vulnerable Software and Affected Versions: NGINX Instance Manager versions 1.x and earlier NGINX Instance Manager versions 2.x through 2.3.0 Description: The issue is related to uncontrolled resource consumption. It may allow a remote attacker to cause a denial of service. In affected...

PT-2022-3992 · Nginx · Nginx Ingress Controller

Name of the Vulnerable Software and Affected Versions: NGINX Ingress Controller versions 1.x and earlier NGINX Ingress Controller versions 2.x before 2.3.0 Description: The issue is related to insufficient input validation, allowing an authorized attacker to obtain secrets available to the NGINX...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Nginx

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Nginx. Vulnerability Details CVEID:CVE-2021-3618 DESCRIPTION: Sendmail, vsftpd and NGINX could provide weaker than expected security, caused by an ALPACA application layer protocol content confusion attack,...

CVE-2022-30535

In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2022-35241

In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

F5 NGINX Ingress Controller Input Validation Error Vulnerability

NGINX Ingress Controller is an application from F5 that works with NGINX and NGINX Plus and supports the standard ingress features - content-based routing and TLS / SSL offload. Ingress objects can be exploited by an attacker to obtain all available secret objects in the NGINX Ingress Controller...

F5 BIG-IP 输入验证错误漏洞

NGINX Ingress Controller is an application from F5 that works with NGINX and NGINX Plus and supports the standard ingress features - content-based routing and TLS / SSL offload. Ingress objects can be exploited by an attacker to obtain all available secret objects in the NGINX Ingress Controller...

F5 NGINX Instance Manager Denial of Service Vulnerability

NGINX Instance Manager NIM is part of F5's NGINX Management Suite NMS.The NIM module provides a REST API that uses standard authentication methods and HTTP response code, among other things.A denial of service vulnerability exists in F5 NGINX Instance Manager, which stems from a When using NGINX...

F5 BIG-IP 资源管理错误漏洞

NGINX Instance Manager NIM is part of F5's NGINX Management Suite NMS.The NIM module provides a REST API that uses standard authentication methods and HTTP response code, among other things.A denial of service vulnerability exists in F5 NGINX Instance Manager, which stems from a When using NGINX...

CVE-2022-35925 Missing rate limit in Authentication in bookwyrm

BookWyrm is a social network for tracking reading. Versions prior to 0.4.5 were found to lack rate limiting on authentication views which allows brute-force attacks. This issue has been patched in version 0.4.5. Admins with existing instances will need to update their nginx.conf file that was...

CVE-2022-35925 Missing rate limit in Authentication in bookwyrm

BookWyrm is a social network for tracking reading. Versions prior to 0.4.5 were found to lack rate limiting on authentication views which allows brute-force attacks. This issue has been patched in version 0.4.5. Admins with existing instances will need to update their nginx.conf file that was...

PT-2022-23031 · Bookwyrm · Bookwyrm

Name of the Vulnerable Software and Affected Versions: BookWyrm versions prior to 0.4.5 Description: BookWyrm, a social network for tracking reading, has an issue where versions prior to 0.4.5 lack rate limiting on authentication views. This lack of rate limiting allows for brute-force attacks. T...

CVE-2022-31182

Discourse is the an open source discussion platform. In affected versions a maliciously crafted request for static assets could cause error responses to be cached by Discourse's default NGINX proxy configuration. A corrected NGINX configuration is included in the latest stable, beta and...

Design/Logic Flaw

Discourse is the an open source discussion platform. In affected versions a maliciously crafted request for static assets could cause error responses to be cached by Discourse's default NGINX proxy configuration. A corrected NGINX configuration is included in the latest stable, beta and...

CVE-2022-31182 Cache poisoning via maliciously-formed request in Discourse

Discourse is the an open source discussion platform. In affected versions a maliciously crafted request for static assets could cause error responses to be cached by Discourse's default NGINX proxy configuration. A corrected NGINX configuration is included in the latest stable, beta and...

CVE-2022-31182 Cache poisoning via maliciously-formed request in Discourse

Discourse is the an open source discussion platform. In affected versions a maliciously crafted request for static assets could cause error responses to be cached by Discourse's default NGINX proxy configuration. A corrected NGINX configuration is included in the latest stable, beta and...