Phusion Passenger Race Condition Allows Privilege Escalation

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passengerinstanceregistrydir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...

Two critical security flaws found in Nginx-Ingress controller

Ingress controllers allow users to configure an HTTP load balancer for applications running on Kubernetes. It’s needed to serve those applications to clients outside of the Kubernetes Cluster. It’s also configured with Kubernetes API to deploy objects called Ingress Resources The NGINX Ingress...

CVE-2022-29369

Nginx NJS v0.7.2 was discovered to contain a segmentation violation via njslvlhshbucketfind at njslvlhsh.c...

CVE-2022-29369

Nginx NJS v0.7.2 was discovered to contain a segmentation violation via njslvlhshbucketfind at njslvlhsh.c...

CVE-2022-29369

Nginx NJS v0.7.2 was discovered to contain a segmentation violation via njslvlhshbucketfind at njslvlhsh.c...

Design/Logic Flaw

Nginx NJS v0.7.2 was discovered to contain a segmentation violation via njslvlhshbucketfind at njslvlhsh.c...

CVE-2022-29369

Nginx NJS v0.7.2 was discovered to contain a segmentation violation via njslvlhshbucketfind at njslvlhsh.c...

CVE-2022-29369

CVE-2022-29369 affects Nginx NJS v0.7.2. The vulnerability is a segmentation violation caused by a fault in njs_lvlhsh_bucket_find (njs_lvlhsh.c). CVSS details in the sources show CVSS‑2.0/3.1 scores with network attack vector, low complexity, no authentication, and availability impact described ...

CVE-2021-3618 affecting package nginx 1.20.1-2

CVE-2021-3618 affecting package nginx 1.20.1-2. A patched version of the package is available...

Nginx 代码问题漏洞

Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from Nginx Inc. in the United States. njs is one of the scripting language components that supports extended NGINX functionality. A security vulnerability exists in Nginx NJS v0.7.2, which stems from a memory...

OESA-2022-1637 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as...

1.20 bug fix and enhancement update

An update is available for nginx. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 8.6...

Information Disclosure

github.com/kubernetes/ingress-nginx is vulnerable to Information Disclosure. An attacker can obtain the credentials of the ingress-nginx controller by creating or updating ingress objects through the spec.rules.http.paths.path field of an ingress objectin the networking.k8s.io or extensions API...

Denial Of Service (DoS)

njs is vulnerable to denial of service. It used in NGINX, was discovered to contain a segmentation violation via njsobjectsetprototype in /src/njsobject.c...

Improper Input Validation in k8s.io/ingress-nginx

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules.http.paths.path field of an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of the ingress-nginx controller. In the default...

GHSA-PVMG-XGMX-9MXH Improper Input Validation in k8s.io/ingress-nginx

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules.http.paths.path field of an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of the ingress-nginx controller. In the default...

F5 NGINX Service Mesh Access Control Error Vulnerability

F5 NGINX Service Mesh F5 NSM is a fully integrated lightweight service mesh from F5 USA. Leveraging a data plane powered by NGINX Plus to manage container traffic in Kubernetes environments, F5 NGINX Service Mesh suffers from an access control error vulnerability that can be exploited by attacker...

Improper Input Validation

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules.http.paths.path field of an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of the ingress-nginx controller. In the default...

CVE-2021-25745

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules.http.paths.path field of an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of the ingress-nginx controller. In the default...

CVE-2021-25746

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of the ingress-nginx controller. In the default configuration, that...