Ubuntu: Security Advisory (USN-5371-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important Photon OS Security Update - PHSA-2022-0382

Updates of 'xz', 'gzip', 'nginx', 'sendmail' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2022-3.0-0382

Updates of 'sendmail', 'nginx', 'gzip', 'xz' packages of Photon OS have been released...

NGINX zero-day vulnerability: Check if you’re affected

On April 9, hacking group BlueHornet tweeted about an experimental exploit for NGINX 1.18 and promised to warn companies affected by it. On April 10, BlueHornet claimed to have breached the China branch of UBS Securities using the NGINX vulnerability. All we learned on Twitter was that a new...

USN-5371-1 nginx vulnerabilities

It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue was fixed for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-11724 It was discovered that nginx Lua module mishandled certain input...

USN-5371-1: nginx vulnerabilities

It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue was fixed for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-11724 It was discovered that nginx Lua module mishandled certain input...

NGINX Shares Mitigations for Zero-Day Bug Affecting LDAP Implementation

The maintainers of the NGINX web server project have issued mitigations to address security weaknesses in its Lightweight Directory Access Protocol LDAP Reference Implementation. "NGINX Open Source and NGINX Plus are not themselves affected, and no corrective action is necessary if you do not use...

Ingress-nginx 安全漏洞

Ingres is a database system at the University of California, Berkeley University. Ingress-nginx has a security vulnerability that stems from the ability to bypass path cleanup using the logformat directive...

Vulnerability found in NGINX-LDAP

A vulnerability has been found in the LDAP reference implementation of NGINX. This allows a malicious party to execute arbitrary code execute arbitrary code when certain conditions are met. The use of command-line parameters to configure the Python daemon configuration, unused configuration...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : nginx vulnerabilities (USN-5371-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5371-1 advisory. It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to perform an HTTP...

CLSA-2022-1649695783 Fixed CVE-2021-3618 in nginx

CVE-2021-3618: drop the connection after reaching the specified number of invalid protocol commmands...

The vulnerability of the LDAP-auth HTTP-server implementation in Nginx allows a hacker to execute arbitrary code on the vulnerable system.

The vulnerability of the LDAP-auth HTTP-server implementation based on Nginx is related to errors in the code. Exploiting this vulnerability allows a remote attacker to execute any arbitrary code on the vulnerable system...

PT-2022-3849 · Nginx · Nginx Njs

Name of the Vulnerable Software and Affected Versions: Nginx NJS version 0.7.3 Description: The issue is caused by a stack overflow in the njs default module loader function at /src/njs/src/njs module.c of the Nginx NJS interpreter. This could allow a remote attacker to impact the confidentiality...

jc21 Nginx Proxy Manager Cross-Site Scripting Vulnerability

jc21 Nginx Proxy Manager is a graphical user interface for managing Nginx servers. jc21 Nginx Proxy Manager versions prior to 2.9.17 contain a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could...

CVE-2022-28379

jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion...

CVE-2022-28379

jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion...

CVE-2022-28379

jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion...

Arbitrary file deletion

jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion...

CVE-2022-28379

CVE-2022-28379 affects jc21.com Nginx Proxy Manager prior to 2.9.17, with a cross-site scripting (XSS) vulnerability introduced by a lack of data validation/filtering of user-supplied data during item deletion in the graphical UI. The root cause is insufficient input/output sanitization, enabling...

CVE-2022-28379

jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion...