Judge.me : The response shows the nginx version

Summary: On visiting the https://cache.judge.me/ .It show the nginx version Steps To Reproduce: ==send :== GET / HTTP/1.1 Host: cache.judge.me Cookie: ga=GA1.2.907415772.1636450777; gid=GA1.2.1767694824.1636450777; fbp=fb.1.1636450778172.127612364; hjid=00598a42-40f4-48cb-84ec-20b9bd4273cd;...

Adobe: Disclosure of github access token in config file via nignx off-by-slash

Summary: ██████████ is vulnerable to Nginx off-by-slash vulnerability that exposes Git configuration. Steps To Reproduce: 1. Visit https://█████████████ to download git config containing username and token. 2. Use it to pull entire source code via git clone ████████ Leaked: core...

in misp/misp-maltego

Description misconfigurations of nginx lead to a path traversal vulnerability. Proof of Concept Do a request to /munin../ can get any file under /var/cache/munin/ Impact An attacker can access files on the web server to which they should not have access...

Path Traversal in rhizome-conifer/conifer

Description misconfigurations of nginx lead to a path traversal vulnerability. Proof of Concept An attacker can access files like this: https://conifer.rhizome.org/static/app../admin.py https://conifer.rhizome.org/static/app../config/wr.yaml Impact An attacker can access files on the web server t...

CVE-2021-25742

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster...

CVE-2021-25742

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster...

Design/Logic Flaw

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster...

CVE-2021-25742

CVE-2021-25742 affects the Kubernetes NGINX Ingress Controller via the custom snippets feature. A user who can create or update ingress objects can exploit this flaw to obtain all secrets in the cluster (cross-namespace access). This is tied to ingress-nginx behavior rather than a generic service...

CVE-2021-25742 Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster...

CLSA-2021-1635459358 Fix CVE(s): CVE-2021-23017

SECURITY UPDATE: Update fix for CVE-2021-23017 accoding nginx.org recomendations - debian/patches/cve-2021-23017.patch - CVE-2021-23017...

CLSA-2021-1635427159 Fixed CVE-2017-20005 in nginx

CVE-2017-20005: fix buffer overflow for years that exceed four digits...

GHSA-4P3X-8QW9-24W9 Authenticated Stored XSS in shopware/shopware

Impact Authenticated Stored XSS in Administration Patches Use the Security Plugin: https://store.shopware.com/en/swag575294366635f/shopware-security-plugin.html Workarounds If you cannot use the security plugin, add the following config to your .htaccess file Header set Content-Security-Policy...

Authenticated Stored XSS in shopware/shopware

Impact Authenticated Stored XSS in Administration Patches Use the Security Plugin: https://store.shopware.com/en/swag575294366635f/shopware-security-plugin.html Workarounds If you cannot use the security plugin, add the following config to your .htaccess file Header set Content-Security-Policy...

Kubernetes: Ingress-nginx path allows retrieval of ingress-nginx serviceaccount token

Report Submission Form Summary: A user with the permissions to create an ingress resource can obtain the ingress-nginx service account token which can list secrets is all namespaces cluster wide. Kubernetes Version: 1.20 should work on 1.21 as well Component Version: nginx ingress controller v1.0...

The vulnerability in the `os/unix/ngx_files.c` component of the NGINX application monitoring and management platform allows a attacker to cause a service failure.

The vulnerability in the os/unix/ngxfiles.c component of the NGINX application monitoring and management platform is related to the use of a null pointer. Exploiting this vulnerability could allow an attacker to cause service interruptions...

CVE-2021-41188

Shopware is open source e-commerce software. Versions prior to 5.7.6 contain a cross-site scripting vulnerability. This issue is patched in version 5.7.6. Two workarounds are available. Using the security plugin or adding a particular following config to the .htaccess file will protect against...

CVE-2021-41188

Shopware is open source e-commerce software. Versions prior to 5.7.6 contain a cross-site scripting vulnerability. This issue is patched in version 5.7.6. Two workarounds are available. Using the security plugin or adding a particular following config to the .htaccess file will protect against...

Cross site scripting

Shopware is open source e-commerce software. Versions prior to 5.7.6 contain a cross-site scripting vulnerability. This issue is patched in version 5.7.6. Two workarounds are available. Using the security plugin or adding a particular following config to the .htaccess file will protect against...

PT-2021-7417 · Zimbra +1 · Zimbra Collaboration +1

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration ZCS versions 8.8.x through 9.x Description: An issue was discovered in Zimbra Collaboration, related to the Sudo configuration, which permits the zimbra user to execute the NGINX binary as root with arbitrary parameters...

EulerOS 2.0 SP3 : nginx (EulerOS-SA-2021-2599)

According to the versions of the nginx package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that cause...