OPENSUSE-SU-2021:1815-1 Security update for nginx

This update for nginx fixes the following issues: - CVE-2021-23017: nginx DNS resolver off-by-one heap write bsc1186126...

Security update for nginx (important)

openSUSE Security Update: Security update for nginx Announcement ID: openSUSE-SU-2021:1815-1 Rating: important References: 1186126 Cross-References: CVE-2021-23017 CVSS scores: CVE-2021-23017 NVD : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-23017 SUSE: 8.1...

Nginx Detection (HTTP Error Page)

HTTP error-page based detection of Nginx. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.117545"...

Fedora: Security Advisory for nginx (FEDORA-2021-a856024cca)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for nginx (FEDORA-2021-031436cb0e)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

F5 Nginx 信任管理问题漏洞

F5 Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from F5 Inc. distributed under the BSD-like protocol. F5 Nginx is vulnerable to a trust management issue that stems from the presence of an ALPACA Application Layer Protocol Content Obfuscation attack, whic...

[SECURITY] Fedora 33 Update: nginx-1.20.1-3.fc33

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

[SECURITY] Fedora 34 Update: nginx-1.20.1-3.fc34

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

vulhub

This repository is an offensive tool for a collection of vulnerable environments and applications, referred to as "Vulhub". It is a collection of Docker images and scripts that simulate various web applications and systems with known vulnerabilities, allowing users to practice and learn about...

Kubernetes: Authenticated kubernetes principal with restricted permissions can retrieve ingress-nginx serviceaccount token and secrets across all namespaces

Summary: Retrieving ingress-nginx serviceaccount token ingress-nginx allows adding custom snippets of nginx configuration to Kubernetes ingress objects. These snippets can be applied to either the relevant location or server blocks with the following annotations, respectively...

nginx <= 1.21.1 Information Disclosure Vulnerability

nginx is prone to an information disclosure vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...

nginx 0.1.0 - 0.7.63 / 0.8.x - 0.8.22 SSL Protocol Renegotiation Vulnerability

nginx is prone to a renegotiation vulnerability in the SSL protocol. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

MGASA-2021-0301 Updated nginx package fixes a security vulnerability

A flaw was found in nginx. An off-by-one error while processing DNS responses allows a network attacker to write a dot character out of bounds in a heap allocated buffer which can allow overwriting the least significant byte of next heap chunk metadata likely leading to a remote code execution in...

Updated nginx package fixes a security vulnerability

A flaw was found in nginx. An off-by-one error while processing DNS responses allows a network attacker to write a dot character out of bounds in a heap allocated buffer which can allow overwriting the least significant byte of next heap chunk metadata likely leading to a remote code execution in...

Command Execution Vulnerability in Guojiz International Web Site Navigation System (CNVD-2021-46694)

Guojiz International Website Navigation System is developed with ThinkPHP5.0 PHP7.0 Mysql Apache/Nginx/iis, a CMS program suitable for small and medium-sized webmasters to build websites. Guojiz International Website Navigation System has a command execution vulnerability that can be exploited by...

SQL injection vulnerability in Guojiz international web site navigation system (CNVD-2021-46693)

Guojiz International Website Navigation System is developed with ThinkPHP5.0 PHP7.0 Mysql Apache/Nginx/iis, a CMS program suitable for small and medium-sized webmasters to build websites. Guojiz International Website Navigation System has a SQL injection vulnerability, which can be exploited by...

Security fix for the ALT Linux 9 package nginx version 1.20.1-alt1

1.20.1-alt1 built June 23, 2021 Anton Farygin in task 274712 June 17, 2021 Anton Farygin - 1.20.1 Fixes: CVE-2021-23017 - updated rtmp module to 1.2.2 - updated spnego snapshot to a06f9efc...

vulhub

This repository is an offensive tool for vulnerability research and exploitation. It contains a collection of vulnerable applications and services, along with proof-of-concept PoC exploits and tools for exploiting them. The repository is maintained by phith0n and is available on GitHub. The...

OESA-2021-1225 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrit...

[ASA-202106-48] nginx-mainline: arbitrary code execution

Arch Linux Security Advisory ASA-202106-48 ========================================== Severity: Medium Date : 2021-06-22 CVE-ID : CVE-2021-23017 Package : nginx-mainline Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1987 Summary ======= The package...