Cisco HyperFlex HX Data Platform File Upload / Remote Code Execution Exploit

This Metasploit module exploits an unauthenticated file upload vulnerability in Cisco HyperFlex HX Data Platform's /upload endpoint to upload and execute a payload as the Tomcat user. This module requires Metasploit: https://metasploit.com/download Current source:...

Fedora: Security Advisory for nginx (FEDORA-2021-b37cffac0d)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for nginx (FEDORA-2021-393d698493)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Update of nginx-all-modules, nginx-filesystem, nginx-mod-stream, nginx-mod-http-perl, nginx-mod-http-xslt-filter, nginx-mod-http-geoip, nginx-mod-mail, nginx, nginx-mod-http-image-filter

...

CentOS 8 : nginx:1.18 (CESA-2021:2259)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:2259 advisory. - nginx: Off-by-one in ngxresolvercopy when labels are followed by a pointer to a root domain name CVE-2021-23017 Note that Nessus has not tested for this issue...

CentOS 8 : nginx:1.16 (CESA-2021:2290)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:2290 advisory. - nginx: Off-by-one in ngxresolvercopy when labels are followed by a pointer to a root domain name CVE-2021-23017 Note that Nessus has not tested for this issue...

RHEL 7 : rh-nginx118-nginx (RHSA-2021:2258)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:2258 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...

[ASA-202106-36] nginx: arbitrary code execution

Arch Linux Security Advisory ASA-202106-36 ========================================== Severity: Medium Date : 2021-06-15 CVE-ID : CVE-2021-23017 Package : nginx Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1988 Summary ======= The package nginx before...

The vulnerability of the nginx HTTP-server’s range filter module allows attackers to disclose sensitive information.

The vulnerability of the nginx HTTP server’s range filter module is due to a numerical overflow condition. Exploiting this vulnerability allows an attacker, operating remotely, to disclose sensitive information through a specially crafted request...

RHEL 7 : rh-nginx116-nginx (RHSA-2021:2278)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:2278 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...

CVE-2019-9516 affecting package nginx 1.16.1-2

CVE-2019-9516 affecting package nginx 1.16.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2019-9513 affecting package nginx 1.16.1-2

CVE-2019-9513 affecting package nginx 1.16.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2019-9511 affecting package nginx 1.16.1-2

CVE-2019-9511 affecting package nginx 1.16.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2021-23017 affecting package nginx 1.16.1-4

CVE-2021-23017 affecting package nginx 1.16.1-4. An upgraded version of the package is available that resolves this issue...

nginx 0.5.6 <= 1.7.4 Insufficient Session Expiration Vulnerability

nginx is prone to an insufficient session expiration vulnerability due to a problem with SSL session cache. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

nginx 0.8.41 <= 1.5.6 Improper Encoding or Escaping of Output Vulnerability

nginx is prone to a improper encoding or escaping of output vulnerability due to bypass intended restrictions via an unescaped space character in a URI. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

nginx 1.1.4 <= 1.2.8 / 1.3.0 <= 1.4.0 DoS Vulnerability

nginx is prone to denial of service DoS vulnerability when proxypass is used with untrusted HTTP servers. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Denial Of Service (DoS)

NGINX is vulnerable to denial of service. A buffer overflow for years that exceed four digits causes an integer overflow, resulting in an application crash...

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

This is an open-source project for vulnerability research and training, called Vulhub. It is a collection of vulnerable systems and applications, designed to help security researchers and students learn about various types of vulnerabilities and how to exploit them. The project is maintained by...

A security issue in nginx resolver was identified which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite resulting in worker process crash or potential other impact.

...