CVE-2021-23018

Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before 3.4.0 namespace are using cleartext protocols inside the cluster...

Nginx 控制器 安全漏洞

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A security vulnerability exists in F5 NGINX Controller that stems from the fact that intra-cluster communication do...

PT-2021-7435 · Nginx · Nginx Controller

Name of the Vulnerable Software and Affected Versions: NGINX Controller versions 2.0.0 through 2.9.0 NGINX Controller versions 3.x before 3.15.0 Description: The issue is related to insufficient protection of registration data, which may allow an attacker to disclose protected information...

The vulnerability of the ngx_resolver_copy() function in the nginx server allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the ngxresolvercopy function in the nginx server is related to a single-byte offset error during the writing of the point symbol '.', 0x2E beyond the buffer limit. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause a service failure by sending...

Debian DSA-4921-1 : nginx - security update

Luis Merino, Markus Vervier and Eric Sesterhenn discovered an off-by-one in Nginx, a high-performance web and reverse proxy server, which could result in denial of service and potentially the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text an...

Fancy Product Designer < 4.6.9 - Unauthenticated Arbitrary File Upload and RCE

The plugin allows unauthenticated attackers to upload arbitrary files, resulting in remote code execution. The issue is being actively exploited, and no patch is available. Further details will be made available once pathed. The Custom Product Designer plugin for WordPress offers the ability for...

SUSE SLES15 Security Update : nginx (SUSE-SU-2021:1815-1)

This update for nginx fixes the following issues : CVE-2021-23017: nginx DNS resolver off-by-one heap write bsc1186126 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format...

Debian DLA-2670-1 : nginx security update

Luis Merino, Markus Vervier and Eric Sesterhenn discovered an off-by-one in Nginx, a high-performance web and reverse proxy server, which could result in denial of service and potentially the execution of arbitrary code. For Debian 9 stretch, this problem has been fixed in version 1.10.3-1+deb9u6...

SUSE SLES15 Security Update : nginx (SUSE-SU-2021:1792-1)

This update for nginx fixes the following issues : CVE-2021-23017: nginx DNS resolver off-by-one heap write bsc1186126 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format...

SUSE SLES15 Security Update : nginx (SUSE-SU-2021:1814-1)

This update for nginx fixes the following issues : CVE-2021-23017: nginx DNS resolver off-by-one heap write bsc1186126 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format...

SUSE-SU-2021:1815-1 Security update for nginx

This update for nginx fixes the following issues: - CVE-2021-23017: nginx DNS resolver off-by-one heap write bsc1186126...

SUSE-SU-2021:1814-1 Security update for nginx

This update for nginx fixes the following issues: - CVE-2021-23017: nginx DNS resolver off-by-one heap write bsc1186126...

Debian: Security Advisory (DLA-2670-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2670-1] nginx security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2670-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta May 30, 2021 https://wiki.debian.org/LTS - -----------------------------------------------------------------------...

DLA-2670-1 nginx - security update

Bulletin has no description...

Photon OS 2.0: Nginx PHSA-2021-2.0-0349

An update of the nginx package has been released. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-2.0-0349. The text itself is copyright C VMware, Inc...

Debian: Security Advisory (DSA-4921-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-32637

Authelia is a a single sign-on multi-factor portal for web apps. This affects uses who are using nginx ngxhttpauthrequestmodule with Authelia, it allows a malicious individual who crafts a malformed HTTP request to bypass the authentication mechanism. It additionally could theoretically affect...

CVE-2021-32637

Authelia is a a single sign-on multi-factor portal for web apps. This affects uses who are using nginx ngxhttpauthrequestmodule with Authelia, it allows a malicious individual who crafts a malformed HTTP request to bypass the authentication mechanism. It additionally could theoretically affect...

Authentication flaw

Authelia is a a single sign-on multi-factor portal for web apps. This affects uses who are using nginx ngxhttpauthrequestmodule with Authelia, it allows a malicious individual who crafts a malformed HTTP request to bypass the authentication mechanism. It additionally could theoretically affect...