UBUNTU-CVE-2021-23017

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact...

ALEA-2021:1834 nginx:1.18 bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

1.18 bug fix and enhancement update

An update is available for nginx. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 8.4...

nginx:1.18 bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

openSUSE Security Update : netdata (openSUSE-2021-647)

This update for netdata fixes the following issues : - Update to 1.29.3 Release v1.29.3 is a patch release to improve the stability of the Netdata Agent. We discovered a bug that when proc.plugin attempts to collect the operstate parameter for a virtual network interface. If the chart is obsolete...

Security Bulletin: Spectrum Discover has addressed multiple security vulnerabilities (CVE-2020-13401, CVE-2019-20372)

Summary Spectrum Discover prior to version 2.0.3.3 shipped with a vulnerable version of Docker and Nginx. Vulnerability Details CVEID: CVE-2020-13401 DESCRIPTION: Docker Docker CE is vulnerable to a man-in-the-middle attack, caused by improper validation of router advertisements. By sending rogue...

Design/Logic Flaw

Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same...

BSA-2020-1130

Security Advisory ID : BSA-2020-1130 Component : NGINX Revision : 1.0 NGINX before 1.17.7, with certain errorpage configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load...

Nginxpwner - Tool to look for common Nginx misconfigurations and vulnerabilities

Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities. Install: cd /opt git clone https://github.com/stark0de/nginxpwner cd nginxpwner chmod +x install.sh ./install.sh Usage: Target tab in Burp, select host, right click, copy all URLs in this host, copy to a...

Fedora: Security Advisory for nginx (FEDORA-2021-1556d440ba)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for nginx (FEDORA-2021-10c1cd4cba)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: nginx-1.20.0-2.fc34

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

GHSA-9FGX-Q25H-JXRG DOM XSS in Theme Preview

Impact An unused endpoint added during the development of 4.0.0 has left sites vulnerable to untrusted users gaining access to Ghost Admin. Attackers can gain access by getting logged in users to click a link containing malicious code. Users do not need to enter credentials and may not know they'...

DOM XSS in Theme Preview

Impact An unused endpoint added during the development of 4.0.0 has left sites vulnerable to untrusted users gaining access to Ghost Admin. Attackers can gain access by getting logged in users to click a link containing malicious code. Users do not need to enter credentials and may not know they'...

[SECURITY] Fedora 32 Update: nginx-1.20.0-2.fc32

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

[SECURITY] Fedora 33 Update: nginx-1.20.0-2.fc33

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

Sipwise C5 NGCP CSC - (Multiple) Stored/Reflected Cross-Site Scripting Vulnerability

Exploit Title: Sipwise C5 NGCP CSC - 'Multiple' Stored/Reflected Cross-Site Scripting XSS Exploit Author: LiquidWorm Vendor Homepage: https://www.sipwise.com Sipwise C5 NGCP CSC Multiple Stored/Reflected XSS Vulnerabilities Vendor: Sipwise GmbH Product web page: https://www.sipwise.com Affected...

Sipwise C5 NGCP CSC Cross Site Request Forgery

Sipwise C5 NGCP CSC CSRF Click2Dial Exploit Vendor: Sipwise GmbH Product web page: https://www.sipwise.com Affected version: =CEm39.3.1 NGCP wwwadmin version 3.6.7 Summary: Sipwise C5 also known as NGCP - the Next Generation Communication Platform is a SIP-based Open Source Class 5 VoIP soft-swit...

Sipwise C5 NGCP CSC Cross Site Scripting

Sipwise C5 NGCP CSC Multiple Stored/Reflected XSS Vulnerabilities Vendor: Sipwise GmbH Product web page: https://www.sipwise.com Affected version: =CEm39.3.1 NGCP wwwadmin version 3.6.7 Summary: Sipwise C5 also known as NGCP - the Next Generation Communication Platform is a SIP-based Open Source...

cisco RV34X系列身份绕过和远程命令执行漏洞（CVE-2021-1472 CVE-2021-1473）

Advisory: Cisco RV34X Series – Authentication Bypass and Remote Command Execution APRIL 13, 2021 TL;DR In early 2021, we reported a few security issues to Cisco related to their RV34X series of routers, two of which have been recently patched. The issues in question were an authentication bypass...