nginx Information Disclosure Vulnerability (CVE-2011-4968)

nginx is prone to an information disclosure vulnerability in the http proxy module. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

nginx 1.5.10 'ngx_http_spdy_module' RCE Vulnerability

nginx is prone to a remote code execution RCE vulnerability in the ngxhttpspdymodule module. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CP...

Huawei EulerOS: Security Advisory for nginx (EulerOS-SA-2020-2372)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP2 : nginx (EulerOS-SA-2020-2372)

According to the versions of the nginx package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of...

CVE-2019-9511

A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a...

FFmpeg Heap-based Buffer Overflow (CVE-2020-12284)

A buffer overflow vulnerability exists in NGINX NJS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...

vulhub

This is a Docker Compose file for a vulnerability environment. It is a collection of services that can be used to test and demonstrate various types of vulnerabilities. The file is written in YAML format and defines the services, their ports, and the networks they use. The file contains several...

Nginx < 1.17.7 Information Disclosure

According to its self-reported version number, the detected version of nginx is prior to 1.17.7. It is, therefore, affected by an information disclosure vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

Security Bulletin: IBM Cloud Private is vulnerable to a Kubernetes vulnerability (CVE-2020-8553)

Summary IBM Cloud Private is vulnerable to a Kubernetes vulnerability Vulnerability Details CVEID: CVE-2020-8553 DESCRIPTION: Kubernetes ingress-nginx could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when the annotation...

olcne nginx security update

olcne 1.0.8-2 - Added nginx-image resource in module definitions to ensure nginx image upgrading 1.0.8-1 - support upgrading nginx - Adress CVE-2019-9511 - Adress CVE-2018-16845 - Adress CVE-2017-7529 - support upgrading flannel nginx 1.17.7-2 - Changed nginx home dir to /var/lib/nginx for...

Oracle Linux 7 : olcne / nginx (ELSA-2020-5862)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5862 advisory. - Adress CVE-2019-9511 - Adress CVE-2018-16845 - Adress CVE-2017-7529 - Adress CVE-2019-9511 - Adress CVE-2018-16845 Tenable has extracted the precedin...

NGINX before 1.17.7 with certain error_page configurations allows HTTP request smuggling as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.

...

Oracle Linux 7 : olcne / nginx (ELSA-2020-5859)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5859 advisory. - Adress CVE-2019-9511 - Adress CVE-2018-16845 - Adress CVE-2017-7529 - Adress CVE-2019-9511 - Adress CVE-2018-16845 Tenable has extracted the precedin...

olcne nginx security update

olcne 1.1.6-1 - support upgrading nginx - Adress CVE-2019-9511 - Adress CVE-2018-16845 - Adress CVE-2017-7529 - support upgrading flannel nginx 1.17.7-2 - Changed nginx home dir to /var/lib/nginx for consistency 1.17.7-1 - Added Oracle Specific Build Files for nginx - Adress CVE-2019-9511 - Adres...

LY Corporation: Path traversal in a Tomcat server

A path traversal vulnerability was discovered in a Tomcat server, which allowed an attacker to access internal resources such as the administrator page. The vulnerability was caused by a misconfiguration between the reverse proxy and the WAS, and occurred when the attacker entered the string "..;...

CVE-2020-24660

An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package...

DEBIAN-CVE-2020-24660

An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package...

CVE-2020-24660

An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package...

CVE-2020-24660

An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package...

Improper access control

An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package...