PT-2020-13114 · Nginx · Nginx

Name of the Vulnerable Software and Affected Versions: Nginx versions 1.8.0 and earlier Description: The issue concerns HTTP Request Smuggling on Nginx. There are elevated activities targeting Nginx. Recommendations: For Nginx versions 1.8.0 and earlier, update to a version later than 1.8.0 to...

nginx <= 1.18.0 HTTP Request Smuggling Vulnerability

Deprecated since the CVE has been rejected: SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NGINX NJS Heap-Based Buffer Overflow (CVE-2019-11839)

A buffer overflow vulnerability exists in NGINX NJS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...

NGINX NJS Heap-Based Buffer Overflow (CVE-2019-11838)

A buffer overflow vulnerability exists in NGINX NJS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...

NGINX NJS Buffer Overflow (CVE-2019-13067)

A buffer overflow vulnerability exists in NGINX NJS. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...

NGINX NJS Denial of Service (CVE-2019-11837)

A denial of service DoS vulnerability exists in NGINX NJS. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...

Stripo Inc: Integer Overflow (CVE_2017_7529)

Integer Overflow - The issue affects nginx 0.5.6 - 1.13.2...

PAN-OS: Nginx integer overflow may lead to information leak

Nginx web-server included with PAN-OS is vulnerable to an integer overflow vulnerability that can leak potentially a cache file header if a response was returned from cache. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions...

Security Bulletin: IBM API Connect is impacted by a vulnerability in NGINX (CVE-2019-20372)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-20372 DESCRIPTION: NGINX could allow a remote attacker to obtain sensitive information, caused by a flaw in certain errorpage configurations. By sending a specially crafted request, a remote...

F5 NGINX Controller Denial of Service Vulnerability

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A security vulnerability exists in F5 NGINX Controller versions 3.1.0 through 3.3.0, which stems from AVRD setting...

F5 NGINX Controller Authorization Issues Vulnerability

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. An authorization issue vulnerability exists in F5 NGINX Controller versions 3.0.0 through 3.3.0, which stems from t...

CVE-2020-5894

On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out...

CVE-2020-5895

On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault SIGSEGV by writing malformed...

CVE-2020-5894

On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out...

CVE-2020-5895

On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault SIGSEGV by writing malformed...

Design/Logic Flaw

On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault SIGSEGV by writing malformed...

Design/Logic Flaw

On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out...

CVE-2020-5895

On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault SIGSEGV by writing malformed...

CVE-2020-5895

CVE-2020-5895 affects NGINX Controller AVRD in versions 3.1.0–3.3.0, where AVRD sockets are world-readable and world-writable, allowing a local attacker to write arbitrary data and trigger a segmentation fault by sending malformed messages. Remediation: upgrade to 3.4.0 (per advisory) and/or depl...

CVE-2020-5894

The CVE-2020-5894 issue affects NGINX Controller webserver versions 3.0.0–3.3.0. The root cause is that server-side session tokens are not invalidated after logout, enabling a remote attacker who has a valid token to reuse it until it expires. The official advisory indicates that upgrades to 3.4....