CVE-2020-5894

The CVE-2020-5894 issue affects NGINX Controller webserver versions 3.0.0–3.3.0. The root cause is that server-side session tokens are not invalidated after logout, enabling a remote attacker who has a valid token to reuse it until it expires. The official advisory indicates that upgrades to 3.4....

CVE-2020-5894

On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out...

SUSE SLES15 Security Update : nginx (SUSE-SU-2020:1171-1)

This update for nginx fixes the following issues : nginx was updated to 1.16.1 jscECO-1401 Added TLS 1.3 support jscSLE-9295, bsc1150711 Replaced obsolete GeoIP module with MaxMinDB-based GeoIP2 jscSLE-11184, bsc1156202 Started nginx after network is online bsc1155690 CVE-2019-20372: Fixed an HTT...

Nginx Vulnerabilities Jul 2017 - Oct 2019

Summary Symantec SWG products using affected versions of Nginx may be susceptible to multiple Nginx vulnerabilities. A remote attacker can use crafted requests to obtain sensitive information or cause denial of service. An attacker can also obtain sensitive information or cause denial of service ...

Exploit for Out-of-bounds Write in Php

PoC CVE-2019-11043 A Python implementation of the CVE-2019-110...

nginx Installed (Linux/UNIX)

Binary data nginxnixinstalled.nbin...

SUSE-SU-2020:1171-1 Security update for nginx

This update for nginx fixes the following issues: nginx was updated to 1.16.1 jscECO-1401 - Added TLS 1.3 support jscSLE-9295, bsc1150711 - Replaced obsolete GeoIP module with MaxMinDB-based GeoIP2 jscSLE-11184, bsc1156202 - Started nginx after network is online bsc1155690 - CVE-2019-20372: Fixed...

Authelia - The Single Sign-On Multi-Factor Portal For Web Apps

Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on SSO for your applications via a web portal. It acts as a companion of reverse proxies like nginx, Traefik or HAProxy to let them know whether queries should pass through...

CVE-2020-12443

BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename lowercase value can be a .pdf filename while the presFilename mixed case value has a ../ sequence. This can be leveraged for privilege escalation via a directory traversal to...

CVE-2020-12443

BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename lowercase value can be a .pdf filename while the presFilename mixed case value has a ../ sequence. This can be leveraged for privilege escalation via a directory traversal to...

Directory traversal

BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename lowercase value can be a .pdf filename while the presFilename mixed case value has a ../ sequence. This can be leveraged for privilege escalation via a directory traversal to...

CVE-2020-12443

BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename lowercase value can be a .pdf filename while the presFilename mixed case value has a ../ sequence. This can be leveraged for privilege escalation via a directory traversal to...

F5 NGINX Controller Input Validation Error Vulnerability

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A security vulnerability exists in F5 NGINX Controller versions prior to 3.3.0, which stems from an install.sh scri...

F5 NGINX Controller Information Disclosure Vulnerability (CNVD-2020-33346)

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A security vulnerability exists in F5 NGINX Controller versions prior to 3.3.0 that originates when NGINX Controlle...

F5 NGINX Controller Information Disclosure Vulnerability

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A security vulnerability exists in the helper.sh script in F5 NGINX Controller versions prior to 3.3.0. An attacker...

F5 NGINX Controller Trust Management Issue Vulnerability

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A security vulnerability exists in F5 NGINX Controller versions prior to 3.2.0, which stems from the fact that by...

CVE-2020-5867

In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages...

CVE-2020-5867

In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages...

Design/Logic Flaw

In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages...

CVE-2020-5867

The CVE-2020-5867 issue affects the NGINX Controller Agent installer script (install.sh) used by the NGINX Controller. In versions prior to 3.3.0, it uses HTTP instead of HTTPS to check and install packages, creating a MITM risk where malicious packages could be forged and installed on affected N...