CVE-2026-27944

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to...

EUVD-2019-16207

Malware in sbrugna...

K74327432: F5 Container Ingress Services vulnerability CVE-2019-6648

Security Advisory Description If DEBUG logging is enabled, F5 Container Ingress Services CIS for Kubernetes and Red Hat OpenShift k8s-bigip-ctlr log files may contain BIG-IP system secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration...

GoDaddy Data Breach Exposes Over 1 Million WordPress Customers' Data

Web hosting giant GoDaddy on Monday disclosed a data breach that resulted in the unauthorized access of data belonging to a total of 1.2 million active and inactive customers, making it the third security incident to come to light since 2018. In a filing with the U.S. Securities and Exchange...

CVE-2019-6648

On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service CIS for Kubernetes and Red Hat OpenShift k8s-bigip-ctlr log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration...

Design/Logic Flaw

On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service CIS for Kubernetes and Red Hat OpenShift k8s-bigip-ctlr log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration...

PT-2019-18230 · F5 +1 · F5 Container Ingress Service +3

Name of the Vulnerable Software and Affected Versions: F5 Container Ingress Service CIS for Kubernetes and Red Hat OpenShift k8s-bigip-ctlr version 1.9.0 Description: The issue concerns the logging of sensitive information. When DEBUG logging is enabled on the affected version, log files may...

Check Point Endpoint Security Server Information Disclosure

Check Point Endpoint Security Server or Integrity Server appears to be running on the remote system. The installed version exposes certain private directories, which contain sensitive information such as SSL private keys, configuration files, and certain application binaries. An unauthenticated,...

R7-0038: Check Point Endpoint Security Server Information Disclosure

R7-0038: Check Point Endpoint Security Server Information Disclosure February 7, 2011 -- Vulnerability Details: The Check Point Endpoint Security Server and Integrity Server products inadvertently expose a number of private directories through the web interface. These directories include the SSL...