GHSA-MXQH-Q9H6-V8PQ Nginx-UI: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeover

Summary An unauthenticated bootstrap takeover exists in nginx-ui during the initial installation window exposed by POST /api/install. When the instance is still uninitialized, POST /api/install is reachable without authentication and accepts attacker-controlled bootstrap data. The handler sets th...

CVE-2026-42222 nginx-ui: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeover

Nginx UI is a web user interface for the Nginx web server. In version 2.3.5, an unauthenticated bootstrap takeover exists in nginx-ui during the initial installation window exposed by POST /api/install. At time of publication no public patches are available...

CVE-2026-42222

CVE-2026-42222 (nginx-ui 2.3.5) describes an unauthenticated bootstrap takeover during the initial installation window exposed by POST /api/install. The issue allows a remote attacker to submit attacker-chosen bootstrap data and gain full unauthenticated administrative control on a fresh, uniniti...

CVE-2024-5764

CVE-2024-5764 affects Nexus Repository 3.x (3.0.0–3.72.0). It arises from a static hard-coded encryption passphrase used by the PasswordCipher to encrypt secrets in the Nexus configuration database (SMTP/HTTP proxy credentials, tokens, etc.). An administrator could set an alternate passphrase at ...

[SECURITY] Fedora 36 Update: ignition-2.14.0-3.fc36

Ignition is a utility used to manipulate systems during the initramfs. This includes partitioning disks, formatting partitions, writing files regular files, systemd units, etc., and configuring users. On first boot, Ignition reads its configuration from a source of truth remote URL, network...

PT-2022-3346 · Coreos +5 · Ignition +5

Name of the Vulnerable Software and Affected Versions: Ignition versions prior to 2.14.0 Description: A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where...

CVE-2020-1618

On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without any password. This issue might only occur in certain scenarios: • At the first reboot after performing device factory reset using the command...

[SECURITY] Fedora 29 Update: ignition-0.31.0-1.gitf59a653.fc29

Ignition is a utility used to manipulate systems during the initramfs. This includes partitioning disks, formatting partitions, writing files regular files, systemd units, networkd units, etc., and configuring users. On first boot, Ignition reads its configuration from a source of truth remote UR...

App Layering: Machine Time on a Published Image is Wrong at First Boot

When booting a published machine for instance, the template VM for MCS the first time, the local time for Windows is wrong by hours. The timezone is correct, but the initial time is set incorrectly for that time zone. This can break Windows and Office activation, and potentially cause other...

PVS targets experience BSOD: IRQL Not Less or Equal on targets created using XDSW when booting for the first time

PVS Target devices created using Xendesktop Setup Wizard are running in toa blue screen of death issue. The error message displayed on the BSOD screen shows the following message: Your PC ran into a problem and needs to restart. We're just collecting some error info, and then we'll restart for yo...

Windows Server 2003 Service Pack 1

Windows Server 2003 Service Pack 1 SP1 enhances manageability, control, and security infrastructure by providing new security tools such as Security Configuration Wizard, which helps secure your server for role-based operations. SP1 improves defense-in-depth with Data Execution Protection, and...