268 matches found
CVE-2020-5867
In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages...
CVE-2020-5867
In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages...
CVE-2020-5867
In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages...
CVE-2020-5865
In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle MiTM attacks...
CVE-2020-5865
In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle MiTM attacks...
CVE-2020-5866
In versions of NGINX Controller prior to 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments...
CVE-2020-5866
In versions of NGINX Controller prior to 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments...
CVE-2020-5864
In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default...
CVE-2020-5864
In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default...
Default credentials
In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default...
Command injection
In versions of NGINX Controller prior to 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments...
Code injection
In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle MiTM attacks...
CVE-2020-5866
In versions of NGINX Controller prior to 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments...
CVE-2020-5866
The CVE affects F5 NGINX Controller pre-3.3.0: the helper.sh script that is used to change settings accepts sensitive items as command-line arguments. This can cause sensitive data to be exposed in system process listings (ps/top) and stored in bash history; audit logs may also capture them if en...
CVE-2020-5864
In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default...
CVE-2020-5865
The CVE-2020-5865 issue affects NGINX Controller versions prior to 3.3.0, where the Controller communicates with its Postgres database over unencrypted channels. This enables man-in-the-middle interception of data in transit and, as described in the advisory, could allow an attacker to modify use...
OS Command Injection
strong-nginx-controller is vulnerable to OS command injection. Lack of validation and sanitization of the action parameter allows an attacker to inject and execute arbitrary OS commands via the nginxCmd function...
IBM strong-nginx-controller injection vulnerability
IBM strong-nginx-controller is a Nginx server controller from IBM, USA. An injection vulnerability exists in IBM strong-nginx-controller version 1.0.2 and earlier. A remote attacker can exploit the vulnerability to execute arbitrary commands with the first parameter of the 'nginxCmd' function...
Command injection
strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the 'nginxCmd' function...
CVE-2020-7621
The vulnerability affects strong-nginx-controller up to version 1.0.2, where a Command Injection flaw exists in the _nginxCmd() function that could allow an attacker to execute arbitrary commands. The issue is rooted in improper input handling within the module, leading to potential remote comman...