Lucene search
K

268 matches found

OSV
OSV
added 2020/04/23 8:15 p.m.8 views

CVE-2020-5867

In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages...

8.1CVSS7.3AI score0.004EPSS
Exploits0References2
NVD
NVD
added 2020/04/23 8:15 p.m.23 views

CVE-2020-5867

In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages...

8.1CVSS8.1AI score0.004EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/04/23 7:58 p.m.30 views

CVE-2020-5867

In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages...

8.1AI score0.004EPSS
Exploits0References2
OSV
OSV
added 2020/04/23 7:15 p.m.3 views

CVE-2020-5865

In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle MiTM attacks...

4.8CVSS5.8AI score0.0039EPSS
Exploits0References2
NVD
NVD
added 2020/04/23 7:15 p.m.25 views

CVE-2020-5865

In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle MiTM attacks...

5.8CVSS5.1AI score0.0039EPSS
Exploits0References2
OSV
OSV
added 2020/04/23 7:15 p.m.2 views

CVE-2020-5866

In versions of NGINX Controller prior to 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments...

5.5CVSS5.8AI score0.00326EPSS
Exploits0References2
NVD
NVD
added 2020/04/23 7:15 p.m.29 views

CVE-2020-5866

In versions of NGINX Controller prior to 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments...

5.5CVSS5.5AI score0.00326EPSS
Exploits0References2
OSV
OSV
added 2020/04/23 7:15 p.m.2 views

CVE-2020-5864

In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default...

7.4CVSS7.1AI score
Exploits0References2
NVD
NVD
added 2020/04/23 7:15 p.m.28 views

CVE-2020-5864

In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default...

7.4CVSS7.4AI score0.01033EPSS
Exploits0References2
Prion
Prion
added 2020/04/23 7:15 p.m.28 views

Default credentials

In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default...

5.8CVSS7.4AI score0.01033EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/04/23 7:15 p.m.20 views

Command injection

In versions of NGINX Controller prior to 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments...

2.1CVSS5.4AI score0.00326EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/04/23 7:15 p.m.15 views

Code injection

In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle MiTM attacks...

5.8CVSS5AI score0.0039EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/04/23 6:37 p.m.22 views

CVE-2020-5866

In versions of NGINX Controller prior to 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments...

5.5AI score0.00326EPSS
Exploits0References2
CVE
CVE
added 2020/04/23 6:37 p.m.49 views

CVE-2020-5866

The CVE affects F5 NGINX Controller pre-3.3.0: the helper.sh script that is used to change settings accepts sensitive items as command-line arguments. This can cause sensitive data to be exposed in system process listings (ps/top) and stored in bash history; audit logs may also capture them if en...

5.5CVSS5.4AI score0.00326EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/04/23 6:32 p.m.28 views

CVE-2020-5864

In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default...

7.5AI score0.01033EPSS
Exploits0References2
CVE
CVE
added 2020/04/23 6:16 p.m.54 views

CVE-2020-5865

The CVE-2020-5865 issue affects NGINX Controller versions prior to 3.3.0, where the Controller communicates with its Postgres database over unencrypted channels. This enables man-in-the-middle interception of data in transit and, as described in the advisory, could allow an attacker to modify use...

5.8CVSS5AI score0.0039EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2020/04/03 10:38 a.m.18 views

OS Command Injection

strong-nginx-controller is vulnerable to OS command injection. Lack of validation and sanitization of the action parameter allows an attacker to inject and execute arbitrary OS commands via the nginxCmd function...

9.8CVSS5.4AI score0.02941EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2020/04/03 12:0 a.m.2 views

IBM strong-nginx-controller injection vulnerability

IBM strong-nginx-controller is a Nginx server controller from IBM, USA. An injection vulnerability exists in IBM strong-nginx-controller version 1.0.2 and earlier. A remote attacker can exploit the vulnerability to execute arbitrary commands with the first parameter of the 'nginxCmd' function...

9.8CVSS8AI score0.02941EPSS
Exploits0References1
Prion
Prion
added 2020/04/02 9:15 p.m.21 views

Command injection

strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the 'nginxCmd' function...

7.5CVSS9.7AI score0.02941EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/04/02 8:49 p.m.71 views

CVE-2020-7621

The vulnerability affects strong-nginx-controller up to version 1.0.2, where a Command Injection flaw exists in the _nginxCmd() function that could allow an attacker to execute arbitrary commands. The issue is rooted in improper input handling within the module, leading to potential remote comman...

9.8CVSS9.6AI score0.02941EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder