Lucene search
K

111 matches found

OSV
OSV
added 2024/03/06 10:59 a.m.27 views

BIT-OPENRESTY-2020-36309

ngxhttpluamodule aka lua-nginx-module before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header...

5.3CVSS6AI score0.01313EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/10/20 12:0 a.m.32 views

Ubuntu 16.04 ESM : Phusion Passenger vulnerabilities (USN-5261-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5261-1 advisory. It was discovered that Phusion Passenger incorrectly handled a file path in the application root folder. An attacker could possibly use this issue to rea...

7CVSS6.8AI score0.00358EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:53 a.m.4 views

SUSE CVE-2016-10345

In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user...

7.8CVSS6.8AI score0.00464EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:27 a.m.2 views

SUSE CVE-2018-12029

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passengerinstanceregistrydir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...

8.1CVSS6.7AI score0.00276EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2022/11/10 4:56 a.m.79 views

CVE-2022-41742

A vulnerability was found in NGINX’s module, ngxhttpmp4module. This flaw allows a local attacker to cause a worker process crash or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products built with ngxhttpmp4module...

7.1CVSS6.7AI score0.01069EPSS
Exploits2References4
NCSC
NCSC
added 2022/10/20 12:0 a.m.51 views

Vulnerabilities fixed in several F5 products

F5 has fixed several vulnerabilities in BIG-IP and NGINX. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution...

8.8CVSS7.7AI score0.011EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 2022/06/21 1:15 p.m.3 views

CVE-2022-31306

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njsarrayconverttoslowarray at src/njsarray.c...

5.5CVSS6.1AI score0.00628EPSS
Exploits1References3
OSV
OSV
added 2022/05/14 1:27 a.m.25 views

GHSA-JJCJ-FGFM-9G9R Phusion Passenger Race Condition Allows Privilege Escalation

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passengerinstanceregistrydir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...

7CVSS5.5AI score0.00276EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/05/14 1:27 a.m.28 views

Phusion Passenger Race Condition Allows Privilege Escalation

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passengerinstanceregistrydir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...

7CVSS6.9AI score0.00276EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2022/02/01 5:55 p.m.4 views

USN-5261-1 passenger vulnerabilities

It was discovered that Phusion Passenger incorrectly handled a file path in the application root folder. An attacker could possibly use this issue to read arbitrary files. CVE-2017-16355 It was discovered that Phusion Passenger had a race condition in the nginx module that could be used to perfor...

7CVSS6.8AI score0.00358EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2022/02/01 5:55 p.m.204 views

USN-5261-1: Phusion Passenger vulnerabilities

It was discovered that Phusion Passenger incorrectly handled a file path in the application root folder. An attacker could possibly use this issue to read arbitrary files. CVE-2017-16355 It was discovered that Phusion Passenger had a race condition in the nginx module that could be used to perfor...

7CVSS6.7AI score0.00358EPSS
Exploits0
Rockylinux
Rockylinux
added 2021/11/09 8:39 a.m.14 views

new module: nginx:1.20

An update is available for nginx. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This enhancement update adds the nginx:1.20 module to Rocky Linux 8. BZ1945671...

1.9AI score
Exploits0
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.25 views

SUSE: Security Advisory (SUSE-SU-2018:2039-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7CVSS7AI score0.00276EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/05/18 12:0 a.m.195 views

openSUSE Security Update : netdata (openSUSE-2021-647)

This update for netdata fixes the following issues : - Update to 1.29.3 Release v1.29.3 is a patch release to improve the stability of the Netdata Agent. We discovered a bug that when proc.plugin attempts to collect the operstate parameter for a virtual network interface. If the chart is obsolete...

7.5CVSS8.2AI score0.02172EPSS
Exploits3References15
Hacker One
Hacker One
added 2021/04/09 5:55 p.m.8 views

MTN Group: Cross-site Scripting (XSS) - Reflected on http://h1b4e.n2.ips.mtn.co.ug:8080 via Nginx-module

The Cross-site Scripting XSS vulnerability was discovered on http://h1b4e.n2.ips.mtn.co.ug:8080 via the Nginx module. The vulnerability allowed the injection of arbitrary JavaScript code through the URL, which could be executed in the victim's browser...

6.5AI score
Exploits0
OSV
OSV
added 2021/04/06 7:15 p.m.1 views

DEBIAN-CVE-2020-36309

ngxhttpluamodule aka lua-nginx-module before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header...

5.3CVSS5.6AI score0.01313EPSS
Exploits0References1
Prion
Prion
added 2021/04/06 7:15 p.m.24 views

Cross site request forgery (csrf)

ngxhttpluamodule aka lua-nginx-module before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header...

5CVSS5.8AI score0.01313EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/04/06 7:15 p.m.5 views

UBUNTU-CVE-2020-36309

ngxhttpluamodule aka lua-nginx-module before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header...

5.3CVSS6AI score0.01313EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2021/03/08 9:15 p.m.6 views

CVE-2021-21335

In the SPNEGO HTTP Authentication Module for nginx spnego-http-auth-nginx-module before version 1.1.1 basic Authentication can be bypassed using a malformed username. This affects users of spnego-http-auth-nginx-module that have enabled basic authentication. This is fixed in version 1.1.1 of...

9.8CVSS5.4AI score0.0166EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2021/03/08 12:0 a.m.4 views

spnego-http-auth-nginx-module 授权问题漏洞

Sean Timothy Noonan spnego-http-auth-nginx-module is a Sean Timothy Noonan open source application. It provides a way to add SPNEGO support to nginx functionality. A security vulnerability exists in SPNEGO HTTP Authentication Module for nginx, which stems from the fact that basic authentication c...

9.8CVSS8.3AI score0.0166EPSS
Exploits0References2
Rows per page
Query Builder