111 matches found
BIT-OPENRESTY-2020-36309
ngxhttpluamodule aka lua-nginx-module before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header...
Ubuntu 16.04 ESM : Phusion Passenger vulnerabilities (USN-5261-1)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5261-1 advisory. It was discovered that Phusion Passenger incorrectly handled a file path in the application root folder. An attacker could possibly use this issue to rea...
SUSE CVE-2016-10345
In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user...
SUSE CVE-2018-12029
A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passengerinstanceregistrydir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...
CVE-2022-41742
A vulnerability was found in NGINX’s module, ngxhttpmp4module. This flaw allows a local attacker to cause a worker process crash or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products built with ngxhttpmp4module...
Vulnerabilities fixed in several F5 products
F5 has fixed several vulnerabilities in BIG-IP and NGINX. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution...
CVE-2022-31306
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njsarrayconverttoslowarray at src/njsarray.c...
GHSA-JJCJ-FGFM-9G9R Phusion Passenger Race Condition Allows Privilege Escalation
A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passengerinstanceregistrydir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...
Phusion Passenger Race Condition Allows Privilege Escalation
A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passengerinstanceregistrydir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...
USN-5261-1 passenger vulnerabilities
It was discovered that Phusion Passenger incorrectly handled a file path in the application root folder. An attacker could possibly use this issue to read arbitrary files. CVE-2017-16355 It was discovered that Phusion Passenger had a race condition in the nginx module that could be used to perfor...
USN-5261-1: Phusion Passenger vulnerabilities
It was discovered that Phusion Passenger incorrectly handled a file path in the application root folder. An attacker could possibly use this issue to read arbitrary files. CVE-2017-16355 It was discovered that Phusion Passenger had a race condition in the nginx module that could be used to perfor...
new module: nginx:1.20
An update is available for nginx. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This enhancement update adds the nginx:1.20 module to Rocky Linux 8. BZ1945671...
SUSE: Security Advisory (SUSE-SU-2018:2039-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : netdata (openSUSE-2021-647)
This update for netdata fixes the following issues : - Update to 1.29.3 Release v1.29.3 is a patch release to improve the stability of the Netdata Agent. We discovered a bug that when proc.plugin attempts to collect the operstate parameter for a virtual network interface. If the chart is obsolete...
MTN Group: Cross-site Scripting (XSS) - Reflected on http://h1b4e.n2.ips.mtn.co.ug:8080 via Nginx-module
The Cross-site Scripting XSS vulnerability was discovered on http://h1b4e.n2.ips.mtn.co.ug:8080 via the Nginx module. The vulnerability allowed the injection of arbitrary JavaScript code through the URL, which could be executed in the victim's browser...
DEBIAN-CVE-2020-36309
ngxhttpluamodule aka lua-nginx-module before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header...
Cross site request forgery (csrf)
ngxhttpluamodule aka lua-nginx-module before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header...
UBUNTU-CVE-2020-36309
ngxhttpluamodule aka lua-nginx-module before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header...
CVE-2021-21335
In the SPNEGO HTTP Authentication Module for nginx spnego-http-auth-nginx-module before version 1.1.1 basic Authentication can be bypassed using a malformed username. This affects users of spnego-http-auth-nginx-module that have enabled basic authentication. This is fixed in version 1.1.1 of...
spnego-http-auth-nginx-module 授权问题漏洞
Sean Timothy Noonan spnego-http-auth-nginx-module is a Sean Timothy Noonan open source application. It provides a way to add SPNEGO support to nginx functionality. A security vulnerability exists in SPNEGO HTTP Authentication Module for nginx, which stems from the fact that basic authentication c...