11 matches found
CVE-2019-12208
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njsfunctionnativecall in njs/njsfunction.c...
EUVD-2023-1500
Malicious code in bioql PyPI...
BIT-NGINX-INGRESS-CONTROLLER-2025-1098 ingress-nginx controller - configuration injection via unsanitized mirror annotations
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx...
ingress-nginx controller - configuration injection via unsanitized auth-url annotation
A security issue was discovered in ingress-nginx where the auth-url Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that in the...
ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation
A security issue was discovered in ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note th...
CVE-2025-24513
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or...
CVE-2025-24514
CVE-2025-24514 describes an unauthenticated vulnerability in ingress-nginx where the auth-url annotation injection can modify NGINX config, enabling arbitrary code execution in the ingress-nginx controller and disclosure of controller Secrets. Public PoCs/exploits exist (e.g., Exploit-DB entry 52...
CVE-2025-24513
Technical details for CVE-2025-24513 are not provided in the given documents. Monitor for updates and subsequent disclosures to obtain affected products, root cause, impact, and fixes.
EUVD-2025-8034
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of...
Important: nginx
Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-44487 Affected Packages: nginx Issue Correction: Run dnf update nginx...
MGASA-2017-0231 Updated nginx packages fix security vulnerability
A security issue was identified in nginx range filter. A specially crafted request might result in an integer overflow and incorrect processing of ranges, potentially resulting in sensitive information leak CVE-2017-7529...