Lucene search
K

268 matches found

Cvelist
Cvelist
added 2020/07/01 2:1 p.m.25 views

CVE-2020-5899

In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset using the email address ...

7.6AI score0.00185EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/07/01 1:59 p.m.26 views

CVE-2020-5900

In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient cross-site request forgery CSRF protections for the NGINX Controller user interface...

8.9AI score0.00452EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/06/17 12:0 a.m.4 views

The vulnerability of the Analytics, Visibility, and Reporting services of the NGINX Controller monitoring and management application platform allows a hacker to execute arbitrary code.

The vulnerability of the Analytics, Visibility, and Reporting services of the NGINX Controller monitoring and management platform is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

7.8CVSS8AI score0.00292EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2020/06/12 12:0 a.m.2 views

F5 NGINX Controller Cross-Site Scripting Vulnerability

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A cross-site scripting vulnerability exists in the NGINX Controller API in F5 NGINX Controller versions 3.3.0 throu...

9.6CVSS6.1AI score0.01466EPSS
Exploits0References1
CNVD
CNVD
added 2020/06/12 12:0 a.m.3 views

F5 NGINX Controller Cross-Site Request Forgery Vulnerability

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A cross-site request forgery vulnerability exists in the NGINX Controller user interface in F5 NGINX Controller...

8.8CVSS7AI score0.00452EPSS
Exploits0References1
CNVD
CNVD
added 2020/06/12 12:0 a.m.4 views

F5 NGINX Controller Authorization Issue Vulnerability (CNVD-2020-51553)

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. An authorization issue vulnerability exists in F5 NGINX Controller versions 3.0.0 through 3.4.0 in NGINX Controller...

7.8CVSS7.3AI score0.00185EPSS
Exploits0References1
CNVD
CNVD
added 2020/05/08 12:0 a.m.4 views

F5 NGINX Controller Denial of Service Vulnerability

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A security vulnerability exists in F5 NGINX Controller versions 3.1.0 through 3.3.0, which stems from AVRD setting...

7.8CVSS6.5AI score0.00292EPSS
Exploits0References1
CNVD
CNVD
added 2020/05/08 12:0 a.m.2 views

F5 NGINX Controller Authorization Issues Vulnerability

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. An authorization issue vulnerability exists in F5 NGINX Controller versions 3.0.0 through 3.3.0, which stems from t...

8.1CVSS7.1AI score0.01019EPSS
Exploits0References1
NVD
NVD
added 2020/05/07 1:15 p.m.26 views

CVE-2020-5895

On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault SIGSEGV by writing malformed...

7.8CVSS7.6AI score0.00292EPSS
Exploits0References2
NVD
NVD
added 2020/05/07 1:15 p.m.25 views

CVE-2020-5894

On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out...

8.1CVSS8.1AI score0.01019EPSS
Exploits0References1
OSV
OSV
added 2020/05/07 1:15 p.m.7 views

CVE-2020-5895

On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault SIGSEGV by writing malformed...

7.8CVSS5.9AI score0.00292EPSS
Exploits0References2
OSV
OSV
added 2020/05/07 1:15 p.m.4 views

CVE-2020-5894

On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out...

8.1CVSS7.3AI score
Exploits0References1
Prion
Prion
added 2020/05/07 1:15 p.m.20 views

Design/Logic Flaw

On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out...

5.8CVSS8AI score0.01019EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/05/07 1:15 p.m.20 views

Design/Logic Flaw

On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault SIGSEGV by writing malformed...

4.6CVSS7.5AI score0.00292EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/05/07 12:25 p.m.26 views

CVE-2020-5894

On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out...

8.1AI score0.01019EPSS
Exploits0References1
CVE
CVE
added 2020/05/07 12:25 p.m.60 views

CVE-2020-5894

The CVE-2020-5894 issue affects NGINX Controller webserver versions 3.0.0–3.3.0. The root cause is that server-side session tokens are not invalidated after logout, enabling a remote attacker who has a valid token to reuse it until it expires. The official advisory indicates that upgrades to 3.4....

8.1CVSS8AI score0.01019EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2020/04/24 12:0 a.m.3 views

F5 NGINX Controller Input Validation Error Vulnerability

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A security vulnerability exists in F5 NGINX Controller versions prior to 3.3.0, which stems from an install.sh scri...

8.1CVSS6.9AI score0.004EPSS
Exploits0References1
CNVD
CNVD
added 2020/04/24 12:0 a.m.2 views

F5 NGINX Controller Trust Management Issue Vulnerability

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A security vulnerability exists in F5 NGINX Controller versions prior to 3.2.0, which stems from the fact that by...

7.4CVSS6.8AI score0.01033EPSS
Exploits0References1
CNVD
CNVD
added 2020/04/24 12:0 a.m.3 views

F5 NGINX Controller Information Disclosure Vulnerability (CNVD-2020-33346)

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A security vulnerability exists in F5 NGINX Controller versions prior to 3.3.0 that originates when NGINX Controlle...

5.8CVSS6.7AI score0.0039EPSS
Exploits0References1
CNVD
CNVD
added 2020/04/24 12:0 a.m.3 views

F5 NGINX Controller Information Disclosure Vulnerability

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A security vulnerability exists in the helper.sh script in F5 NGINX Controller versions prior to 3.3.0. An attacker...

5.5CVSS6.7AI score0.00326EPSS
Exploits0References1
Rows per page
Query Builder