268 matches found
CVE-2020-5899
In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset using the email address ...
CVE-2020-5900
In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient cross-site request forgery CSRF protections for the NGINX Controller user interface...
The vulnerability of the Analytics, Visibility, and Reporting services of the NGINX Controller monitoring and management application platform allows a hacker to execute arbitrary code.
The vulnerability of the Analytics, Visibility, and Reporting services of the NGINX Controller monitoring and management platform is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
F5 NGINX Controller Cross-Site Scripting Vulnerability
F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A cross-site scripting vulnerability exists in the NGINX Controller API in F5 NGINX Controller versions 3.3.0 throu...
F5 NGINX Controller Cross-Site Request Forgery Vulnerability
F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A cross-site request forgery vulnerability exists in the NGINX Controller user interface in F5 NGINX Controller...
F5 NGINX Controller Authorization Issue Vulnerability (CNVD-2020-51553)
F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. An authorization issue vulnerability exists in F5 NGINX Controller versions 3.0.0 through 3.4.0 in NGINX Controller...
F5 NGINX Controller Denial of Service Vulnerability
F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A security vulnerability exists in F5 NGINX Controller versions 3.1.0 through 3.3.0, which stems from AVRD setting...
F5 NGINX Controller Authorization Issues Vulnerability
F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. An authorization issue vulnerability exists in F5 NGINX Controller versions 3.0.0 through 3.3.0, which stems from t...
CVE-2020-5895
On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault SIGSEGV by writing malformed...
CVE-2020-5894
On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out...
CVE-2020-5895
On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault SIGSEGV by writing malformed...
CVE-2020-5894
On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out...
Design/Logic Flaw
On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out...
Design/Logic Flaw
On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault SIGSEGV by writing malformed...
CVE-2020-5894
On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out...
CVE-2020-5894
The CVE-2020-5894 issue affects NGINX Controller webserver versions 3.0.0–3.3.0. The root cause is that server-side session tokens are not invalidated after logout, enabling a remote attacker who has a valid token to reuse it until it expires. The official advisory indicates that upgrades to 3.4....
F5 NGINX Controller Input Validation Error Vulnerability
F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A security vulnerability exists in F5 NGINX Controller versions prior to 3.3.0, which stems from an install.sh scri...
F5 NGINX Controller Trust Management Issue Vulnerability
F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A security vulnerability exists in F5 NGINX Controller versions prior to 3.2.0, which stems from the fact that by...
F5 NGINX Controller Information Disclosure Vulnerability (CNVD-2020-33346)
F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A security vulnerability exists in F5 NGINX Controller versions prior to 3.3.0 that originates when NGINX Controlle...
F5 NGINX Controller Information Disclosure Vulnerability
F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A security vulnerability exists in the helper.sh script in F5 NGINX Controller versions prior to 3.3.0. An attacker...