Page 3 of 78 results (0.010 seconds)

CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0

NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000133233 https://security.netapp.com/advisory/ntap-20230609-0006 • CWE-276: Incorrect Default Permissions •

CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0

NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000133417 https://security.netapp.com/advisory/ntap-20230609-0006 • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when the non-default trace level logging is enabled. Note: NGINX Agent is included with NGINX Instance Manager and used in conjunction with NGINX API Connectivity Manager, and NGINX Management Suite Security Monitoring. • https://my.f5.com/manage/s/article/K000133135 https://security.netapp.com/advisory/ntap-20230511-0008 • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0

NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. The issue affects only NGINX Plus when the hls directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_hls_module. NGINX Plus versiones anteriores a R27 P1 y R26 P1, presenta una vulnerabilidad en el módulo ngx_http_hls_module que podría permitir a un atacante local corromper la memoria del trabajador de NGINX, resultando en su bloqueo o cualquier otro impacto potencial usando un archivo de audio o vídeo especialmente diseñado. El problema sólo afecta a NGINX Plus cuando es usada la directiva hls en el archivo de configuración. • https://support.f5.com/csp/article/K01112063 • CWE-787: Out-of-bounds Write •

CVSS: 7.1EPSS: 0%CPEs: 13EXPL: 0

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module. NGINX Open Source anteriores as versiones 1.23.2 y 1.22.1, NGINX Open Source Subscription versiones anteriores a R2 P1 y R1 P1, y NGINX Plus versiones anteriores a R27 P1 y R26 P1, presentan una vulnerabilidad en el módulo ngx_http_mp4_module que podría permitir a un atacante local causar un bloqueo del proceso del trabajador, o podría resultar en una divulgación de la memoria del proceso del trabajador mediante el uso de un archivo de audio o vídeo especialmente diseñado. El problema afecta sólo a los productos NGINX que son construidos con el módulo ngx_http_mp4_module, cuando es usada la directiva mp4 en el archivo de configuración. • https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ https://security.netapp.com/advisory/ntap-20230120-0005 https://support.f5.com/csp/article/K28112382 • CWE-787: Out-of-bounds Write •