F5

Nginx Instance Manager

14 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Medienbericht
  • EPSS 3.14%
  • Veröffentlicht 17.06.2026 14:04:32
  • Zuletzt bearbeitet 09.07.2026 13:17:08

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_module and ngx_http_grpc_module modules. This vulnerability exists when the proxy_http_version to 2 or grpc_pass directives are used to proxy HTTP/2 traffic, the ignore_in...

Medienbericht
  • EPSS 3.23%
  • Veröffentlicht 17.06.2026 14:04:32
  • Zuletzt bearbeitet 02.07.2026 20:03:41

NGINX Open Source has a vulnerability in the ngx_http_v3_module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/...

  • EPSS 0.4%
  • Veröffentlicht 17.06.2026 14:04:32
  • Zuletzt bearbeitet 22.06.2026 16:50:00

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When content is served or proxied through a location block with both source_charset utf-8; and a charset directive (for example, charset koi8-r;) configured,...

Medienbericht
  • EPSS 0.37%
  • Veröffentlicht 13.05.2026 14:12:45
  • Zuletzt bearbeitet 29.06.2026 14:17:01

When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting.  Note: Software versions which have reached E...

Medienbericht
  • EPSS 0.93%
  • Veröffentlicht 13.05.2026 14:12:44
  • Zuletzt bearbeitet 16.06.2026 19:58:09

A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result in excessive memory allocation or an over-read of data. When scgi_pass or uwsgi_pass is configured, an unauthenticated attacker with man-in-the-middl...

Medienbericht
  • EPSS 0.68%
  • Veröffentlicht 13.05.2026 14:12:43
  • Zuletzt bearbeitet 23.06.2026 13:57:51

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssl_module module when the ssl_verify_client directive is set to "on" or "optional," and the ssl_ocsp directive is set to "on" or the leaf parameters are configured with a resolver...

Medienbericht Exploit
  • EPSS 61.47%
  • Veröffentlicht 13.05.2026 14:12:43
  • Zuletzt bearbeitet 27.06.2026 05:16:45

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) ...

  • EPSS 0.34%
  • Veröffentlicht 04.02.2026 15:02:06
  • Zuletzt bearbeitet 13.02.2026 21:35:01

A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker...

  • EPSS 0.34%
  • Veröffentlicht 06.11.2024 17:15:13
  • Zuletzt bearbeitet 08.11.2024 19:51:49

A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. This flaw allows an attacker to fix a victim's session to an attacker-controlled account. As a result, although...

  • EPSS 0.47%
  • Veröffentlicht 22.08.2024 18:15:10
  • Zuletzt bearbeitet 24.01.2025 16:14:16

NGINX Agent's "config_dirs" restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the designated secure directory.