Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4
CVE-2024-10318
- EPSS 0.12%
- Published 06.11.2024 17:15:13
- Last modified 08.11.2024 19:51:49
A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. This flaw allows an attacker to fix a victim's session to an attacker-controlled account. As a result, although...
7.1
CVE-2023-28724
- EPSS 0.08%
- Published 03.05.2023 15:15:13
- Last modified 10.04.2025 20:32:16
NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager. Note: Software versions which have reached End of Techn...
8.1
CVE-2023-28656
- EPSS 0.2%
- Published 03.05.2023 15:15:12
- Last modified 19.05.2025 14:45:09
NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
1