Nginx Ingress Controller

DATE	CVE	VULNERABILITY TITLE	RISK
2024-11-06	CVE-2024-10318	Session Fixation vulnerability in F5 products A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. network low complexity f5 CWE-384	5.4
2023-10-10	CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. network low complexity ietf nghttp2 netty envoyproxy eclipse caddyserver golang f5 apache apple grpc microsoft nodejs dena facebook amazon debian kazu-yamamoto istio varnish-cache-project traefik projectcontour linkerd linecorp redhat fedoraproject netapp akka konghq jenkins openresty cisco	7.5
2022-10-19	CVE-2022-41741	Out-of-bounds Write vulnerability in multiple products NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. local low complexity f5 fedoraproject debian CWE-787	7.8
2022-10-19	CVE-2022-41742	Out-of-bounds Write vulnerability in multiple products NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. local low complexity f5 fedoraproject debian CWE-787	7.1
2022-10-19	CVE-2022-41743	Out-of-bounds Write vulnerability in F5 Nginx Ingress Controller and Nginx Plus NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. local high complexity f5 CWE-787	7.0
2022-08-04	CVE-2022-30535	Improper Input Validation vulnerability in F5 Nginx Ingress Controller In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. network low complexity f5 CWE-20	6.5
2022-04-21	CVE-2021-23055	Unspecified vulnerability in F5 Nginx Ingress Controller On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. network low complexity f5	6.5