14 matches found
TencentOS Server 4: nginx (TSSA-2026:0279)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0279 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Fedora 42 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2025-8caa129b2e)
The remote Fedora 42 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-8caa129b2e advisory. Changes with nginx 1.28.1 23 Dec 2025 Security: processing of a specially crafted login/password when using the none authentication method in the...
Fedora 43 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2025-8aa169ea14)
The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-8aa169ea14 advisory. Changes with nginx 1.28.1 23 Dec 2025 Security: processing of a specially crafted login/password when using the none authentication method in the...
Fedora 44 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2025-530e10091c)
The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-530e10091c advisory. Changes with nginx 1.28.1 23 Dec 2025 Security: processing of a specially crafted login/password when using the none authentication method in the...
EUVD-2025-53859
Malicious code in immense-aquamarine-mouse npm...
Mageia: Security Advisory (MGASA-2025-0245)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated nginx package fixes security vulnerability
It was discovered that nginx contains a security issue in the ngxmailsmtpmodule which might allow an attacker to cause buffer over-read potentially resulting in sensitive information leak in a HTTP request to the authentication server CVE-2025-53859...
CVE-2025-53859 affecting package nginx for versions less than 1.22.1-14
CVE-2025-53859 affecting package nginx for versions less than 1.22.1-14. A patched version of the package is available...
OESA-2025-2089 nginx security update
NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication...
nginx 0.7.22 < 1.29.1 Information Disclosure
According to its Sever response header, the installed version of nginx is 0.7.22 prior to 1.29.1. It is, therefore, affected by the following issue : - NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SM...
Low: nginx
Issue Overview: NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server...
Amazon Linux 2 : nginx, --advisory ALAS2NGINX1-2025-009 (ALASNGINX1-2025-009)
The version of nginx installed on the remote host is prior to 1.28.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NGINX1-2025-009 advisory. NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to...
CVE-2025-53859
creationtimestamp| type| source ---|---|--- 2025-08-13 16:14:44+00:00| seen| https://seclists.org/oss-sec/2025/q3/98 2025-08-13 18:50:27+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3lwcikot7oi22 2025-08-14 22:03:28+00:00| seen|...
CVE-2025-53859
NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...