Lucene search
K

9 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.8 views

Photon OS 5.0: Nginx PHSA-2026-5.0-0857

An update of the nginx package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0857. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

6.9CVSS6.2AI score0.00367EPSS
Exploits0References4
Mageia
Mageia
added 2026/05/07 5:6 a.m.17 views

Updated nginx packages fix security vulnerabilities

Buffer overflow in ngxhttpdavmodule CVE-2026-27654 Buffer overflow in the ngxhttpmp4module CVE-2026-27784 Buffer overflow in the ngxhttpmp4module CVE-2026-32647 NULL pointer dereference while using CRAM-MD5 or APOP CVE-2026-27651 Injection in authhttp and XCLIENT CVE-2026-28753 OCSP result bypass...

8.8CVSS7.5AI score0.21621EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.5 views

nginx 0.6.27 < 1.28.3 / 1.29.x < 1.29.7 SMTP Upstream Injection

The installed version of nginx is 0.6.27 prior to 1.28.3, or 1.29.x prior to 1.29.7. It is, therefore, affected by the following issue : - NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This...

6.3CVSS5.9AI score0.00264EPSS
Exploits0References3
CBLMariner
CBLMariner
added 2026/03/30 3:47 p.m.3 views

CVE-2026-28753 affecting package nginx for versions less than 1.22.1-16

CVE-2026-28753 affecting package nginx for versions less than 1.22.1-16. A patched version of the package is available...

6.3CVSS5.8AI score0.00264EPSS
Exploits0
NVD
NVD
added 2026/03/24 3:16 p.m.5 views

CVE-2026-28753

NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation...

6.3CVSS0.00264EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/24 3:16 p.m.9 views

CVE-2026-28753

NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation...

6.3CVSS5.8AI score0.00264EPSS
Exploits0References3
OSV
OSV
added 2026/03/24 3:16 p.m.6 views

UBUNTU-CVE-2026-28753

NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation...

6.3CVSS5.6AI score0.00264EPSS
Exploits0References5
Nginx
Nginx
added 2026/03/24 2:13 p.m.165 views

Injection in auth_http and XCLIENT

Injection in authhttp and XCLIENT Severity: medium CVE-2026-28753 Not vulnerable: 1.29.7+, 1.28.3+ Vulnerable: 0.6.27-1.29.6...

6.3CVSS5.8AI score0.00264EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2026/03/24 2:13 p.m.3 views

CVE-2026-28753

NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation...

6.3CVSS5.6AI score0.00264EPSS
Exploits0
Rows per page
Query Builder