RockyLinux 9 : nginx (RLSA-2026:7002)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:7002 advisory. nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file modification via...

nginx security update

2:1.20.1-24.0.1.el97.3 - Reference oracle-indexhtml within Requires Orabug: 33802044 - Remove Red Hat references Orabug: 29498217 - Update upstream references Orabug: 36579090 2:1.20.1-24.3 - Resolves: RHEL-176230 - nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 2:1.20.1-24.2...

Oracle Linux 8 : nginx:1.24 (ELSA-2026-18041)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18041 advisory. - Resolves: RHEL-176224 - nginx:1.24/nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 - Resolves: RHEL-157877 CVE-2026-32647 nginx:1.24/ngin...

RHEL 9 : nginx:1.26 (RHSA-2026:15966)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:15966 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage...

Updated nginx packages fix security vulnerabilities

Buffer overflow in ngxhttpdavmodule CVE-2026-27654 Buffer overflow in the ngxhttpmp4module CVE-2026-27784 Buffer overflow in the ngxhttpmp4module CVE-2026-32647 NULL pointer dereference while using CRAM-MD5 or APOP CVE-2026-27651 Injection in authhttp and XCLIENT CVE-2026-28753 OCSP result bypass...

RHEL 9 : nginx (RHSA-2026:14836)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:14836 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage...

MiracleLinux 8 : nginx:1.24 (AXSA:2026-466:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-466:01 advisory. nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file modification...

nginx:1.24 security update

An update is available for module.nginx, nginx. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list nginx is a web and proxy server supporting HTTP and other...

nginx security update

1.20.1-24.0.1.el97.2 - Reference oracle-indexhtml within Requires Orabug: 33802044 - Remove Red Hat references Orabug: 29498217 - Update upstream references Orabug: 36579090 2:1.20.1-24.2 - Resolves: RHEL-159557 - CVE-2026-27654 nginx: NGINX: Denial of Service or file modification via buffer...

nginx:1.24 security update

1.24.0-3.0.1 - Remove Red Hat references Orabug: 29498217 1:1.24.0-3 - Resolves: RHEL-157877 CVE-2026-32647 nginx:1.24/nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files - Resolves: RHEL-159436 CVE-2026-27651 nginx:1.24/nginx: NGINX: Denial of Service via undisclose...

Important: Red Hat Security Advisory: nginx security update

An update for nginx is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

RockyLinux 9 : nginx:1.24 (RLSA-2026:6923)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:6923 advisory. nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file modification via...

CVE-2026-32647 affecting package nginx for versions less than 1.28.3-1

CVE-2026-32647 affecting package nginx for versions less than 1.28.3-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-32647 affecting package nginx for versions less than 1.22.1-16

CVE-2026-32647 affecting package nginx for versions less than 1.22.1-16. A patched version of the package is available...

Linux Distros Unpatched Vulnerability : CVE-2026-32647

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module module, which might allow an attacker to trigger a buffer over-read or over-write ...

CVE-2026-32647

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, using a specially crafted MP4 file. This issue affect...

CVE-2026-32647

Summary: NGINX Open Source and NGNIX Plus may be affected when built with the ngx_http_mp4_module and using the mp4 directive. The issue is a vulnerability in the module that can trigger a buffer over-read or over-write in the worker memory, potentially terminating the worker or enabling code exe...