Lucene search
+L

99 matches found

redhat
redhat
added 2026/05/05 6:16 p.m.12 views

NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled

A flaw was found in NGINX, specifically within the ngxmailauthhttpmodule. When this module is enabled, and CRAM-MD5 or APOP authentication is active with an authentication server that permits retries, undisclosed requests can cause NGINX worker processes to terminate. This can lead to a Denial of...

8.7CVSS5.8AI score0.00921EPSS
Exploits0References5
redhat
redhat
added 2026/05/05 10:38 a.m.15 views

Important: Red Hat Security Advisory: nginx security update

An update for nginx is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

8.8CVSS7.7AI score0.21621EPSS
Exploits0References5
redhat
redhat
added 2026/05/05 10:38 a.m.9 views

NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled

A flaw was found in NGINX, specifically within the ngxmailauthhttpmodule. When this module is enabled, and CRAM-MD5 or APOP authentication is active with an authentication server that permits retries, undisclosed requests can cause NGINX worker processes to terminate. This can lead to a Denial of...

8.7CVSS5.8AI score0.00921EPSS
Exploits0References5
redhat
redhat
added 2026/05/05 8:41 a.m.12 views

NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled

A flaw was found in NGINX, specifically within the ngxmailauthhttpmodule. When this module is enabled, and CRAM-MD5 or APOP authentication is active with an authentication server that permits retries, undisclosed requests can cause NGINX worker processes to terminate. This can lead to a Denial of...

8.7CVSS5.8AI score0.00921EPSS
Exploits0References5
nessus
nessus
added 2026/05/05 12:0 a.m.6 views

RHEL 9 : nginx (RHSA-2026:13680)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:13680 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage...

8.8CVSS7.7AI score0.21621EPSS
Exploits0References10
osv
osv
added 2026/05/04 8:34 a.m.7 views

CLSA-2026-1777883671 nginx: Fix of 2 CVEs

CVE-2026-27651: fix null pointer dereference in ngxmailauthhttpmodule when authentication retry is enabled with CRAM-MD5 or APOP - CVE-2026-32647: fix buffer over-read/write in ngxhttpmp4module when processing crafted mp4 files with empty stco/co64 atoms...

8.7CVSS6.1AI score0.00921EPSS
Exploits0References1
nessus
nessus
added 2026/04/28 12:0 a.m.105 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : nginx vulnerabilities (USN-8210-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8210-1 advisory. It was discovered that the nginx ngxmailauthhttpmodule module incorrectly handled certain requests. An attacker could possibly use th...

8.8CVSS9.2AI score0.21621EPSS
Exploits0References7
osv
osv
added 2026/04/24 9:17 a.m.13 views

CLSA-2026-1777022242 nginx: Fix of 2 CVEs

CVE-2026-32647: fix buffer over-read/over-write in ngxhttpmp4module via integer overflow, off-by-one boundary checks, and zero sync sample validation in stss atom - CVE-2026-27651: fix NULL pointer dereference in ngxmailauthhttpmodule when using CRAM-MD5 or APOP authentication with Auth-Wait...

8.7CVSS6.1AI score0.00921EPSS
Exploits0References1
nessus
nessus
added 2026/04/23 12:0 a.m.5 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: nginx (UTSA-2026-014291)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014291 advisory. When the ngxmailauthhttpmodulemodule is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occu...

8.7CVSS5.4AI score0.00921EPSS
Exploits0References4
nessus
nessus
added 2026/04/19 12:0 a.m.7 views

MiracleLinux 9 : nginx:1.26 (AXSA:2026-457:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-457:01 advisory. nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file modification...

8.8CVSS7.9AI score0.21621EPSS
Exploits0References5
osv
osv
added 2026/04/17 5:18 p.m.8 views

CLSA-2026-1776446328 nginx: Fix of 3 CVEs

CVE-2026-27651: fix null pointer dereference in ngxmailauthhttpmodule when clearing password in auth http requests with CRAM-MD5/APOP - CVE-2026-27654: fix heap buffer overflow in DAV module when COPY/MOVE destination URI is shorter than alias - CVE-2026-32647: fix buffer over-read/over-write in...

8.8CVSS6.2AI score0.21621EPSS
Exploits0References1
nessus
nessus
added 2026/04/16 12:0 a.m.7 views

AlmaLinux 8 : nginx:1.24 (ALSA-2026:6907)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:6907 advisory. nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file modification via...

8.8CVSS7.6AI score0.21621EPSS
Exploits0References6
nessus
nessus
added 2026/04/16 12:0 a.m.8 views

MiracleLinux 9 : nginx-1.20.1-24.el9_7.2.ML.1 (AXSA:2026-435:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-435:02 advisory. nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file modification...

8.8CVSS7.6AI score0.21621EPSS
Exploits0References5
nessus
nessus
added 2026/04/16 12:0 a.m.6 views

nginx 0.5.15 < 1.28.3 / 1.29.x < 1.29.7 NULL Pointer Dereference

The installed version of nginx is 0.5.15 prior to 1.28.3, or 1.29.x prior to 1.29.7. It is, therefore, affected by the following issue : - When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue...

8.7CVSS5.8AI score0.00921EPSS
Exploits0References3
amazon
amazon
added 2026/04/14 12:0 a.m.10 views

Important: nginx

Issue Overview: When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the...

8.8CVSS7.8AI score0.21621EPSS
Exploits0
amazon
amazon
added 2026/04/13 12:0 a.m.15 views

Important: nginx

Issue Overview: When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the...

8.8CVSS6.3AI score0.21621EPSS
Exploits0
nessus
nessus
added 2026/04/13 12:0 a.m.25 views

Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2026-1540)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1540 advisory. When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP...

8.8CVSS7.9AI score0.21621EPSS
Exploits0References14
osv
osv
added 2026/04/10 12:4 a.m.9 views

RLSA-2026:7343 Important: nginx:1.26 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file...

8.2CVSS7.7AI score0.21621EPSS
Exploits0References5
nessus
nessus
added 2026/04/10 12:0 a.m.19 views

AlmaLinux 10 : nginx (ALSA-2026:6906)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:6906 advisory. nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file modification via...

8.8CVSS6.2AI score0.21621EPSS
Exploits0References6
redhat
redhat
added 2026/04/09 7:0 p.m.5 views

NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled

A flaw was found in NGINX, specifically within the ngxmailauthhttpmodule. When this module is enabled, and CRAM-MD5 or APOP authentication is active with an authentication server that permits retries, undisclosed requests can cause NGINX worker processes to terminate. This can lead to a Denial of...

8.7CVSS5.9AI score0.00921EPSS
Exploits0References5
Rows per page
Query Builder