53060 matches found
[SECURITY] Fedora 42 Update: nginx-mod-modsecurity-1.0.4-10.fc42
The ModSecurity-nginx connector is the connection point between nginx and libmodsecurity ModSecurity v3. Said another way, this project provides a communication channel between nginx and libmodsecurity. This connector is required to use LibModSecurity with nginx. The ModSecurity-nginx connector...
CVE-2026-8704
Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified...
CVE-2026-8704 Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified
Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified...
CVE-2026-8700
CVE-2026-8700 concerns Crypt::DSA for Perl, where seeds are generated with Perl’s built-in rand. The affected components are Crypt::DSA versions before 1.20. The root cause is the use of a non-cryptographically secure RNG, making seeds predictable for security-sensitive operations. This can under...
[SECURITY] Fedora 43 Update: nginx-mod-modsecurity-1.0.4-10.fc43
The ModSecurity-nginx connector is the connection point between nginx and libmodsecurity ModSecurity v3. Said another way, this project provides a communication channel between nginx and libmodsecurity. This connector is required to use LibModSecurity with nginx. The ModSecurity-nginx connector...
[SECURITY] Fedora 43 Update: nginx-mod-vts-0.2.4-9.fc43
Nginx virtual host traffic status module...
[SECURITY] Fedora 43 Update: nginx-mod-naxsi-1.6-17.fc43
naxsi is an nginx module that provides score based Web Application Firewall WAF abilities in a highly granular fashion...
[SECURITY] Fedora 43 Update: nginx-mod-fancyindex-0.6.0-4.fc43
The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...
[SECURITY] Fedora 43 Update: nginx-mod-brotli-1.0.0~rc-9.fc43
NGINX module for Brotli compression...
[SECURITY] Fedora 44 Update: nginx-mod-headers-more-0.39-9.fc44
This module allows adding, setting, or clearing specified input/output header s. This is an enhanced version of the standard headers module because it provides more utilities like resetting or clearing "builtin headers" like Content-Type, Content-Length, and Server...
[SECURITY] Fedora 44 Update: nginx-mod-modsecurity-1.0.4-10.fc44
The ModSecurity-nginx connector is the connection point between nginx and libmodsecurity ModSecurity v3. Said another way, this project provides a communication channel between nginx and libmodsecurity. This connector is required to use LibModSecurity with nginx. The ModSecurity-nginx connector...
[SECURITY] Fedora 44 Update: nginx-mod-vts-0.2.4-9.fc44
Nginx virtual host traffic status module...
[SECURITY] Fedora 44 Update: nginx-mod-naxsi-1.6-17.fc44
naxsi is an nginx module that provides score based Web Application Firewall WAF abilities in a highly granular fashion...
[SECURITY] Fedora 44 Update: nginx-mod-brotli-1.0.0~rc-9.fc44
NGINX module for Brotli compression...
CLSA-2026-1778869454 Fix CVE(s): CVE-2026-42945
SECURITY UPDATE: Heap buffer overflow in ngxhttprewritemodule via PCRE unnamed captures with question mark in replacement strings - debian/patches/CVE-2026-42945.patch: clear e-isargs in ngxhttpscriptregexendcode to prevent buffer overrun when rewrite directive is followed by set or if with PCRE...
SimpleSAMLphp casserver FileSystemTicketStore path traversal allows out-of-ticket-directory read/unserialize and conditional deletion
Summary simplesamlphp-module-casserver builds file paths for the file-based CAS ticket store by directly concatenating the configured ticket directory with an attacker-controlled ticket identifier. Public CAS validation/proxy endpoints pass attacker-controlled ticket / pgt query parameters into...
nginx: NGINX: Arbitrary Code Execution Vulnerability
A flaw was found in NGINX, specifically within the ngxhttprewritemodule. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in...
nginx: NGINX: Arbitrary Code Execution Vulnerability
A flaw was found in NGINX, specifically within the ngxhttprewritemodule. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in...
GHSA-64RR-PP78-62WW NukeViet CMS: Stored Cross-Site Scripting (XSS) via insufficient server-side input sanitization in Request class
Impact NukeViet CMS , which are stored server-side and executed in the browser of any user who views the content. Who is impacted: - Administrators and moderators who view user-submitted content e.g., contact messages, comments, or any module using the Request class for HTML input. - The Contact...
nginx: NGINX: Arbitrary Code Execution Vulnerability
A flaw was found in NGINX, specifically within the ngxhttprewritemodule. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in...