296 matches found
RockyLinux 10 : nginx (RLSA-2026:29874)
The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:29874 advisory. nginx: ngxhttprewritemodule: code execution and denial of service CVE-2026-9256 Tenable has extracted the preceding description block directly from the RockyLin...
CVE-2026-42055
A flaw was found in NGINX. When NGINX is configured to proxy HTTP/2 traffic using the ngxhttpproxyv2module or ngxhttpgrpcmodule with specific settings, a remote, unauthenticated attacker can send specially crafted large headers. This can trigger a heap-based buffer overflow, leading to a restart ...
AlmaLinux 9 : nginx (ALSA-2026:28973)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:28973 advisory. nginx: ngxhttprewritemodule: code execution and denial of service CVE-2026-9256 Tenable has extracted the preceding description block directly from the AlmaLinux...
RHEL 9 : nginx (RHSA-2026:28973)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28973 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...
nginx 0.3.50 < 1.30.3 / 1.31.x < 1.31.2 Buffer Overread in ngx_http_charset_module
The installed version of nginx is 0.3.50 prior to 1.30.3, or 1.31.x prior to 1.31.2. It is, therefore, affected by the following issue : - NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both...
Linux Distros Unpatched Vulnerability : CVE-2026-42055
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the...
SUSE CVE-2026-42055
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...
USN-8398-3 nginx vulnerability
USN-8398-1 fixed a vulnerability in nginx. The update caused a regression and was temporarily reverted in USN-8398-2. This update introduces a complete fix for CVE-2026-49975. We apologize for the inconvenience. Original advisory details: It was discovered that nginx incorrectly handled certain...
Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2026-1773)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1773 advisory. NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-...
Important: nginx
Issue Overview: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string...
Amazon Linux 2 : nginx, --advisory ALAS2NGINX1-2026-013 (ALASNGINX1-2026-013)
The version of nginx installed on the remote host is prior to 1.30.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NGINX1-2026-013 advisory. NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a...
TencentOS Server 4: nginx (TSSA-2026:0398)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0398 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
RockyLinux 10 : nginx (RLSA-2026:19159)
The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19159 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the RockyLinux security...
New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare
Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The vulnerability has been codenamed HTTP/2 Bomb by Calif. "The vulnerable behavior exists in each server's...
May Linux Patch Wednesday
May Linux Patch Wednesday. A total of 1,638 vulnerabilities 474 in the Linux kernel. For comparison, in April there were 1,035 vulnerabilities a record!. And this time it turns out to be a record again, more than one and a half times higher! The acceleration is both impressive and alarming. But w...
Critical: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.14.33 security, enhancement & bug fix update
Red Hat OpenShift Data Foundation 4.14.33 security, enhancement & bug fix update Red Hat OpenShift Data Foundation 4.14.33 security, enhancement & bug fix update FIXED BUGS: ========== DFBUGS-6993: RHODF 4.14.33 release NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945...
Critical: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.16.29 security, enhancement & bug fix update
Red Hat OpenShift Data Foundation 4.16.29 security, enhancement & bug fix update Red Hat OpenShift Data Foundation 4.16.29 security, enhancement & bug fix update FIXED BUGS: ========== DFBUGS-7034: RHODF 4.16.29 release NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945...
Critical: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.15.29 security, enhancement & bug fix update
Red Hat OpenShift Data Foundation 4.15.29 security, enhancement & bug fix update Red Hat OpenShift Data Foundation 4.15.29 security, enhancement & bug fix update FIXED BUGS: ========== DFBUGS-6992: RHODF 4.15.29 release NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945...
Critical: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.18.23 security, enhancement & bug fix update
Red Hat OpenShift Data Foundation 4.18.23 security, enhancement & bug fix update Red Hat OpenShift Data Foundation 4.18.23 security, enhancement & bug fix update FIXED BUGS: ========== DFBUGS-7032: RHODF 4.18.23 release NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945...
Critical: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.21.6 security, enhancement & bug fix update
Red Hat OpenShift Data Foundation 4.21.6 security, enhancement & bug fix update Red Hat OpenShift Data Foundation 4.21.6 security, enhancement & bug fix update FIXED BUGS: ========== DFBUGS-6964: RHODF 4.21.6 release NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945...