Lucene search
K

133 matches found

RedHat Linux
RedHat Linux
added 2026/05/11 11:0 a.m.15 views

NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file

A flaw was found in NGINX Open Source, specifically within the ngxhttpmp4module. An attacker can exploit this memory corruption vulnerability by providing a specially crafted MP4 file. This can lead to an over-read or over-write of NGINX worker memory, causing the worker to terminate and resultin...

8.5CVSS5.8AI score0.01031EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/11 8:10 a.m.8 views

NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file

A flaw was found in NGINX Open Source, specifically within the ngxhttpmp4module. An attacker can exploit this memory corruption vulnerability by providing a specially crafted MP4 file. This can lead to an over-read or over-write of NGINX worker memory, causing the worker to terminate and resultin...

8.5CVSS5.8AI score0.01031EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/05 6:16 p.m.6 views

NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file

A flaw was found in NGINX Open Source, specifically within the ngxhttpmp4module. An attacker can exploit this memory corruption vulnerability by providing a specially crafted MP4 file. This can lead to an over-read or over-write of NGINX worker memory, causing the worker to terminate and resultin...

8.5CVSS5.8AI score0.01031EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/05 10:38 a.m.16 views

NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file

A flaw was found in NGINX Open Source, specifically within the ngxhttpmp4module. An attacker can exploit this memory corruption vulnerability by providing a specially crafted MP4 file. This can lead to an over-read or over-write of NGINX worker memory, causing the worker to terminate and resultin...

8.5CVSS5.8AI score0.01031EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.7 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: nginx (UTSA-2026-014290)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014290 advisory. NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX worker...

8.8CVSS5.8AI score0.21621EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2026/04/08 12:0 a.m.2 views

Vulnerability of the ngx_http_mp4_module in HTTP-servers of NGINX Plus and NGINX Open Source, allowing attackers to cause service failures or execute arbitrary code.

The vulnerability of the ngxhttpmp4module in NGINX Plus and NGINX Open Source HTTP servers is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause service failures or execute arbitrary code...

7.8CVSS7.7AI score0.00918EPSS
Exploits0References5Affected Software3
BDU FSTEC
BDU FSTEC
added 2026/04/08 12:0 a.m.2 views

The vulnerability of the ngx_http_dav_module module in NGINX Plus and NGINX Open Source servers allows a hacker to cause a service failure.

The vulnerability of the ngxhttpdavmodule module in NGINX Plus and NGINX Open Source servers is related to buffer overflow in dynamic memory. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

8.5CVSS6.2AI score0.21621EPSS
Exploits0References9Affected Software6
RedHat Linux
RedHat Linux
added 2026/04/07 9:43 p.m.5 views

NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file

A flaw was found in NGINX Open Source, specifically within the ngxhttpmp4module. An attacker can exploit this memory corruption vulnerability by providing a specially crafted MP4 file. This can lead to an over-read or over-write of NGINX worker memory, causing the worker to terminate and resultin...

8.5CVSS5.9AI score0.01031EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/07 6:43 p.m.15 views

NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file

A flaw was found in NGINX Open Source, specifically within the ngxhttpmp4module. An attacker can exploit this memory corruption vulnerability by providing a specially crafted MP4 file. This can lead to an over-read or over-write of NGINX worker memory, causing the worker to terminate and resultin...

8.5CVSS5.9AI score0.01031EPSS
Exploits0References5
Redos
Redos
added 2026/04/07 12:0 a.m.6 views

ROS-20260407-73-0041

A vulnerability in the TLS traffic proxying mechanism of NGINX Plus and NGINX OSS web servers is related to the loading of external unreliable data along with reliable data. Exploitation of the vulnerability could allow an attacker acting remotely to inject data in plain text form...

8.2CVSS6.1AI score0.00339EPSS
Exploits0
Redos
Redos
added 2026/04/06 12:0 a.m.6 views

ROS-20260406-73-0001

A vulnerability in the ngxmailsmtp response header handler of NGINX Plus and NGINX Open Source web servers is related to a violation of the initial buffer boundary. Exploitation of the vulnerability could allow an attacker acting remotely to gain read access to the data...

6.3CVSS6AI score0.00371EPSS
Exploits0
OSV
OSV
added 2026/03/27 7:10 a.m.4 views

BIT-NGINX-2026-27654 NGINX ngx_http_dav_module vulnerability

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names...

8.8CVSS6.1AI score0.21621EPSS
Exploits0References20
SUSE CVE
SUSE CVE
added 2026/03/25 12:26 a.m.5 views

SUSE CVE-2026-27784

The 32-bit implementation of NGINX Open Source has a vulnerability in the ngxhttpmp4module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects 32-bit NGINX Open Source if it i...

7.8CVSS5.9AI score0.01031EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2026/03/25 12:26 a.m.6 views

SUSE CVE-2026-28753

NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation...

3.7CVSS6AI score0.00264EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/03/24 8:51 p.m.3 views

CVE-2026-27784

A flaw was found in NGINX Open Source, specifically within the ngxhttpmp4module. An attacker can exploit this memory corruption vulnerability by providing a specially crafted MP4 file. This can lead to an over-read or over-write of NGINX worker memory, causing the worker to terminate and resultin...

8.5CVSS5.6AI score0.01031EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/24 3:30 p.m.3 views

EUVD-2026-14887

NGINX Plus and NGINX Open Source have a vulnerability in the ngxstreamsslmodule module due to the improper handling of revoked certificates when configured with the sslverifyclient on and sslocsp on directives, allowing the TLS handshake to succeed even after an OCSP check identifies the...

5.4CVSS5.9AI score0.00133EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/24 3:30 p.m.5 views

EUVD-2026-14885

NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation...

6.3CVSS5.9AI score0.00264EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/24 3:30 p.m.4 views

EUVD-2026-14881

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names...

8.8CVSS6.1AI score0.21621EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/24 3:30 p.m.3 views

EUVD-2026-14883

The 32-bit implementation of NGINX Open Source has a vulnerability in the ngxhttpmp4module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects 32-bit NGINX Open Source if it i...

8.5CVSS5.8AI score0.01031EPSS
Exploits0References2
OSV
OSV
added 2026/03/24 3:16 p.m.4 views

DEBIAN-CVE-2026-28753

NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation...

6.3CVSS5.6AI score0.00264EPSS
Exploits0References1
Rows per page
Query Builder