178 matches found
CVE-2025-53859
NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...
K000152786: NGINX ngx_mail_smtp_module vulnerability CVE-2025-53859
Security Advisory Description NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the...
F5 NGINX Plus和F5 NGINX Open Source 缓冲区错误漏洞
F5 NGINX Plus and F5 NGINX Open Source are both products of F5 Corporation, U.S.A. F5 NGINX Plus is a software-based application delivery platform.F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. A buffer error vulnerability exists in F5...
PT-2025-33004
Name of the Vulnerable Software and Affected Versions NGINX versions prior to 1.28.1 NGINX versions prior to 1.29.1 Description NGINX Open Source and NGINX Plus are affected by a vulnerability in the ngx mail smtp module. This flaw could allow an unauthenticated attacker to read data from NGINX...
CVE-2020-5864
In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default...
The vulnerability of the TLS 1.3 implementation in NGINX Plus and NGINX Open Source web servers allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the TLS 1.3 implementation in NGINX Plus and NGINX Open Source web servers is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the ngx_http_v4_module in NGINX Plus and NGINX OSS web servers, related to reading data from outside of memory, allows attackers to cause service interruptions.
The vulnerability of the ngxhttpv4module in NGINX Plus and NGINX OSS web servers is related to reading data from outside of the memory boundaries. Exploiting this vulnerability can allow attackers to cause service failures...
The vulnerability of the MQTT filter module in the NGINX Plus web server allows a intruder to trigger a service failure.
The vulnerability of the MQTT filter module in the NGINX Plus web server is related to the execution of operations outside the buffer in memory, as a result of the pointer being reassigned after its expiration time. Exploiting this vulnerability could allow a malicious actor to cause service...
AZL-47789 CVE-2024-7347 affecting package nginx for versions less than 1.25.4-2
NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and the mp4 directi...
CVE-2024-39792
When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2024-39792
When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2024-39792 NGINX Plus MQTT vulnerability
When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2024-39792
CVE-2024-39792 : NGINX Plus configured with the MQTT pre-read module may cause memory resource exhaustion from undisclosed requests, leading to denial of service. The description notes that versions past EoTS are not evaluated. No exploits or mitigations are provided in the sources beyond this vu...
CVE-2024-7347
NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and the mp4 directi...
CVE-2024-39792
When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
K000140552: Quarterly Security Notification (August 2024)
Security Advisory Description On August 14, 2024, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associated...
K000140108: NGINX Plus MQTT vulnerability CVE-2024-39792
Security Advisory Description When NGINX Plus is configured to use the MQTT filter module, undisclosed requests can cause an increase in memory resource utilization. CVE-2024-39792 Impact System performance can degrade until the NGINX master and worker processes are either forced to restart or ar...
K000140529: NGINX ngx_http_mp4_module vulnerability CVE-2024-7347
Security Advisory Description NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the...
PT-2024-5635 · Nginx · Nginx Plus
Name of the Vulnerable Software and Affected Versions: NGINX Plus affected versions not specified Description: The issue is related to a memory exhaustion vulnerability in the NGINX Plus MQTT pre-read module. It can be exploited by undisclosed requests, leading to an increase in memory resource...
ROS-20240725-01
Vulnerability of HTTP/3 QUIC module ngxhttpv3module of NGINX Plus and NGINX OSS web servers is related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service using specially craft...