Lucene search
K

178 matches found

Debian CVE
Debian CVE
added 2025/08/13 2:46 p.m.6 views

CVE-2025-53859

NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...

6.3CVSS5.7AI score0.00371EPSS
Exploits0
F5 Networks
F5 Networks
added 2025/08/13 12:29 p.m.14 views

K000152786: NGINX ngx_mail_smtp_module vulnerability CVE-2025-53859

Security Advisory Description NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the...

6.3CVSS7.3AI score0.00371EPSS
Exploits0Affected Software2
CNNVD
CNNVD
added 2025/08/13 12:0 a.m.7 views

F5 NGINX Plus和F5 NGINX Open Source 缓冲区错误漏洞

F5 NGINX Plus and F5 NGINX Open Source are both products of F5 Corporation, U.S.A. F5 NGINX Plus is a software-based application delivery platform.F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. A buffer error vulnerability exists in F5...

6.3CVSS6.8AI score0.00371EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/07/29 12:0 a.m.2 views

PT-2025-33004

Name of the Vulnerable Software and Affected Versions NGINX versions prior to 1.28.1 NGINX versions prior to 1.29.1 Description NGINX Open Source and NGINX Plus are affected by a vulnerability in the ngx mail smtp module. This flaw could allow an unauthenticated attacker to read data from NGINX...

6.3CVSS6.3AI score0.00371EPSS
Exploits0References79
RedhatCVE
RedhatCVE
added 2025/05/22 3:39 p.m.8 views

CVE-2020-5864

In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default...

7.4CVSS6.9AI score0.01033EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/03/27 12:0 a.m.6 views

The vulnerability of the TLS 1.3 implementation in NGINX Plus and NGINX Open Source web servers allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the TLS 1.3 implementation in NGINX Plus and NGINX Open Source web servers is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

4.3CVSS6.5AI score0.02646EPSS
Exploits0References13Affected Software12
BDU FSTEC
BDU FSTEC
added 2024/09/03 12:0 a.m.6 views

The vulnerability of the ngx_http_v4_module in NGINX Plus and NGINX OSS web servers, related to reading data from outside of memory, allows attackers to cause service interruptions.

The vulnerability of the ngxhttpv4module in NGINX Plus and NGINX OSS web servers is related to reading data from outside of the memory boundaries. Exploiting this vulnerability can allow attackers to cause service failures...

4.7CVSS6.5AI score0.0032EPSS
Exploits0References8Affected Software6
BDU FSTEC
BDU FSTEC
added 2024/08/20 12:0 a.m.7 views

The vulnerability of the MQTT filter module in the NGINX Plus web server allows a intruder to trigger a service failure.

The vulnerability of the MQTT filter module in the NGINX Plus web server is related to the execution of operations outside the buffer in memory, as a result of the pointer being reassigned after its expiration time. Exploiting this vulnerability could allow a malicious actor to cause service...

7.8CVSS8.1AI score0.00628EPSS
Exploits0References2
OSV
OSV
added 2024/08/14 3:15 p.m.4 views

AZL-47789 CVE-2024-7347 affecting package nginx for versions less than 1.25.4-2

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and the mp4 directi...

4.7CVSS6.7AI score0.0032EPSS
Exploits0References1
OSV
OSV
added 2024/08/14 3:15 p.m.2 views

CVE-2024-39792

When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

7.5CVSS5.8AI score0.00628EPSS
Exploits0References1
NVD
NVD
added 2024/08/14 3:15 p.m.28 views

CVE-2024-39792

When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS0.00628EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/14 2:32 p.m.27 views

CVE-2024-39792 NGINX Plus MQTT vulnerability

When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS7.1AI score0.00628EPSS
Exploits0References1
CVE
CVE
added 2024/08/14 2:32 p.m.107 views

CVE-2024-39792

CVE-2024-39792 : NGINX Plus configured with the MQTT pre-read module may cause memory resource exhaustion from undisclosed requests, leading to denial of service. The description notes that versions past EoTS are not evaluated. No exploits or mitigations are provided in the sources beyond this vu...

8.7CVSS7.5AI score0.00628EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2024/08/14 2:32 p.m.43 views

CVE-2024-7347

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and the mp4 directi...

5.7CVSS6.4AI score0.0032EPSS
Exploits0
Debian CVE
Debian CVE
added 2024/08/14 2:32 p.m.32 views

CVE-2024-39792

When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS8.6AI score0.00628EPSS
Exploits0
F5 Networks
F5 Networks
added 2024/08/14 1:44 p.m.76 views

K000140552: Quarterly Security Notification (August 2024)

Security Advisory Description On August 14, 2024, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associated...

8.9CVSS7.1AI score0.00628EPSS
Exploits0
F5 Networks
F5 Networks
added 2024/08/14 1:18 p.m.38 views

K000140108: NGINX Plus MQTT vulnerability CVE-2024-39792

Security Advisory Description When NGINX Plus is configured to use the MQTT filter module, undisclosed requests can cause an increase in memory resource utilization. CVE-2024-39792 Impact System performance can degrade until the NGINX master and worker processes are either forced to restart or ar...

8.7CVSS9AI score0.00628EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2024/08/14 1:14 p.m.46 views

K000140529: NGINX ngx_http_mp4_module vulnerability CVE-2024-7347

Security Advisory Description NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the...

5.7CVSS8.1AI score0.0032EPSS
Exploits0Affected Software2
Positive Technologies
Positive Technologies
added 2024/08/14 12:0 a.m.3 views

PT-2024-5635 · Nginx · Nginx Plus

Name of the Vulnerable Software and Affected Versions: NGINX Plus affected versions not specified Description: The issue is related to a memory exhaustion vulnerability in the NGINX Plus MQTT pre-read module. It can be exploited by undisclosed requests, leading to an increase in memory resource...

8.7CVSS9.3AI score0.00628EPSS
Exploits0References13
Redos
Redos
added 2024/07/25 12:0 a.m.25 views

ROS-20240725-01

Vulnerability of HTTP/3 QUIC module ngxhttpv3module of NGINX Plus and NGINX OSS web servers is related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service using specially craft...

5.3CVSS7.1AI score0.00917EPSS
Exploits0
Rows per page
Query Builder