Moderate: Red Hat Security Advisory: nginx:1.22 security update

An update for the nginx:1.22 module is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Moderate: Red Hat Security Advisory: nginx security update

An update for nginx is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

RHSA-2025:7331 Red Hat Security Advisory: nginx security update

Bulletin has no description...

Moderate: nginx security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: Memory corruption in the ngxhttpmp4module CVE-2022-41741 nginx: Memory disclosure in the ngxhttpmp4module CVE-2022-41742 nginx: speciall...

ALSA-2025:7402 Moderate: nginx security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: Memory corruption in the ngxhttpmp4module CVE-2022-41741 nginx: Memory disclosure in the ngxhttpmp4module CVE-2022-41742 nginx: speciall...

nginx:1.24 security update

1.24.0-4.0.1.1 - Reference oracle-indexhtml within Requires Orabug: 33802044 - Remove Red Hat references Orabug: 29498217 1:1.24.0-4.1 - Resolves: RHEL-84480 - nginx:1.24/nginx: specially crafted MP4 file may cause denial of service CVE-2024-7347 1:1.24.0-4 - Resolves: RHEL-49350 - nginx worker...

nginx:1.22 security update

1.22.1-8.0.1.1 - Reference oracle-indexhtml within Requires Orabug: 33802044 - Remove Red Hat references Orabug: 29498217 1:1.22.1-8.1 - Resolves: RHEL-84486 - nginx:1.22/nginx: specially crafted MP4 file may cause denial of service CVE-2024-7347 1:1.22.1-8 - Resolves: RHEL-49349 - nginx worker...

Moderate: Red Hat Security Advisory: nginx:1.22 security update

An update for the nginx:1.22 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

BIT-NGINX-INGRESS-CONTROLLER-2025-1098 ingress-nginx controller - configuration injection via unsanitized mirror annotations

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx...

ALSA-2025:3261 Moderate: nginx:1.22 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: specially crafted MP4 file may cause denial of service CVE-2024-7347 For more details about the security issues, including the impact, a...

ALSA-2025:3262 Moderate: nginx:1.24 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: specially crafted MP4 file may cause denial of service CVE-2024-7347 For more details about the security issues, including the impact, a...

Moderate: nginx:1.24 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: specially crafted MP4 file may cause denial of service CVE-2024-7347 For more details about the security issues, including the impact, a...

Moderate: nginx:1.22 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: specially crafted MP4 file may cause denial of service CVE-2024-7347 For more details about the security issues, including the impact, a...

[SECURITY] [DLA 4091-1] nginx security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4091-1 [email protected] https://www.debian.org/lts/security/ Andrej Shadura March 25, 2025 https://wiki.debian.org/LTS -...

GHSA-VG63-W3P9-JC9M ingress-nginx controller - configuration injection via unsanitized mirror annotations

A security issue was discovered in ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to...

ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation

A security issue was discovered in ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note th...

ingress-nginx controller - configuration injection via unsanitized auth-url annotation

A security issue was discovered in ingress-nginx where the auth-url Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that in the...

CVE-2025-24513

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or...

CVE-2025-24514

CVE-2025-24514 describes an unauthenticated vulnerability in ingress-nginx where the auth-url annotation injection can modify NGINX config, enabling arbitrary code execution in the ingress-nginx controller and disclosure of controller Secrets. Public PoCs/exploits exist (e.g., Exploit-DB entry 52...

CVE-2025-24513 ingress-nginx controller - auth secret file path traversal vulnerability

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or...