304 matches found
EUVD-2022-44913
Malicious code in bioql PyPI...
EUVD-2022-44912
Malicious code in bioql PyPI...
EUVD-2018-8640
Malicious code in bioql PyPI...
EUVD-2024-48285
Malicious code in bioql PyPI...
SUSE SLES15 / openSUSE 15 Security Update : nginx (SUSE-SU-2025:03444-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03444-1 advisory. - CVE-2025-53859:?the server side may leak arbitrary bytes during the NGINX SMTP authentication process bsc1248070. ...
Exploit for Off-by-one Error in F5 Nginx
vulnerability in NGINX servers versions 0.6.18–1.20.0. The scr...
Amazon Linux 2 : nginx, --advisory ALAS2NGINX1-2025-009 (ALASNGINX1-2025-009)
The version of nginx installed on the remote host is prior to 1.28.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NGINX1-2025-009 advisory. NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to...
CVE-2025-53859
NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...
K000152786: NGINX ngx_mail_smtp_module vulnerability CVE-2025-53859
Security Advisory Description NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the...
RockyLinux 9 : nginx:1.22 (RLSA-2025:3261)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:3261 advisory. nginx: specially crafted MP4 file may cause denial of service CVE-2024-7347 Tenable has extracted the preceding description block directly from the RockyLinux...
Ubuntu 24.04 LTS : nginx vulnerability (USN-7285-2)
The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7285-2 advisory. USN-7285-1 fixed vulnerabilities in nginx. This update provides the corresponding updates for Ubuntu 24.04 LTS. Tenable has extracted the preceding description...
CVE-2020-19695
Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njsobjectproperty parameter of the njs/njsvm.c function...
CVE-2019-13067
njs through 0.3.3, used in NGINX, has a buffer over-read in nxtutf8decode in nxt/nxtutf8.c. This issue occurs after the fix for CVE-2019-12207 is in place...
CVE-2019-13617
njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxtvsprintf in nxt/nxtsprintf.c during error handling, as demonstrated by an njsregexpliteral call that leads to an njsparserlexererror call and then an njsparserscopeerror call...
CVE-2019-12206
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxtutf8encode in nxtutf8.c...
CVE-2011-4963
nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via 1 a trailing . dot or 2 certain "$indexallocation" sequences in a request...
RHEL 9 : nginx:1.22 (RHSA-2025:7549)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:7549 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...
Security Bulletin: Vulnerability in Nginx affects IBM Integrated Analytics System (Sailfish)[CVE-2023-44487, CVE-2024-7347].
Summary The Nginx package is used by IBM Integrated Analytics System . IBM Integrated Analytics System has addressed the applicable CVECVE-2023-44487, CVE-2024-7347. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: The HTTP/2 protocol allows a denial of service server resource consumption...
Alibaba Cloud Linux 3 : 0036: nginx:1.18 (ALINUX3-SA-2021:0036)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2021:0036 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-23017: A security issue in nginx resolver...
nginx: specially crafted MP4 file may cause denial of service
A flaw was found in the ngxhttpmp4module module of Nginx. Processing a specially crafted MP4 file can trigger a buffer over-read and cause the nginx process to terminate, resulting in a denial of service...