Lucene search
K

298 matches found

OSV
OSV
added 2026/02/16 3:57 p.m.2 views

BIT-NGINX-GATEWAY-2026-1642 NGINX vulnerability

A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security TLS servers. An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data in...

8.2CVSS5.7AI score0.00339EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/02/13 12:0 a.m.7 views

Debian dsa-6131 : libnginx-mod-http-geoip - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6131 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6131-1 [email protected] https://www.debian.org/security/...

8.2CVSS5.6AI score0.00339EPSS
Exploits0References5
Ubuntu
Ubuntu
added 2026/02/12 5:55 p.m.14 views

USN-8038-1: nginx vulnerability

It was discovered that nginx incorrectly handled proxying to upstream TLS servers. An attacker could possibly use this issue to insert plain text data into the response from an upstream proxied server...

8.2CVSS5.6AI score0.00339EPSS
Exploits0
OpenVAS
OpenVAS
added 2026/02/10 12:0 a.m.7 views

Mageia: Security Advisory (MGASA-2026-0033)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS5.5AI score0.00339EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/04 3:16 p.m.8 views

CVE-2026-1642

A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security TLS servers. An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data in...

8.2CVSS6.1AI score0.00339EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/04 3:2 p.m.50 views

CVE-2026-1642 NGINX vulnerability

A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security TLS servers. An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data in...

8.2CVSS0.00339EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/04 3:2 p.m.3 views

CVE-2026-1642 NGINX vulnerability

A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security TLS servers. An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data in...

8.2CVSS5.5AI score0.00339EPSS
Exploits0References1
CVE
CVE
added 2026/02/04 3:2 p.m.860 views

CVE-2026-1642

The CVE-2026-1642 entry describes a vulnerability in NGINX OSS and NGINX Plus when configured to proxy to upstream TLS servers. Under a MITM position on the upstream side and conditions outside the attacker’s control, an attacker may inject plain text data into the response from an upstream proxi...

8.2CVSS5.5AI score0.00339EPSS
Exploits0References2Affected Software5
F5 Networks
F5 Networks
added 2026/02/04 2:42 p.m.41 views

K000159076: Quarterly Security Notification (February 2026)

Security Advisory Description On February 4, 2026, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associate...

8.2CVSS6.2AI score0.00339EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/02/04 1:40 p.m.21 views

K000159824: NGINX vulnerability CVE-2026-1642

Security Advisory Description A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security TLS servers. An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be abl...

8.2CVSS6.1AI score0.00339EPSS
Exploits0Affected Software5
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 7 : rh-nginx116-nginx-1.16.1-6.0.1.el7.AXS7 (AXSA:2021-1875:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1875:01 advisory. nginx: Off-by-one in ngxresolvercopy when labels are followed by a pointer to a root domain name CVE-2021-23017 Tenable has extracted the preceding descripti...

7.7CVSS8.3AI score0.53461EPSS
Exploits10References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.8 views

MiracleLinux 7 : rh-nginx116-nginx-1.16.1-4.1.0.1.el7.AXS7, rh-nginx116-1.16-1.el7 (AXSA:2021-1752:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1752:01 advisory. nginx: HTTP request smuggling via error pages in http/ngxhttpspecialresponse.c CVE-2019-20372 Tenable has extracted the preceding description block directly...

5.3CVSS7.9AI score0.14961EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.3 views

MiracleLinux 9 : nginx:1.22 (AXSA:2025-9815:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9815:01 advisory. nginx: specially crafted MP4 file may cause denial of service CVE-2024-7347 Tenable has extracted the preceding description block directly from the...

5.7CVSS6.9AI score0.0032EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:56 a.m.8 views

CVE-2022-38890

Nginx NJS v0.7.7 was discovered to contain a segmentation violation via njsutf8next at src/njsutf8.h...

5.5CVSS7.3AI score0.00287EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:9 a.m.8 views

CVE-2019-11839

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njsarrayprototypepush in njs/njsarray.c, because of njsarrayexpand size mishandling...

9.8CVSS7.3AI score0.01643EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:29 a.m.8 views

CVE-2019-12938

The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to protect the logs/ folder, which is effective with the Apache HTTP Server but is ineffective with nginx. Attackers can read logs via the webmail/logs/sendmail URI...

4.3CVSS6.8AI score0.01006EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/24 9:18 a.m.7 views

Security Bulletin: Vulnerability in nginx affects IBM Netezza Appliance

Summary The nginx package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-23419 Vulnerability Details CVEID:CVE-2025-23419 DESCRIPTION: When multiple server blocks are configured to share the same IP address and port, an attacker can use session...

5.3CVSS6.8AI score0.02646EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2012-2095

Malware in sbrugna...

6.8CVSS6AI score0.09629EPSS
Exploits1References11
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-18539

Malware in sbrugna...

10CVSS9.5AI score0.04599EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2012-3352

Malware in sbrugna...

2.1CVSS6.2AI score0.01238EPSS
Exploits0References8
Rows per page
Query Builder