MiracleLinux 9 : nginx:1.22 (AXSA:2025-9815:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9815:01 advisory. nginx: specially crafted MP4 file may cause denial of service CVE-2024-7347 Tenable has extracted the preceding description block directly from the...

MiracleLinux 9 : nginx-1.20.1-22.el9_6.2.ML.1 (AXSA:2025-10488:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10488:02 advisory. nginx: Memory corruption in the ngxhttpmp4module CVE-2022-41741 nginx: Memory disclosure in the ngxhttpmp4module CVE-2022-41742 nginx: specially...

MiracleLinux 9 : nginx-1.20.1-22.el9.ML.1 (AXSA:2025-10304:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10304:01 advisory. nginx: TLS Session Resumption Vulnerability CVE-2025-23419 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 9 : nginx:1.24 (AXSA:2025-9816:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9816:01 advisory. nginx: specially crafted MP4 file may cause denial of service CVE-2024-7347 Tenable has extracted the preceding description block directly from the...

Fedora: Security Advisory (FEDORA-2026-8b992398d3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 42 Update: nginx-1.28.1-3.fc42

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

Fedora 42 : nginx (2026-8b992398d3)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-8b992398d3 advisory. - cleanups and fixes - remove RHEL 7 compatibility - add RHEL 9 compatibility and EOL comments - restore RHEL 8 compatibility Tenable has extracted the...

CVE-2023-49564

The CBIS/NCS Manager API is vulnerable to an authentication bypass. By sending a specially crafted HTTP header, an unauthenticated user can gain unauthorized access to API functions. This flaw allows attackers to reach restricted or sensitive endpoints of the HTTP API without providing any valid...

CVE-2018-1000653

zzcms version 8.3 and earlier contains a SQL Injection vulnerability in zt/top.php line 5 that can result in could be attacked by sql injection in zzcms in nginx. This attack appear to be exploitable via running zzcms in nginx...

CVE-2022-38890

Nginx NJS v0.7.7 was discovered to contain a segmentation violation via njsutf8next at src/njsutf8.h...

CVE-2022-23008

On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data plane instances. Note: Software...

CVE-2022-31306

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njsarrayconverttoslowarray at src/njsarray.c...

CVE-2022-31307

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njsstringoffset at src/njsstring.c...

CVE-2022-35173

An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation...

CVE-2019-11838

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njsarrayprototypesplice in njs/njsarray.c, because of njsarrayexpand size mishandling...

CVE-2019-11839

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njsarrayprototypepush in njs/njsarray.c, because of njsarrayexpand size mishandling...

CVE-2020-7621

strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the 'nginxCmd' function...

CVE-2020-24348

njs through 0.4.3, used in NGINX, has an out-of-bounds read in njsjsonstringifyiterator in njsjson.c...

CVE-2020-24660

An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package...

CVE-2020-24349

njs through 0.4.3, used in NGINX, allows control-flow hijack in njsvalueproperty in njsvalue.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface...