CVE-2018-8059

The Djelibeybi configuration examples for use of NGINX in SUSE Portus 2.3, when applied to certain configurations involving Docker Compose, have a Missing SSL Certificate Validation issue because no proxyssl directives are used...

CVE-2019-13980

In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads//originals remote code execution with nginx...

CVE-2019-11837

njs through 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative arguments, related to nxtutf8next in nxt/nxtutf8.h and njsstringoffset in njs/njsstring.c...

CVE-2011-4963

nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via 1 a trailing . dot or 2 certain "$indexallocation" sequences in a request...

Oracle Linux 9 : nginx (ELSA-2025-7331)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-7331 advisory. - Resolves: RHEL-78236 - nginx: TLS Session Resumption Vulnerability CVE-2025-23419 Tenable has extracted the preceding description block directly from the Orac...

RHEL 9 : nginx:1.22 (RHSA-2025:7549)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:7549 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...

RHEL 9 : nginx:1.24 (RHSA-2025:7542)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:7542 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...

RHEL 9 : nginx:1.22 (RHSA-2025:7548)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:7548 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...

CVE-2025-47947

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...

Zimbra Collaboration Server 9.x < 9.0.0 Patch 39, 10.0.x < 10.0.7 Multiple Vulnerabilities

According to its self-reported version number, Zimbra Collaboration Server is affected by multiple vulnerabilities including: - NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 hav...

AlmaLinux 9 : nginx (ALSA-2025:7402)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:7402 advisory. nginx: Memory corruption in the ngxhttpmp4module CVE-2022-41741 nginx: Memory disclosure in the ngxhttpmp4module CVE-2022-41742 nginx: specially crafted M...

Exploit for CVE-2025-1974

README Talk is cheap, just look at the code. Detailed can be...

Security Bulletin: Vulnerability in Nginx affects IBM Integrated Analytics System (Sailfish)[CVE-2023-44487, CVE-2024-7347].

Summary The Nginx package is used by IBM Integrated Analytics System . IBM Integrated Analytics System has addressed the applicable CVECVE-2023-44487, CVE-2024-7347. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: The HTTP/2 protocol allows a denial of service server resource consumption...

RHSA-2025:7619 Red Hat Security Advisory: nginx security update

Bulletin has no description...

Moderate: Red Hat Security Advisory: nginx security update

An update for nginx is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

nginx: specially crafted MP4 file may cause denial of service

A flaw was found in the ngxhttpmp4module module of Nginx. Processing a specially crafted MP4 file can trigger a buffer over-read and cause the nginx process to terminate, resulting in a denial of service...

nginx: Memory disclosure in the ngx_http_mp4_module

A vulnerability was found in NGINX’s module, ngxhttpmp4module. This flaw allows a local attacker to cause a worker process crash or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products built with ngxhttpmp4module...

nginx: Memory corruption in the ngx_http_mp4_module

A vulnerability was found in NGINX's module, ngxhttpmp4module. This flaw allows a local attacker to corrupt NGINX worker memory, resulting in its termination using a specially crafted audio or video file. The issue affects only NGINX products built with ngxhttpmp4module when the mp4 directive is...

RHSA-2025:7549 Red Hat Security Advisory: nginx:1.22 security update

Bulletin has no description...

RHSA-2025:7548 Red Hat Security Advisory: nginx:1.22 security update

Bulletin has no description...