nginx: Memory corruption in the ngx_http_mp4_module

A vulnerability was found in NGINX's module, ngxhttpmp4module. This flaw allows a local attacker to corrupt NGINX worker memory, resulting in its termination using a specially crafted audio or video file. The issue affects only NGINX products built with ngxhttpmp4module when the mp4 directive is...

RHSA-2025:7331 Red Hat Security Advisory: nginx security update

Bulletin has no description...

Moderate: Red Hat Security Advisory: nginx security update

An update for nginx is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

nginx: TLS Session Resumption Vulnerability

A flaw was found in nginx. When name-based virtual hosts are configured to share the same IP address and port combination with TLS 1.3 and OpenSSL, a previously authenticated attacker can use session resumption to bypass client certificate authentication requirements on these servers. This...

Moderate: Red Hat Enhancement Advisory: nginx:1.26 bug fix and enhancement update

An update for the nginx:1.26 module is now available for Red Hat Enterprise Linux 9. For detailed information on changes in this release, see the Red Hat Enterprise Linux 9 Release Notes linked from the References section...

Moderate: nginx security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: Memory corruption in the ngxhttpmp4module CVE-2022-41741 nginx: Memory disclosure in the ngxhttpmp4module CVE-2022-41742 nginx: speciall...

ALSA-2025:7402 Moderate: nginx security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: Memory corruption in the ngxhttpmp4module CVE-2022-41741 nginx: Memory disclosure in the ngxhttpmp4module CVE-2022-41742 nginx: speciall...

ROS-2-576

2.576 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote attacke...

ROS-2-586

2.586 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote attacke...

RHEL 9 : nginx (RHSA-2025:7331)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:7331 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...

SUSE CVE-2025-46728

cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request bodies when Transfer-Encoding: chunked is used or when no Content-Length header is provided. A remote attacker can send a chunked...

Exploit for Out-of-bounds Write in F5 Nginx

🛡️ Nginx Vulnerability Scanner Desarrollado por m10sec. E...

CVE-2025-46727 Unbounded-Parameter DoS in Rack::QueryParser

Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, Rack::QueryParser parses query strings and application/x-www-form-urlencoded bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with...

Security Bulletin: FreeType versions 2.13.0 and below may lead to remote code execution for IBM Storage Virtualize vSphere Remote Plug-in (CVE-2025-27363)

Summary IBM Storage Virtualize vSphere Remote Plug-in virtual appliance runs an NGINX container built on a Debian-based image that uses a vulnerable version of the FreeType library 2.13.0 or earlier. This version is affected by CVE-2025-27363, a critical vulnerability that may allow remote code...

The vulnerability of the Ingress controller in the Kubernetes cluster ingress-nginx, related to errors in processing Ingress object annotations, allows a hacker to execute arbitrary code.

The vulnerability of the Ingress controller in the Kubernetes cluster ingress-nginx is related to errors in processing Ingress object annotations. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the Ingress controller in the Kubernetes cluster ingress-nginx, related to errors in processing Ingress object annotations, allows a hacker to execute arbitrary code.

The vulnerability of the Ingress controller in the Kubernetes cluster ingress-nginx is related to errors in processing Ingress object annotations. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version 10.0.8.2-ifix1 Vulnerability Details CVEID:CVE-2025-1974 DESCRIPTION: A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve...

Exploit for CVE-2025-1974

CVE-2025-1974 화이트햇 스쿨 3기 - 김소은 @salt318 https://github...

Exploit for CVE-2025-1974

Kubernetes Ingress-NGINX 인증되지 않은 원격 코드 실행CVE-2025-1974 Ingr...

Ingress-nginx admission controller RCE escalation (CVE-2025-1974)

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. Note...