Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : nginx vulnerability (USN-7014-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7014-1 advisory. It was discovered that the nginx ngxhttpmp4 module incorrectly handled certain malformed mp4 files. In environments where the mp4 directiv...

RHSA-2022:0323 Red Hat Security Advisory: nginx:1.20 security update

Bulletin has no description...

RHSA-2021:2290 Red Hat Security Advisory: nginx:1.16 security update

Bulletin has no description...

RHSA-2021:2278 Red Hat Security Advisory: rh-nginx116-nginx security update

Bulletin has no description...

RHSA-2021:2259 Red Hat Security Advisory: nginx:1.18 security update

Bulletin has no description...

RHSA-2021:2258 Red Hat Security Advisory: rh-nginx118-nginx security update

Bulletin has no description...

RHSA-2020:5495 Red Hat Security Advisory: nginx:1.16 security update

Bulletin has no description...

RHSA-2020:2817 Red Hat Security Advisory: rh-nginx116-nginx security update

Bulletin has no description...

RHSA-2016:1425 Red Hat Security Advisory: rh-nginx18-nginx security update

Bulletin has no description...

RHSA-2017:2538 Red Hat Security Advisory: rh-nginx110-nginx security update

Bulletin has no description...

CBL Mariner 2.0 Security Update: nginx (CVE-2024-7347)

The version of nginx installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-7347 advisory. - NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker t...

CVE-2024-7347

...

Mageia: Security Advisory (MGASA-2024-0286)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2024-0286 Nginx has been updated to the latest stable release to fix CVE

CVE-2024-7347: NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and...

Nginx has been updated to the latest stable release to fix CVE

CVE-2024-7347: NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and...

CVE-2024-7634

NGINX Agent's "configdirs" restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the designated secure directory...

Amazon Linux 2 : nginx (ALASNGINX1-2024-007)

The version of nginx installed on the remote host is prior to 1.22.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NGINX1-2024-007 advisory. NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX...

Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2024-707)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-707 advisory. NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4...

The vulnerability of the scanning function for web interface ports in the Roxy-WI server management solutions Haproxy, Nginx, Apache, and Keepalived allows a attacker to execute arbitrary commands with root privileges.

The vulnerability of the scanning function of the Roxy-WI web interface for Haproxy, Nginx, Apache, and Keepalived exists due to the lack of measures to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with root privileges by sendi...

OESA-2024-2089 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its...