Moderate Photon OS Security Update - PHSA-2024-4.0-0670

Updates of 'nginx' packages of Photon OS have been released...

BIT-NGINX-INGRESS-CONTROLLER-2024-7646

A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects in the networking.k8s.io or extensions API group can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx controller. In the default...

The vulnerability of the MQTT filter module in the NGINX Plus web server allows a intruder to trigger a service failure.

The vulnerability of the MQTT filter module in the NGINX Plus web server is related to the execution of operations outside the buffer in memory, as a result of the pointer being reassigned after its expiration time. Exploiting this vulnerability could allow a malicious actor to cause service...

GO-2024-3075 CVE-2024-7646 in github.com/kubernetes/ingress-nginx

CVE-2024-7646 in github.com/kubernetes/ingress-nginx. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the...

Vulnerability fixed in Kubernetes

A vulnerability has been fixed in Kubernetes. The vulnerability is in the ingress-nginx module and allows a malicious person with permissions to create ingress objects to bypass a security measure to execute arbitrary code with permissions from the ingress-nginx controller. In a standard...

Moderate Photon OS Security Update - PHSA-2024-5.0-0350

Updates of 'nginx' packages of Photon OS have been released...

OPENSUSE-SU-2024:14271-1 nginx-1.27.1-1.1 on GA media

These are all security issues fixed in the nginx-1.27.1-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2024-7646

A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects in the networking.k8s.io or extensions API group can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx controller. In the default...

CVE-2024-7646

The CVE-2024-7646 entry concerns ingress-nginx where an actor with permission to create Ingress objects can bypass annotation validation to inject arbitrary commands and obtain the controller’s credentials. The default configuration credential reportedly has access to all secrets in the cluster. ...

CVE-2024-7646

A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects in the networking.k8s.io or extensions API group can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx controller. In the default...

CVE-2024-7646

A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects in the networking.k8s.io or extensions API group can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx controller. In the default...

BIT-NGINX-2024-7347 NGINX MP4 module vulnerability

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and the mp4 directi...

CVE-2024-7347

A flaw was found in the ngxhttpmp4module module of Nginx. Processing a specially crafted MP4 file can trigger a buffer over-read and cause the nginx process to terminate, resulting in a denial of service. Mitigation Restrict publishing of audio and video to trusted users only...

PT-2024-5586

Name of the Vulnerable Software and Affected Versions: ingress-nginx versions prior to 1.12 Description: A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects can bypass annotation validation to inject arbitrary commands and obtain the credentia...

Ingress NGINX Controller 安全漏洞

Ingress NGINX Controller is a Kubernetes open source entry controller for Kubernetes. A security vulnerability exists in Ingress NGINX Controller versions prior to 1.11.2, which stems from a participant with permission to create Ingress objects can bypass annotation validation to inject arbitrary...

Nginx 1.5.13 - 1.27.0 Buffer Overread Vulnerability

Nginx is prone to a buffer overread in the ngxhttpmp4module. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nginx:nginx";...

Internet Bug Bounty: CVE-2024-7347: Buffer overread in the ngx_http_mp4_module

CVE-2024-7347 was a vulnerability in the ngxhttpmp4module of NGINX Open Source and NGINX Plus. The vulnerability could have allowed an attacker to over-read NGINX worker memory, resulting in its termination, using a specially crafted MP4 file. The issue only affected NGINX if it was built with th...

ALPINE-CVE-2024-7347

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and the mp4 directi...

AZL-47781 CVE-2024-7347 affecting package nginx for versions less than 1.22.1-12

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and the mp4 directi...

AZL-47789 CVE-2024-7347 affecting package nginx for versions less than 1.25.4-2

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and the mp4 directi...