ROS-20240702-07

A vulnerability in the HTTP/3 QUIC module ngxhttpv3module of NGINX Plus and NGINX OSS web servers is related to writing outside of buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service by using specially crafted HTTP/3...

PT-2024-6554 · Unknown · Nginx Proxy Manager

Name of the Vulnerable Software and Affected Versions: NginxProxyManager version 2.11.3 Description: A command injection vulnerability in the requestLetsEncryptSslWithDnsChallenge function allows an attacker to achieve remote code execution via the "Add Let's Encrypt Certificate" feature. This...

PT-2024-6493 · Unknown · Nginx Proxy Manager

Name of the Vulnerable Software and Affected Versions: Nginx Proxy Manager version 2.11.3 Description: The issue is related to a command injection vulnerability in the requestLetsEncryptSsl function of the NGINX Proxy Manager. This vulnerability can be exploited by a remote attacker to execute...

GO-2024-2480 Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF in github.com/0xJacky/Nginx-UI

Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF in github.com/0xJacky/Nginx-UI. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

GO-2024-2428 Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation in k8s.io/ingress-nginx

Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation in k8s.io/ingress-nginx. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive repor...

GO-2024-2481 Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature in github.com/0xJacky/Nginx-UI

Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature in github.com/0xJacky/Nginx-UI. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive report...

Updated python-aiohttp packages fix security vulnerability

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...

Critical Photon OS Security Update - PHSA-2024-5.0-0302

Updates of 'go' packages of Photon OS have been released...

Moderate Photon OS Security Update - PHSA-2024-4.0-0638

Updates of 'libssh2', 'nginx' packages of Photon OS have been released...

Security Bulletin: Vulnerabilities in Linux components affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in libssh, nginx and nghttp2 affect IBM Storage Virtualize products and could cause denial of service and bypassing of authentication. CVE-2023-44487, CVE-2023-1667, CVE-2023-2283. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a...

OPENSUSE-SU-2024:13701-1 nginx-1.25.4-1.1 on GA media

These are all security issues fixed in the nginx-1.25.4-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12433-1 nginx-1.23.2-1.1 on GA media

These are all security issues fixed in the nginx-1.23.2-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:10044-1 nginx-1.11.4-2.5 on GA media

These are all security issues fixed in the nginx-1.11.4-2.5 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11092-1 nginx-1.21.3-1.4 on GA media

These are all security issues fixed in the nginx-1.21.3-1.4 package on the GA media of openSUSE Tumbleweed...

new module: nginx:1.24

An update is available for module.nginx, nginx. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rock...

Fedora: Security Advisory (FEDORA-2024-2e4858330c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-06e6dcbb42)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: nginx-1.26.1-1.fc39

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

[SECURITY] Fedora 40 Update: nginx-1.26.1-1.fc40

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

Fedora 39 : nginx (2024-2e4858330c)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-2e4858330c advisory. Security: when using HTTP/3, processing of a specially crafted QUIC session might cause a worker process crash, worker process memory disclosure on...