RHEL 9 : nginx (RHSA-2023:5711)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5711 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...

RHEL 8 : nginx:1.22 (RHSA-2023:5713)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5713 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...

PT-2023-29222 · Nginx +1 · Nginx +1

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.1.1 stable and 3.2.0.beta2 Description: Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running o...

ALSA-2023:5713 Moderate: nginx:1.22 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more details about the securi...

ALSA-2023:5712 Moderate: nginx:1.20 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more details about the securi...

CentOS 8 : nginx:1.22 (CESA-2023:5713)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:5713 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wi...

RHEL 9 : nginx (RHSA-2023:5714)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5714 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...

RHEL 8 : nginx:1.20 (RHSA-2023:5715)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5715 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...

RHEL 7 : rh-nginx120-nginx (RHSA-2023:5720)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5720 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...

ALSA-2023:5711 Moderate: nginx security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more details about the securi...

CVE-2023-44487 affecting package nginx for versions less than 1.22.1-11

CVE-2023-44487 affecting package nginx for versions less than 1.22.1-11. A patched version of the package is available...

CVE-2020-19692 affecting package nginx for versions less than 1.22.1-11

CVE-2020-19692 affecting package nginx for versions less than 1.22.1-11. An upgraded version of the package is available that resolves this issue...

CVE-2022-3638 affecting package nginx for versions less than 1.22.1-11

CVE-2022-3638 affecting package nginx for versions less than 1.22.1-11. An upgraded version of the package is available that resolves this issue...

CVE-2023-45132

NAXSI is an open-source maintenance web application firewall WAF for NGINX. An issue present starting in version 1.3 and prior to version 1.6 allows someone to bypass the WAF when a malicious X-Forwarded-For IP matches IgnoreIP IgnoreCIDR rules. This old code was arranged to allow older NGINX...

Design/Logic Flaw

NAXSI is an open-source maintenance web application firewall WAF for NGINX. An issue present starting in version 1.3 and prior to version 1.6 allows someone to bypass the WAF when a malicious X-Forwarded-For IP matches IgnoreIP IgnoreCIDR rules. This old code was arranged to allow older NGINX...

CVE-2023-45132

CVE-2023-45132 affects the NAXSI WAF for NGINX. The issue, present from 1.3 up to but not including 1.6, allows bypassing the WAF when a crafted X-Forwarded-For IP matches IgnoreIP/IgnoreCIDR rules. The root cause is how IgnoreIP/IgnoreCIDR were supported with multiple reverse proxies, enabling b...

CVE-2023-45132 IgnoreIP/IgnoreCIDR should not trust X-Forwarded-For

NAXSI is an open-source maintenance web application firewall WAF for NGINX. An issue present starting in version 1.3 and prior to version 1.6 allows someone to bypass the WAF when a malicious X-Forwarded-For IP matches IgnoreIP IgnoreCIDR rules. This old code was arranged to allow older NGINX...

CVE-2023-45132 IgnoreIP/IgnoreCIDR should not trust X-Forwarded-For

NAXSI is an open-source maintenance web application firewall WAF for NGINX. An issue present starting in version 1.3 and prior to version 1.6 allows someone to bypass the WAF when a malicious X-Forwarded-For IP matches IgnoreIP IgnoreCIDR rules. This old code was arranged to allow older NGINX...

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: gke-gcloud-auth-plugin, dgraph, nginx-mainline, kubewatch, ollama, mc, pulumi-language-dotnet, terraform-provider-aws, pulumi-kubernetes-operator, aws-efs-csi-driver, flux-kustomize-controller, nghttp2, fuse-overlayfs-snapshotter, wireguard-go, kubeflow-katib,...

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: aws-efs-csi-driver, tomcat, ko, newrelic-infrastructure-agent, atlantis, nginx-mainline, terraform-provider-sendgrid-fips, scorecard, aactl, kaf, kube-state-metrics, prometheus-adapter-fips, external-dns, kubescape, git-lfs, buildkitd, secrets-store-csi-driver,...