CVE-2022-41741

Summary (CVE-2022-41741) : NGINX Open Source before 1.23.2 and 1.22.1, NGINX Open Source Subscription before R2 P1/R1 P1, and NGINX Plus before R27 P1/R26 P1, that are built with the ngx_http_mp4_module and have the mp4 directive enabled, are vulnerable to local memory corruption in the module. A...

CVE-2022-41741 NGINX ngx_http_mp4_module vulnerability CVE-2022-41741

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to corrupt NGINX worker memory, resulting in...

CVE-2022-41741 NGINX ngx_http_mp4_module vulnerability CVE-2022-41741

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to corrupt NGINX worker memory, resulting in...

CVE-2022-41741

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to corrupt NGINX worker memory, resulting in...

CVE-2022-41741

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to corrupt NGINX worker memory, resulting in...

PT-2022-5182 · Nginx · Nginx Plus +1

Name of the Vulnerable Software and Affected Versions: NGINX Plus versions prior to R27 P1 and R26 P1 Description: The issue is related to a buffer overflow in the ngx http hls module of NGINX Ingress Controller, which can be exploited to cause a denial of service or potentially other impacts. Th...

F5 Nginx 缓冲区错误漏洞

F5 Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from F5 USA, distributed under the BSD-like protocol. A buffer error vulnerability exists in F5 Nginx version 1.23.2, 1.22.1. An attacker could exploit this vulnerability to corrupt NGINX worker memory...

PT-2022-5184

Name of the Vulnerable Software and Affected Versions NGINX Open Source versions 1.23.2 and earlier, excluding version 1.22.1 and later NGINX Open Source versions 1.22.1 and earlier NGINX Open Source Subscription before versions R2 P1 and R1 P1 NGINX Plus before versions R27 P1 and R26 P1...

nginx -- Two vulnerabilities

NGINX Development Team reports: Two security issues were identified in the ngxhttpmp4module, which might allow an attacker to cause a worker process crash or worker process memory disclosure by using a specially crafted mp4 file, or might have potential other impact CVE-2022-41741, CVE-2022-41742...

F5 Nginx 缓冲区错误漏洞

F5 Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from F5 Inc. distributed under the BSD-like protocol. F5 Nginx suffers from a buffer error vulnerability that stems from its ngxhttpmp4module module that could allow a local attacker to cause a work process...

PT-2022-5185

Name of the Vulnerable Software and Affected Versions NGINX Open Source versions 1.23.2 and 1.22.1 and earlier NGINX Open Source Subscription versions R2 P1 and R1 P1 and earlier NGINX Plus versions R27 P1 and R26 P1 and earlier Description The issue is related to a buffer-over-read vulnerability...

Joomla OSG Courts Reservation 1.4.9 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

The vulnerability of the systemd.txt file on the NGINX Controller platform allows a hacker to disclose protected information.

The vulnerability of the systemd.txt file on the NGINX Controller application monitoring and management platform is related to insufficient protection for registration data. Exploiting this vulnerability could allow attackers to disclose sensitive information that is protected by this system...

Kubernetes: Ingress nginx annotation injection causes arbitrary command execution

A vulnerability was found where arbitrary commands could be executed on the Kubernetes cluster. Through annotation injection on the ingress resource, additional locations could be added to the nginx configuration, allowing commands to be passed and executed via the lua scripting engine on the...

Ubuntu: Security Advisory (USN-5371-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 ESM : nginx vulnerability (USN-5371-3)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5371-3 advisory. USN-5371-1 and USN-5371-2 fixed several vulnerabilities in nginx. This update provides the corresponding update for CVE-2020-11724 for Ubuntu 16.04 ESM. Tenable h...

USN-5371-3: nginx vulnerability

USN-5371-1 and USN-5371-2 fixed several vulnerabilities in nginx. This update provides the corresponding update for CVE-2020-11724 for Ubuntu 16.04 ESM. Original advisory details: It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to perfo...

USN-5371-3 nginx vulnerability

USN-5371-1 and USN-5371-2 fixed several vulnerabilities in nginx. This update provides the corresponding update for CVE-2020-11724 for Ubuntu 16.04 ESM. Original advisory details: It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to perfo...

Debian dla-3127 : libhttp-daemon-perl - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3127 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3127-1 [email protected] https://www.debian.org/lts/security/...

Joomla MarvikShop ShoppingCart 3.4 SQL Injection Vulnerability

┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ Exploits ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │ Website :...