CVE-2021-32637

CVE-2021-32637 affects Authelia when used with nginx ngx_http_auth_request_module; a maliciously crafted malformed HTTP request can bypass the authentication mechanism. Public documentation notes that this applies primarily to nginx, while other proxies may not allow malformed URI paths. The root...

CVE-2021-32637 Authentication bypassed with malformed request URI

Authelia is a a single sign-on multi-factor portal for web apps. This affects uses who are using nginx ngxhttpauthrequestmodule with Authelia, it allows a malicious individual who crafts a malformed HTTP request to bypass the authentication mechanism. It additionally could theoretically affect...

Remote Code Execution

nginx is vulnerable to remote code execution. A remote attacker who is able to provide DNS responses to a nginx server can likely achieve remote code execution due to an off-by-one error in ngxresolvercopy while processing DNS responses...

[SECURITY] [DSA 4921-1] nginx security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4921-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 28, 2021 https://www.debian.org/security/faq -...

DSA-4921-1 nginx - security update

Bulletin has no description...

Photon OS 3.0: Nginx PHSA-2021-3.0-0243

An update of the nginx package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-3.0-0243. The text itself is copyright C VMware, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if descripti...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0349

An update of 'gnutls', 'curl', 'dhcp', 'nginx' packages of Photon OS has been released...

Critical Photon OS Security Update - PHSA-2021-0349

Updates of 'dhcp', 'gnutls', 'curl', 'nginx' packages of Photon OS have been released...

Photon OS 1.0: Nginx PHSA-2021-1.0-0394

An update of the nginx package has been released. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-1.0-0394. The text itself is copyright C VMware, Inc...

Photon OS 4.0: Nginx PHSA-2021-4.0-0032

An update of the nginx package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-4.0-0032. The text itself is copyright C VMware, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if descripti...

SUSE-SU-2021:1792-1 Security update for nginx

This update for nginx fixes the following issues: - CVE-2021-23017: nginx DNS resolver off-by-one heap write bsc1186126...

USN-4967-2: nginx vulnerability

USN-4967-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Original advisory details: Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx incorrectly handled responses to the DNS resolver. A remote attacker could...

USN-4967-2 nginx vulnerability

USN-4967-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Original advisory details: Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx incorrectly handled responses to the DNS resolver. A remote attacker could...

Internet Bug Bounty: 1-byte heap buffer overflow in DNS resolver

Official announcement: http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html A security issue in nginx resolver was identified, which might allow an attacker to cause 1-byte memory overwrite by using a specially crafted DNS response, resulting in worker process crash or, potentially,...

nginx 1.20.0 DNS Resolver Off-By-One Heap Write Exploit

An off-by-one error in ngxresolvercopy while processing DNS responses allows a network attacker to write a dot character '.', 0x2E out of bounds in a heap allocated buffer. The vulnerability can be triggered by a DNS response in reply to a DNS request from nginx when the resolver primitive is...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0394

An update of 'dhcp', 'nginx' packages of Photon OS has been released...

Ubuntu: Security Advisory (USN-4967-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important Photon OS Security Update - PHSA-2021-0394

Updates of 'nginx' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2021-3.0-0243

Updates of 'linux', 'nginx', 'linux-rt', 'curl' packages of Photon OS have been released...

Ubuntu 18.04 LTS / 20.04 LTS : nginx vulnerability (USN-4967-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4967-1 advisory. Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx incorrectly handled responses to the DNS resolver. A remote attacker could use...