Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0207

An update of 'envoy', 'nginx', 'libarchive', 'ansible' packages of Photon OS has been released...

Critical Photon OS Security Update - PHSA-2020-0207

Updates of 'envoy', 'ansible', 'libarchive', 'nginx' packages of Photon OS have been released...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0276

An update of 'libvirt', 'python3', 'nginx' packages of Photon OS has been released...

Photon OS 1.0: Nginx PHSA-2020-1.0-0276

An update of the nginx package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-1.0-0276. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid133684...

Photon OS 2.0: Nginx PHSA-2020-2.0-0207

An update of the nginx package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-2.0-0207. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid133689...

openSUSE Security Update : nginx (openSUSE-2020-204)

This update for nginx fixes the following issues : - CVE-2019-20372: Fixed an HTTP request smuggling with certain errorpage configurations which could have allowed unauthorized web page reads bsc1160682. This update was imported from the SUSE:SLE-15-SP1:Update update project. C Tenable Network...

OPENSUSE-SU-2020:0204-1 Security update for nginx

This update for nginx fixes the following issues: - CVE-2019-20372: Fixed an HTTP request smuggling with certain errorpage configurations which could have allowed unauthorized web page reads bsc1160682. This update was imported from the SUSE:SLE-15-SP1:Update update project...

Security update for nginx (moderate)

openSUSE Security Update: Security update for nginx Announcement ID: openSUSE-SU-2020:0204-1 Rating: moderate References: 1160682 Cross-References: CVE-2019-20372 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for nginx fixe...

FreeBSD : NGINX -- HTTP request smuggling (c1202de8-4b29-11ea-9673-4c72b94353b5)

NGINX Team reports : NGINX before 1.17.7, with certain errorpage configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer. C Tenable Network Security, Inc. The...

Security Bulletin: Aspera Web Shares application is affected by NGINX Vulnerabilities (CVE-2018-16845, CVE-2018-16843, CVE-2019-7401)

Summary IBM Aspera Shares has addressed the following OpenSSL vulnerabilities. Vulnerability Details CVEID: CVE-2019-7401 DESCRIPTION: NGINX Unit before 1.7.1 might allow an attacker to cause a heap-based buffer overflow in the router process with a specially crafted request. This may result in a...

SUSE SLES15 Security Update : nginx (SUSE-SU-2020:0348-1)

This update for nginx fixes the following issues : CVE-2019-20372: Fixed an HTTP request smuggling with certain errorpage configurations which could have allowed unauthorized web page reads bsc1160682. Note that Tenable Network Security has extracted the preceding description block directly from...

SUSE-SU-2020:0348-1 Security update for nginx

This update for nginx fixes the following issues: - CVE-2019-20372: Fixed an HTTP request smuggling with certain errorpage configurations which could have allowed unauthorized web page reads bsc1160682...

Gamaredon APT Improves Toolset to Target Ukraine Government, Military

The Gamaredon advanced persistent threat APT group has been supercharging its operations lately, improving its toolset and ramping up attacks on Ukrainian national security targets. Vitali Kremez, head of SentinelLabs, said in research released on Wednesday that he has been tracking an uptick in...

CVE-2018-16845

An instance of missing input sanitization was found in the mp4 module for nginx. A local attacker could create a specially crafted video file that, when streamed by the server, would cause a denial of service server crash or hang and, possibly, information disclosure...

Localize: Nginx version is disclosed in HTTP response

Summary: I found a version disclosure Nginx in your web server's HTTP response. Extracted Version: 1.16.1 This information might help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of Nginx. Steps To Reproduc...

Huawei EulerOS: Security Advisory for nginx (EulerOS-SA-2019-2084)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for nginx (EulerOS-SA-2018-1399)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Kubernetes: Compromise of auth via subset/superset namespace names.

Report Submission Form Summary: Use of nginx.ingress.kubernetes.io/auth annotations results in a file named namespace-ingress.passwd. If user knows the namespace and ingress of an ingress they want to compromise they need to be able to create a namespace that is some subset of namespace-ingress...

PHP-FPM Underflow RCE

This module exploits an underflow vulnerability in versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 of PHP-FPM on Nginx. Only servers with certains Nginx + PHP-FPM configurations are exploitable. This is a port of the original neex's exploit code see refs.. First, it detects...

USN-4235-2: nginx vulnerability

USN-4235-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly handled certain errorpage configurations. A remote attacker could possibly use this...