220 matches found
SUSE SLES16 Security Update : nginx (SUSE-SU-2026:22178-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:22178-1 advisory. This update for nginx fixes the following issue - CVE-2026-9256: heap buffer overflow in the ngxhttprewritemodule when using a configuratio...
nginx: ngx_http_rewrite_module: code execution and denial of service
A flaw was found in the ngxhttprewritemodule module of NGINX. When a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures and a replacement string that references multiple such captures in a redirect or arguments context, an...
SUSE-SU-2026:22178-1 Security update for nginx
This update for nginx fixes the following issue - CVE-2026-9256: heap buffer overflow in the ngxhttprewritemodule when using a configuration with overlapping captures bsc1266215...
OPENSUSE-SU-2026:21107-1 Security update for nginx
This update for nginx fixes the following issue - CVE-2026-9256: heap buffer overflow in the ngxhttprewritemodule when using a configuration with overlapping captures bsc1266215...
Astra Linux – Vulnerability in Wireshark
The CBOR dissector crash in Wireshark versions 4.0.0 to 4.0.6 allows for denial of service through packet injection or malicious capture files...
Astra Linux – Vulnerability in Wireshark
The T.38 dissector crash in Wireshark versions 4.2.0 to 4.0.3, and 4.0.0 to 4.0.13 allows for denial of service through packet injection or malicious capture files...
Astra Linux – Vulnerability in Wireshark
Large loops in multiple protocol dissectors in Wireshark versions 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture files...
Astra Linux – Vulnerability in Wireshark
A memory leak in the RTPS dissector in Wireshark versions 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows for denial of service through packet injection or malicious capture files...
Astra Linux – Vulnerability in Wireshark
The NTLMSSP dissector crash in Wireshark versions 4.2.0 to 4.0.6, as well as 4.0.0 to 4.0.16, allows for denial of service through packet injection or malicious capture files...
Astra Linux – Vulnerability in Wireshark
The RPCoRDMA dissector crash in Wireshark versions 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows for denial of service through packet injection or malicious capture files...
SUSE SLES15 Security Update : nginx (SUSE-SU-2026:2307-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2307-1 advisory. This update for nginx fixes the following issue - CVE-2026-9256: heap buffer overflow in the ngxhttprewritemodule when using a configuration...
SUSE-SU-2026:2307-1 Security update for nginx
This update for nginx fixes the following issue - CVE-2026-9256: heap buffer overflow in the ngxhttprewritemodule when using a configuration with overlapping captures bsc1266215...
Security update for nginx
This update for nginx fixes the following issue CVE-2026-9256: heap buffer overflow in the ngxhttprewritemodule when using a configuration with overlapping captures bsc1266215. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...
Important: nginx
Issue Overview: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string...
CVE-2026-47740
Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user without the permission required to mutate orders. The order detail actions cancel, mark paid, mark...
BIT-NGINX-GATEWAY-2026-9256 NGINX ngx_http_rewrite_module vulnerability
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...
BIT-NGINX-2026-9256 NGINX ngx_http_rewrite_module vulnerability
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization in the capturePayment, cancel, mark paid, mark complete, archive, start processing, mark delivered, and edit tracking actions within the admin panel components. An attacker can perform unauthorized modifications t...
CLSA-2026-1779804603 Fix CVE(s): CVE-2026-9256
SECURITY UPDATE: Heap buffer overflow in ngxhttprewritemodule via overlapping PCRE captures in replacement strings - debian/patches/CVE-2026-9256.patch: recompute buffer length per capture including escaping in ngxhttpscriptregexstartcode to prevent buffer overrun when redirect parameter is used ...
CLSA-2026-1779789531 Fix CVE(s): CVE-2026-9256
SECURITY UPDATE: fix heap buffer overflow in ngxhttprewritemodule with overlapping captures - debian/patches/CVE-2026-9256.patch: fix heap buffer overflow in ngxhttprewritemodule with overlapping captures - CVE-2026-9256...