846 matches found
nginx:1.24 security update
An update is available for module.nginx, nginx. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list nginx is a web and proxy server supporting HTTP and other...
RLSA-2026:5581 Moderate: nginx:1.24 security update
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections CVE-2026-1642 For more details about the security issues,...
@nestjs/core Improperly Neutralizes Special Elements in Output Used by a Downstream Component ('Injection')
Impact What kind of vulnerability is it? Who is impacted? SseStream.transform interpolates message.type and message.id directly into Server-Sent Events text protocol output without sanitizing newline characters \r, \n. Since the SSE protocol treats both \r and \n as field delimiters and \n\n as...
GHSA-36XV-JGW5-4Q75 @nestjs/core Improperly Neutralizes Special Elements in Output Used by a Downstream Component ('Injection')
Impact What kind of vulnerability is it? Who is impacted? SseStream.transform interpolates message.type and message.id directly into Server-Sent Events text protocol output without sanitizing newline characters \r, \n. Since the SSE protocol treats both \r and \n as field delimiters and \n\n as...
PT-2026-30760
Name of the Vulnerable Software and Affected Versions Nest versions prior to 11.1.18 Description The SseStream. transform function interpolates message.type and message.id directly into Server-Sent Events text protocol output without sanitizing newline characters r, . Because the SSE protocol use...
nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections
A flaw was found in NGINX. When NGINX is configured to proxy to upstream Transport Layer Security TLS servers, An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response...
RHEL 9 : nginx:1.24 (RHSA-2026:6302)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:6302 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...
RHEL 9 : nginx (RHSA-2026:6408)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:6408 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...
RHEL 10 : nginx (RHSA-2026:6311)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:6311 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...
RHEL 9 : nginx:1.26 (RHSA-2026:6427)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:6427 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...
RHEL 9 : nginx:1.24 (RHSA-2026:6407)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:6407 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...
Moderate: Red Hat Security Advisory: nginx:1.24 security update
An update for the nginx:1.24 module is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections
A flaw was found in NGINX. When NGINX is configured to proxy to upstream Transport Layer Security TLS servers, An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response...
nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections
A flaw was found in NGINX. When NGINX is configured to proxy to upstream Transport Layer Security TLS servers, An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response...
Moderate: Red Hat Security Advisory: nginx security update
An update for nginx is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Moderate: Red Hat Security Advisory: nginx security update
An update for nginx is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections
A flaw was found in NGINX. When NGINX is configured to proxy to upstream Transport Layer Security TLS servers, An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response...
PT-2026-29497
Name of the Vulnerable Software and Affected Versions xmldom versions 0.6.0 and prior, and @xmldom/xmldom prior to versions 0.8.12 and 0.9.9 Description The xmldom library contains a flaw where attacker-controlled strings including the CDATA terminator can be inserted into a CDATASection node...
nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections
A flaw was found in NGINX. When NGINX is configured to proxy to upstream Transport Layer Security TLS servers, An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response...
Moderate: Red Hat Security Advisory: nginx:1.24 security update
An update for the nginx:1.24 module is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...