93 matches found
NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module
A flaw was found in NGINX. A remote attacker can exploit a buffer overflow vulnerability within the ngxhttpdavmodule module. This occurs when the NGINX configuration uses DAV module MOVE or COPY methods in conjunction with prefix location and alias directives. Successful exploitation may lead to...
Important: Red Hat Security Advisory: nginx security update
An update for nginx is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module
A flaw was found in NGINX. A remote attacker can exploit a buffer overflow vulnerability within the ngxhttpdavmodule module. This occurs when the NGINX configuration uses DAV module MOVE or COPY methods in conjunction with prefix location and alias directives. Successful exploitation may lead to...
Important: Red Hat Security Advisory: nginx security update
An update for nginx is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module
A flaw was found in NGINX. A remote attacker can exploit a buffer overflow vulnerability within the ngxhttpdavmodule module. This occurs when the NGINX configuration uses DAV module MOVE or COPY methods in conjunction with prefix location and alias directives. Successful exploitation may lead to...
RHEL 9 : nginx (RHSA-2026:13839)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:13839 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage...
CLSA-2026-1777396606 nginx: Fix of CVE-2026-27654
CVE-2026-27654: fix heap buffer overflow in ngxhttpdavmodule COPY/MOVE with alias...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : nginx vulnerabilities (USN-8210-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8210-1 advisory. It was discovered that the nginx ngxmailauthhttpmodule module incorrectly handled certain requests. An attacker could possibly use th...
USN-8210-1 nginx vulnerabilities
It was discovered that the nginx ngxmailauthhttpmodule module incorrectly handled certain requests. An attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service. CVE-2026-27651 It was discovered that the nginx ngxhttpdavmodule module incorrectly handled...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: nginx (UTSA-2026-014290)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014290 advisory. NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX worker...
CLSA-2026-1776766448 nginx: Fix of CVE-2026-27654
CVE-2026-27654: fix heap-based buffer overflow in ngxhttpdavmodule triggered by destination URI shorter than alias length in COPY/MOVE requests...
MiracleLinux 9 : nginx:1.26 (AXSA:2026-457:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-457:01 advisory. nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file modification...
CLSA-2026-1776446328 nginx: Fix of 3 CVEs
CVE-2026-27651: fix null pointer dereference in ngxmailauthhttpmodule when clearing password in auth http requests with CRAM-MD5/APOP - CVE-2026-27654: fix heap buffer overflow in DAV module when COPY/MOVE destination URI is shorter than alias - CVE-2026-32647: fix buffer over-read/over-write in...
nginx 0.5.13 < 1.28.3 / 1.29.x < 1.29.7 Buffer Overflow in ngx_http_dav_module
The installed version of nginx is 0.5.13 prior to 1.28.3, or 1.29.x prior to 1.29.7. It is, therefore, affected by the following issue : - NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX...
AlmaLinux 8 : nginx:1.24 (ALSA-2026:6907)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:6907 advisory. nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file modification via...
MiracleLinux 9 : nginx-1.20.1-24.el9_7.2.ML.1 (AXSA:2026-435:02)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-435:02 advisory. nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file modification...
Amazon Linux 2 : nginx, --advisory ALAS2NGINX1-2026-011 (ALASNGINX1-2026-011)
The version of nginx installed on the remote host is prior to 1.28.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NGINX1-2026-011 advisory. When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause...
Important: nginx
Issue Overview: When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the...
nginx:1.26 security update
2:1.26.3-2.0.1.1 - Require oracle-indexhtml 2:1.26.3-6 - Resolves: RHEL-157887 - CVE-2026-32647 nginx:1.26/nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files 2:1.26.3-5 - Resolves: RHEL-159446 - CVE-2026-27651 nginx:1.26/nginx: NGINX: Denial of Service via undisclos...
RLSA-2026:7343 Important: nginx:1.26 security update
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file...