Lucene search
K

93 matches found

RedHat Linux
RedHat Linux
added 2026/05/05 6:16 p.m.6 views

NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module

A flaw was found in NGINX. A remote attacker can exploit a buffer overflow vulnerability within the ngxhttpdavmodule module. This occurs when the NGINX configuration uses DAV module MOVE or COPY methods in conjunction with prefix location and alias directives. Successful exploitation may lead to...

8.8CVSS6AI score0.21621EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/05 6:16 p.m.12 views

Important: Red Hat Security Advisory: nginx security update

An update for nginx is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.8CVSS7.7AI score0.21621EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/05 10:38 a.m.11 views

NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module

A flaw was found in NGINX. A remote attacker can exploit a buffer overflow vulnerability within the ngxhttpdavmodule module. This occurs when the NGINX configuration uses DAV module MOVE or COPY methods in conjunction with prefix location and alias directives. Successful exploitation may lead to...

8.8CVSS6AI score0.21621EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/05 10:38 a.m.14 views

Important: Red Hat Security Advisory: nginx security update

An update for nginx is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

8.8CVSS7.7AI score0.21621EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/05 8:41 a.m.10 views

NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module

A flaw was found in NGINX. A remote attacker can exploit a buffer overflow vulnerability within the ngxhttpdavmodule module. This occurs when the NGINX configuration uses DAV module MOVE or COPY methods in conjunction with prefix location and alias directives. Successful exploitation may lead to...

8.8CVSS6AI score0.21621EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.7 views

RHEL 9 : nginx (RHSA-2026:13839)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:13839 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage...

8.8CVSS7.7AI score0.21621EPSS
Exploits0References10
OSV
OSV
added 2026/04/28 5:16 p.m.9 views

CLSA-2026-1777396606 nginx: Fix of CVE-2026-27654

CVE-2026-27654: fix heap buffer overflow in ngxhttpdavmodule COPY/MOVE with alias...

8.8CVSS6AI score0.21621EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/28 12:0 a.m.105 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : nginx vulnerabilities (USN-8210-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8210-1 advisory. It was discovered that the nginx ngxmailauthhttpmodule module incorrectly handled certain requests. An attacker could possibly use th...

8.8CVSS9.2AI score0.21621EPSS
Exploits0References7
OSV
OSV
added 2026/04/27 12:28 p.m.8 views

USN-8210-1 nginx vulnerabilities

It was discovered that the nginx ngxmailauthhttpmodule module incorrectly handled certain requests. An attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service. CVE-2026-27651 It was discovered that the nginx ngxhttpdavmodule module incorrectly handled...

8.8CVSS9AI score0.21621EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.7 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: nginx (UTSA-2026-014290)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014290 advisory. NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX worker...

8.8CVSS5.8AI score0.21621EPSS
Exploits0References4
OSV
OSV
added 2026/04/21 10:14 a.m.6 views

CLSA-2026-1776766448 nginx: Fix of CVE-2026-27654

CVE-2026-27654: fix heap-based buffer overflow in ngxhttpdavmodule triggered by destination URI shorter than alias length in COPY/MOVE requests...

8.8CVSS6AI score0.21621EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/19 12:0 a.m.7 views

MiracleLinux 9 : nginx:1.26 (AXSA:2026-457:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-457:01 advisory. nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file modification...

8.8CVSS7.9AI score0.21621EPSS
Exploits0References5
OSV
OSV
added 2026/04/17 5:18 p.m.8 views

CLSA-2026-1776446328 nginx: Fix of 3 CVEs

CVE-2026-27651: fix null pointer dereference in ngxmailauthhttpmodule when clearing password in auth http requests with CRAM-MD5/APOP - CVE-2026-27654: fix heap buffer overflow in DAV module when COPY/MOVE destination URI is shorter than alias - CVE-2026-32647: fix buffer over-read/over-write in...

8.8CVSS6.2AI score0.21621EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.8 views

nginx 0.5.13 < 1.28.3 / 1.29.x < 1.29.7 Buffer Overflow in ngx_http_dav_module

The installed version of nginx is 0.5.13 prior to 1.28.3, or 1.29.x prior to 1.29.7. It is, therefore, affected by the following issue : - NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX...

8.8CVSS6.1AI score0.21621EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.7 views

AlmaLinux 8 : nginx:1.24 (ALSA-2026:6907)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:6907 advisory. nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file modification via...

8.8CVSS7.6AI score0.21621EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.8 views

MiracleLinux 9 : nginx-1.20.1-24.el9_7.2.ML.1 (AXSA:2026-435:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-435:02 advisory. nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file modification...

8.8CVSS7.6AI score0.21621EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.42 views

Amazon Linux 2 : nginx, --advisory ALAS2NGINX1-2026-011 (ALASNGINX1-2026-011)

The version of nginx installed on the remote host is prior to 1.28.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NGINX1-2026-011 advisory. When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause...

8.8CVSS7.9AI score0.21621EPSS
Exploits0References14
Amazon
Amazon
added 2026/04/14 12:0 a.m.10 views

Important: nginx

Issue Overview: When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the...

8.8CVSS7.8AI score0.21621EPSS
Exploits0
Oracle linux
Oracle linux
added 2026/04/11 12:0 a.m.7 views

nginx:1.26 security update

2:1.26.3-2.0.1.1 - Require oracle-indexhtml 2:1.26.3-6 - Resolves: RHEL-157887 - CVE-2026-32647 nginx:1.26/nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files 2:1.26.3-5 - Resolves: RHEL-159446 - CVE-2026-27651 nginx:1.26/nginx: NGINX: Denial of Service via undisclos...

8.8CVSS6.1AI score0.21621EPSS
Exploits0
OSV
OSV
added 2026/04/10 12:4 a.m.8 views

RLSA-2026:7343 Important: nginx:1.26 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file...

8.2CVSS7.7AI score0.21621EPSS
Exploits0References5
Rows per page
Query Builder