Lucene search
+L

319 matches found

CVE
CVE
added 2026/05/04 2:48 p.m.83 views

CVE-2026-29169

CVE-2026-29169 : A NULL pointer dereference in mod_dav_lock of Apache HTTP Server 2.4.66 and earlier can crash the server when handling a malicious request. mod_dav_lock is not used internally by mod_dav or mod_dav_fs; the only known use-case was with mod_dav_svn from Apache Subversion (earlier t...

7.5CVSS5.8AI score0.00594EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/04 2:48 p.m.12 views

CVE-2026-29169

A NULL pointer dereference in moddavlock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.moddavlock is not used internally by moddav or moddavfs. The only known use-case for moddavlock was moddavsvn from Apache Subversion earlier than...

7.5CVSS5.8AI score0.00594EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.10 views

Apache HTTP Server 代码问题漏洞

Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. Versions of Apache HTTP Server 2.4.66 and earlier have code vulnerabilities due to a null point...

7.5CVSS5.9AI score0.00594EPSS
Exploits0References2
OSV
OSV
added 2026/04/28 5:16 p.m.9 views

CLSA-2026-1777396606 nginx: Fix of CVE-2026-27654

CVE-2026-27654: fix heap buffer overflow in ngxhttpdavmodule COPY/MOVE with alias...

8.8CVSS6AI score0.21621EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/28 12:0 a.m.105 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : nginx vulnerabilities (USN-8210-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8210-1 advisory. It was discovered that the nginx ngxmailauthhttpmodule module incorrectly handled certain requests. An attacker could possibly use th...

8.8CVSS9.2AI score0.21621EPSS
Exploits0References7
OSV
OSV
added 2026/04/27 12:28 p.m.8 views

USN-8210-1 nginx vulnerabilities

It was discovered that the nginx ngxmailauthhttpmodule module incorrectly handled certain requests. An attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service. CVE-2026-27651 It was discovered that the nginx ngxhttpdavmodule module incorrectly handled...

8.8CVSS9AI score0.21621EPSS
Exploits0References7
Snyk
Snyk
added 2026/04/25 11:34 p.m.6 views

UNIX Symbolic Link (Symlink) Following

Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via the WebDAV backend process. An attacker can access and modify files outside the intended directory by exploiting symbolic links that point outside the designated root. This is only exploitable if...

9.1CVSS5.8AI score0.0033EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.7 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: nginx (UTSA-2026-014290)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014290 advisory. NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX worker...

8.8CVSS5.8AI score0.21621EPSS
Exploits0References4
OSV
OSV
added 2026/04/21 10:14 a.m.6 views

CLSA-2026-1776766448 nginx: Fix of CVE-2026-27654

CVE-2026-27654: fix heap-based buffer overflow in ngxhttpdavmodule triggered by destination URI shorter than alias length in COPY/MOVE requests...

8.8CVSS6AI score0.21621EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/19 12:0 a.m.7 views

MiracleLinux 9 : nginx:1.26 (AXSA:2026-457:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-457:01 advisory. nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file modification...

8.8CVSS7.9AI score0.21621EPSS
Exploits0References5
OSV
OSV
added 2026/04/17 5:18 p.m.8 views

CLSA-2026-1776446328 nginx: Fix of 3 CVEs

CVE-2026-27651: fix null pointer dereference in ngxmailauthhttpmodule when clearing password in auth http requests with CRAM-MD5/APOP - CVE-2026-27654: fix heap buffer overflow in DAV module when COPY/MOVE destination URI is shorter than alias - CVE-2026-32647: fix buffer over-read/over-write in...

8.8CVSS6.2AI score0.21621EPSS
Exploits0References1
Fedora
Fedora
added 2026/04/16 11:42 p.m.10 views

[SECURITY] Fedora 44 Update: kf6-kdav-6.25.0-1.fc44

A DAV protocol implementation with KJobs...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.9 views

nginx 0.5.13 < 1.28.3 / 1.29.x < 1.29.7 Buffer Overflow in ngx_http_dav_module

The installed version of nginx is 0.5.13 prior to 1.28.3, or 1.29.x prior to 1.29.7. It is, therefore, affected by the following issue : - NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX...

8.8CVSS6.1AI score0.21621EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.8 views

AlmaLinux 8 : nginx:1.24 (ALSA-2026:6907)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:6907 advisory. nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file modification via...

8.8CVSS7.6AI score0.21621EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.8 views

MiracleLinux 9 : nginx-1.20.1-24.el9_7.2.ML.1 (AXSA:2026-435:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-435:02 advisory. nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file modification...

8.8CVSS7.6AI score0.21621EPSS
Exploits0References5
Amazon
Amazon
added 2026/04/14 12:0 a.m.10 views

Important: nginx

Issue Overview: When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the...

8.8CVSS7.8AI score0.21621EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.44 views

Amazon Linux 2 : nginx, --advisory ALAS2NGINX1-2026-011 (ALASNGINX1-2026-011)

The version of nginx installed on the remote host is prior to 1.28.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NGINX1-2026-011 advisory. When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause...

8.8CVSS7.9AI score0.21621EPSS
Exploits0References14
Amazon
Amazon
added 2026/04/13 12:0 a.m.15 views

Important: nginx

Issue Overview: When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the...

8.8CVSS6.3AI score0.21621EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.25 views

Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2026-1540)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1540 advisory. When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP...

8.8CVSS7.9AI score0.21621EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.11 views

Oracle Linux 9 : nginx:1.26 (ELSA-2026-7343)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-7343 advisory. - Resolves: RHEL-157887 - CVE-2026-32647 nginx:1.26/nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files - Resolves:...

8.8CVSS6.2AI score0.21621EPSS
Exploits0References5
Rows per page
Query Builder