Lucene search
K

147 matches found

BDU FSTEC
BDU FSTEC
added 2022/10/24 12:0 a.m.7 views

The vulnerability of the ngx_http_mp4_module in NGINX Open Source HTTP servers allows attackers to expose sensitive information or cause service failures. NGINX Open Source Subscription, NGINX Plus, and NGINX Ingress Controller platforms for application monitoring and management provide solutions to address this issue.

The vulnerability of the ngxhttpmp4module in NGINX Open Source HTTP servers, NGINX Open Source Subscription, NGINX Plus, and NGINX Ingress Controller platforms is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability can allow attackers to disclose...

7.1CVSS7.6AI score0.01069EPSS
Exploits2References4Affected Software3
OSV
OSV
added 2022/10/19 10:15 p.m.4 views

ALPINE-CVE-2022-41742

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to cause a worker process crash, or might...

7.1CVSS6.5AI score0.01069EPSS
Exploits2References1
OSV
OSV
added 2022/10/19 10:15 p.m.4 views

DEBIAN-CVE-2022-41742

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to cause a worker process crash, or might...

7.1CVSS7.2AI score0.01069EPSS
Exploits2References1
OSV
OSV
added 2022/10/19 10:15 p.m.4 views

AZL-11320 CVE-2022-41741 affecting package nginx for versions less than 1.22.1-1

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to corrupt NGINX worker memory, resulting in...

7.8CVSS6.7AI score0.00756EPSS
Exploits2References1
OSV
OSV
added 2022/10/19 10:15 p.m.4 views

ALPINE-CVE-2022-41741

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to corrupt NGINX worker memory, resulting in...

7.8CVSS6.7AI score0.00756EPSS
Exploits2References1
OSV
OSV
added 2022/10/19 10:15 p.m.5 views

DEBIAN-CVE-2022-41741

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to corrupt NGINX worker memory, resulting in...

7.8CVSS7.6AI score0.00756EPSS
Exploits2References1
Prion
Prion
added 2022/10/19 10:15 p.m.219 views

Design/Logic Flaw

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to cause a worker process crash, or might...

3.2CVSS6.8AI score0.01069EPSS
Exploits2References7Affected Software4
OSV
OSV
added 2022/10/19 10:15 p.m.5 views

UBUNTU-CVE-2022-41742

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to cause a worker process crash, or might...

7.1CVSS7.1AI score0.01069EPSS
Exploits2References6
OSV
OSV
added 2022/10/19 10:15 p.m.4 views

UBUNTU-CVE-2022-41741

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to corrupt NGINX worker memory, resulting in...

7.8CVSS7.1AI score0.00756EPSS
Exploits2References6
CNNVD
CNNVD
added 2022/10/19 12:0 a.m.4 views

F5 Nginx 缓冲区错误漏洞

F5 Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from F5 Inc. distributed under the BSD-like protocol. F5 Nginx suffers from a buffer error vulnerability that stems from its ngxhttpmp4module module that could allow a local attacker to cause a work process...

7.1CVSS7.4AI score0.01069EPSS
Exploits2References12
Positive Technologies
Positive Technologies
added 2022/10/19 12:0 a.m.7 views

PT-2022-5185

Name of the Vulnerable Software and Affected Versions NGINX Open Source versions 1.23.2 and 1.22.1 and earlier NGINX Open Source Subscription versions R2 P1 and R1 P1 and earlier NGINX Plus versions R27 P1 and R26 P1 and earlier Description The issue is related to a buffer-over-read vulnerability...

9.8CVSS7.9AI score0.99999EPSS
Exploits43References115
RedhatCVE
RedhatCVE
added 2020/01/29 4:9 p.m.45 views

CVE-2018-16845

An instance of missing input sanitization was found in the mp4 module for nginx. A local attacker could create a specially crafted video file that, when streamed by the server, would cause a denial of service server crash or hang and, possibly, information disclosure...

8.2CVSS2.1AI score0.09801EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.41 views

Huawei EulerOS: Security Advisory for nginx (EulerOS-SA-2018-1399)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS7.3AI score0.47057EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2018/11/26 12:27 p.m.6 views

nginx: Denial of service and memory disclosure via mp4 module

An instance of missing input sanitization was found in the mp4 module for nginx. A local attacker could create a specially crafted video file that, when streamed by the server, would cause a denial of service server crash or hang and, possibly, information disclosure...

8.2CVSS7.3AI score0.09801EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2018/11/26 12:8 p.m.4 views

nginx: Denial of service and memory disclosure via mp4 module

An instance of missing input sanitization was found in the mp4 module for nginx. A local attacker could create a specially crafted video file that, when streamed by the server, would cause a denial of service server crash or hang and, possibly, information disclosure...

8.2CVSS7.3AI score0.09801EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2018/11/26 12:8 p.m.226 views

Important: Red Hat Security Advisory: rh-nginx18-nginx security update

An update for rh-nginx18-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.2CVSS6.8AI score0.09801EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2018/11/12 12:0 a.m.85 views

nginx 1.1.3 - 1.15.5 Denial of Service and Memory Disclosure via mp4 module

A security issue was identified in the ngxhttpmp4module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. SPDX-FileCopyrightText: 2018 Greenbone AG Som...

8.2CVSS6.7AI score0.09801EPSS
Exploits1References2
OSV
OSV
added 2018/11/07 3:1 p.m.3 views

USN-3812-1 nginx vulnerabilities

It was discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. CVE-2018-16843 Gal...

8.2CVSS6.8AI score0.47057EPSS
Exploits1References4
OSV
OSV
added 2018/11/07 2:29 p.m.1 views

DEBIAN-CVE-2018-16845

nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngxhttpmp4module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affec...

6.1CVSS6.8AI score0.09801EPSS
Exploits1References1
OSV
OSV
added 2018/11/07 2:29 p.m.33 views

CVE-2018-16845

nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngxhttpmp4module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affec...

6.1CVSS6.3AI score0.09801EPSS
Exploits1References14
Rows per page
Query Builder