147 matches found
The vulnerability of the ngx_http_mp4_module in NGINX Open Source HTTP servers allows attackers to expose sensitive information or cause service failures. NGINX Open Source Subscription, NGINX Plus, and NGINX Ingress Controller platforms for application monitoring and management provide solutions to address this issue.
The vulnerability of the ngxhttpmp4module in NGINX Open Source HTTP servers, NGINX Open Source Subscription, NGINX Plus, and NGINX Ingress Controller platforms is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability can allow attackers to disclose...
ALPINE-CVE-2022-41742
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to cause a worker process crash, or might...
DEBIAN-CVE-2022-41742
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to cause a worker process crash, or might...
AZL-11320 CVE-2022-41741 affecting package nginx for versions less than 1.22.1-1
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to corrupt NGINX worker memory, resulting in...
ALPINE-CVE-2022-41741
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to corrupt NGINX worker memory, resulting in...
DEBIAN-CVE-2022-41741
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to corrupt NGINX worker memory, resulting in...
Design/Logic Flaw
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to cause a worker process crash, or might...
UBUNTU-CVE-2022-41742
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to cause a worker process crash, or might...
UBUNTU-CVE-2022-41741
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to corrupt NGINX worker memory, resulting in...
F5 Nginx 缓冲区错误漏洞
F5 Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from F5 Inc. distributed under the BSD-like protocol. F5 Nginx suffers from a buffer error vulnerability that stems from its ngxhttpmp4module module that could allow a local attacker to cause a work process...
PT-2022-5185
Name of the Vulnerable Software and Affected Versions NGINX Open Source versions 1.23.2 and 1.22.1 and earlier NGINX Open Source Subscription versions R2 P1 and R1 P1 and earlier NGINX Plus versions R27 P1 and R26 P1 and earlier Description The issue is related to a buffer-over-read vulnerability...
CVE-2018-16845
An instance of missing input sanitization was found in the mp4 module for nginx. A local attacker could create a specially crafted video file that, when streamed by the server, would cause a denial of service server crash or hang and, possibly, information disclosure...
Huawei EulerOS: Security Advisory for nginx (EulerOS-SA-2018-1399)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
nginx: Denial of service and memory disclosure via mp4 module
An instance of missing input sanitization was found in the mp4 module for nginx. A local attacker could create a specially crafted video file that, when streamed by the server, would cause a denial of service server crash or hang and, possibly, information disclosure...
nginx: Denial of service and memory disclosure via mp4 module
An instance of missing input sanitization was found in the mp4 module for nginx. A local attacker could create a specially crafted video file that, when streamed by the server, would cause a denial of service server crash or hang and, possibly, information disclosure...
Important: Red Hat Security Advisory: rh-nginx18-nginx security update
An update for rh-nginx18-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
nginx 1.1.3 - 1.15.5 Denial of Service and Memory Disclosure via mp4 module
A security issue was identified in the ngxhttpmp4module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. SPDX-FileCopyrightText: 2018 Greenbone AG Som...
USN-3812-1 nginx vulnerabilities
It was discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. CVE-2018-16843 Gal...
DEBIAN-CVE-2018-16845
nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngxhttpmp4module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affec...
CVE-2018-16845
nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngxhttpmp4module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affec...