Nginx 0.7.22 - 1.29.0 Information Disclosure Vulnerability

Nginx is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nginx:nginx";...

Linux Distros Unpatched Vulnerability : CVE-2022-41741

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R...

SUSE CVE-2012-1180

Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request...

SUSE CVE-2014-3616

nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...

SUSE CVE-2016-0747

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service worker process resource consumption via vectors related to arbitrary name resolution...

SUSE CVE-2022-41742

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to cause a worker process crash, or might...

F5 Nginx 缓冲区错误漏洞

F5 Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from F5 USA, distributed under the BSD-like protocol. A buffer error vulnerability exists in F5 Nginx version 1.23.2, 1.22.1. An attacker could exploit this vulnerability to corrupt NGINX worker memory...

nginx: HTTP request smuggling in configurations with URL redirect used as error_page

NGINX before 1.17.7, with certain errorpage configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer...

Exploit for Integer Overflow or Wraparound in F5 Nginx

CVE-2017-7529-POC Affected Vulnerabilities This vulner...

CVE-2014-3556

The STARTTLS implementation in mail/ngxmailsmtphandler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command...

DEBIAN-CVE-2012-1180

Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request...

nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability

nginx is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of- service conditions. nginx versions 1.1....