Lucene search
K

6 matches found

OSV
OSV
added 2026/06/03 7:11 a.m.11 views

USN-8375-1 nginx vulnerabilities

It was discovered that the nginx ngxmailsmtpmodule module incorrectly handled certain memory operations when doing SMTP authentication. This could possibly result in sensitive information being sent to the authentication server. CVE-2025-53859 It was discovered that nginx incorrectly handled...

9.2CVSS6AI score0.61469EPSS
Exploits43References13
RedHat Linux
RedHat Linux
added 2026/03/17 10:41 a.m.3 views

nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections

A flaw was found in NGINX. When NGINX is configured to proxy to upstream Transport Layer Security TLS servers, An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response...

8.2CVSS5.8AI score0.00339EPSS
Exploits0References5
Rosalinux
Rosalinux
added 2026/03/15 5:47 p.m.8 views

Advisory ROSA-SA-2026-3206

software: nginx 1.28.2 OS: ROSA-CHROME unaffected versions = nginx-1.28.2-1 affected versions nginx-1.28.2-1 CVE-ID: CVE-2026-1642 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in NGINX OSS and NGINX Plus when proxying to upstream TLS servers allows an attacker in a man-in-the-middle...

8.2CVSS6AI score0.00339EPSS
Exploits0
OSV
OSV
added 2026/03/12 10:44 a.m.8 views

CLSA-2026-1773312266 nginx: Fix of CVE-2026-1642

CVE-2026-1642: fix upstream TLS MITM ability to inject plaintext into proxied responses; enforce stricter TLS verification and integrity checks...

8.2CVSS7.4AI score0.00339EPSS
Exploits0References1
OSV
OSV
added 2026/03/10 10:18 a.m.8 views

CLSA-2026-1773137907 nginx: Fix of CVE-2026-1642

CVE-2026-1642: fix upstream TLS proxy vulnerability allowing MITM inject plaintext into proxied responses; enforce strict upstream TLS verification and reject injected plaintext...

8.2CVSS7.4AI score0.00339EPSS
Exploits0References1
OSV
OSV
added 2026/02/04 3:16 p.m.9 views

AZL-76706 CVE-2026-1642 affecting package nginx for versions less than 1.28.2-1

A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security TLS servers. An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data in...

8.2CVSS5.8AI score0.00339EPSS
Exploits0References1
Rows per page
Query Builder