6 matches found
USN-8375-1 nginx vulnerabilities
It was discovered that the nginx ngxmailsmtpmodule module incorrectly handled certain memory operations when doing SMTP authentication. This could possibly result in sensitive information being sent to the authentication server. CVE-2025-53859 It was discovered that nginx incorrectly handled...
nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections
A flaw was found in NGINX. When NGINX is configured to proxy to upstream Transport Layer Security TLS servers, An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response...
Advisory ROSA-SA-2026-3206
software: nginx 1.28.2 OS: ROSA-CHROME unaffected versions = nginx-1.28.2-1 affected versions nginx-1.28.2-1 CVE-ID: CVE-2026-1642 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in NGINX OSS and NGINX Plus when proxying to upstream TLS servers allows an attacker in a man-in-the-middle...
CLSA-2026-1773312266 nginx: Fix of CVE-2026-1642
CVE-2026-1642: fix upstream TLS MITM ability to inject plaintext into proxied responses; enforce stricter TLS verification and integrity checks...
CLSA-2026-1773137907 nginx: Fix of CVE-2026-1642
CVE-2026-1642: fix upstream TLS proxy vulnerability allowing MITM inject plaintext into proxied responses; enforce strict upstream TLS verification and reject injected plaintext...
AZL-76706 CVE-2026-1642 affecting package nginx for versions less than 1.28.2-1
A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security TLS servers. An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data in...