Lucene search
K

12 matches found

BDU FSTEC
BDU FSTEC
added 2026/06/29 12:0 a.m.8 views

The vulnerabilities of the ngx_http_proxy_v2_module and ngx_http_grpc_module modules in NGINX Plus and NGINX Open Source web servers allow attackers to execute arbitrary code or cause service interruptions.

The vulnerability of the ngxhttpproxyv2module and ngxhttpgrpcmodule modules in NGINX Plus and NGINX Open Source web servers stems from the execution of operations outside of the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause service...

8.1CVSS6.8AI score0.03459EPSS
Exploits1References3Affected Software11
OSV
OSV
added 2026/06/17 3:16 p.m.4 views

DEBIAN-CVE-2026-42055

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

9.2CVSS6AI score0.03459EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2026/06/17 2:4 p.m.5 views

CVE-2026-42055

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

9.2CVSS6.5AI score0.03459EPSS
Exploits1
Cvelist
Cvelist
added 2026/06/17 2:4 p.m.85 views

CVE-2026-42055 NGINX ngx_http_proxy_v2_module and ngx_http_grpc_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

9.2CVSS0.03459EPSS
Exploits1References1
Debian
Debian
added 2026/05/30 2:38 p.m.19 views

[BSA-135] Security Update for exim4

Andreas Metzler uploaded new packages for exim4 which fixed the following security problems: CVE-2026-48840 PROXYv2 parser: reject PROXY frames whose declared payload length is too short for the claimed address family 12 bytes for TCPv4/0x11, 36 bytes for TCPv6/0x21. Previously a frame with...

5.3CVSS5.7AI score0.00264EPSS
Exploits0
Mageia
Mageia
added 2026/05/26 1:55 a.m.22 views

Updated nginx packages fix security vulnerabilities

NGINX ngxquicmodule vulnerability. CVE-2026-40460 NGINX ngxhttpsslmodule vulnerability. CVE-2026-40701 NGINX ngxhttpproxyv2module vulnerability. CVE-2026-42926 NGINX ngxhttpcharsetmodule vulnerability. CVE-2026-42934 NGINX ngxhttprewritemodule vulnerability. CVE-2026-42945 NGINX ngxhttpscgimodule...

9.2CVSS6AI score0.61469EPSS
Exploits41References2
EUVD
EUVD
added 2026/05/13 6:30 p.m.12 views

EUVD-2026-30006

When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...

6.3CVSS5.8AI score0.00339EPSS
Exploits1References2
OSV
OSV
added 2022/06/08 7:20 p.m.4 views

USN-5474-1 varnish vulnerabilities

It was dicovered that Varnish Cache did not clear a pointer between the handling of one client request and the next request within the same connection. A remote attacker could possibly use this issue to obtain sensitive information. CVE-2019-20637 It was discovered that Varnish Cache could have a...

9.1CVSS7.2AI score0.02106EPSS
Exploits0References5
CNVD
CNVD
added 2020/04/09 12:0 a.m.4 views

Varnish Cache Input Validation Error Vulnerability

Varnish Cache is a set of reverse web caching servers. An input validation error vulnerability exists in Varnish Cache that stems from communication with a TLS proxy using the PROXY v2 version of the protocol. An attacker can exploit this vulnerability to cause assertion failures and daemon...

7.5CVSS6.8AI score0.02106EPSS
Exploits0References1
OSV
OSV
added 2020/04/08 11:15 p.m.5 views

DEBIAN-CVE-2020-11653

An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss...

7.5CVSS7.3AI score0.02106EPSS
Exploits0References1
OSV
OSV
added 2020/04/08 11:15 p.m.5 views

UBUNTU-CVE-2020-11653

An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss...

7.5CVSS7.1AI score0.02106EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2020/04/08 12:0 a.m.10 views

PT-2020-12751 · Varnish +6 · Varnish Cache +6

Name of the Vulnerable Software and Affected Versions: Varnish Cache versions prior to 6.0.6 LTS Varnish Cache versions 6.1.x Varnish Cache versions 6.2.x prior to 6.2.3 Varnish Cache versions 6.3.x prior to 6.3.2 Description: An issue occurs in Varnish Cache when communication with a TLS...

9.1CVSS6.2AI score0.05789EPSS
Exploits0References54
Rows per page
Query Builder