12 matches found
The vulnerabilities of the ngx_http_proxy_v2_module and ngx_http_grpc_module modules in NGINX Plus and NGINX Open Source web servers allow attackers to execute arbitrary code or cause service interruptions.
The vulnerability of the ngxhttpproxyv2module and ngxhttpgrpcmodule modules in NGINX Plus and NGINX Open Source web servers stems from the execution of operations outside of the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause service...
DEBIAN-CVE-2026-42055
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...
CVE-2026-42055
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...
CVE-2026-42055 NGINX ngx_http_proxy_v2_module and ngx_http_grpc_module vulnerability
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...
[BSA-135] Security Update for exim4
Andreas Metzler uploaded new packages for exim4 which fixed the following security problems: CVE-2026-48840 PROXYv2 parser: reject PROXY frames whose declared payload length is too short for the claimed address family 12 bytes for TCPv4/0x11, 36 bytes for TCPv6/0x21. Previously a frame with...
Updated nginx packages fix security vulnerabilities
NGINX ngxquicmodule vulnerability. CVE-2026-40460 NGINX ngxhttpsslmodule vulnerability. CVE-2026-40701 NGINX ngxhttpproxyv2module vulnerability. CVE-2026-42926 NGINX ngxhttpcharsetmodule vulnerability. CVE-2026-42934 NGINX ngxhttprewritemodule vulnerability. CVE-2026-42945 NGINX ngxhttpscgimodule...
EUVD-2026-30006
When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...
USN-5474-1 varnish vulnerabilities
It was dicovered that Varnish Cache did not clear a pointer between the handling of one client request and the next request within the same connection. A remote attacker could possibly use this issue to obtain sensitive information. CVE-2019-20637 It was discovered that Varnish Cache could have a...
Varnish Cache Input Validation Error Vulnerability
Varnish Cache is a set of reverse web caching servers. An input validation error vulnerability exists in Varnish Cache that stems from communication with a TLS proxy using the PROXY v2 version of the protocol. An attacker can exploit this vulnerability to cause assertion failures and daemon...
DEBIAN-CVE-2020-11653
An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss...
UBUNTU-CVE-2020-11653
An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss...
PT-2020-12751 · Varnish +6 · Varnish Cache +6
Name of the Vulnerable Software and Affected Versions: Varnish Cache versions prior to 6.0.6 LTS Varnish Cache versions 6.1.x Varnish Cache versions 6.2.x prior to 6.2.3 Varnish Cache versions 6.3.x prior to 6.3.2 Description: An issue occurs in Varnish Cache when communication with a TLS...