CVE-2026-27651 NGINX ngx_mail_auth_http_module vulnerability

When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the Auth-Wait...

EUVD-2016-3247

Malware in sbrugna...

EUVD-2018-8641

Malware in sbrugna...

EUVD-2019-11493

Malware in sbrugna...

EUVD-2016-5439

Malware in sbrugna...

EUVD-2022-44913

Malicious code in bioql PyPI...

EUVD-2023-58107

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-25043

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a string index out of range error and worker-process crash for a Cookie: =abc...

Linux Distros Unpatched Vulnerability : CVE-2022-41742

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R...

Exploit for Off-by-one Error in F5 Nginx

CVE-2021-23017-POC A security issue in nginx resolver was iden...

Fedora 37 : nginx (2022-12721789aa)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-12721789aa advisory. Security: processing of a specially crafted mp4 file by the ngxhttpmp4module might cause a worker process crash, worker process memory disclosure, o...

Fedora 39 : nginx / nginx-mod-fancyindex / nginx-mod-modsecurity / etc (2024-8ba5080dfa)

The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-8ba5080dfa advisory. Security: processing of a specially crafted mp4 file by the ngxhttpmp4module might cause a worker process crash CVE-2024-7347. Thanks to Nils Bars. Tenable h...

RHEL 7 : mod_auth_mellon (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modauthmellon: Cross-site session transfer vulnerability CVE-2017-6807 - The amreadpostdata function in...

RHEL 9 : nginx (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nginx: Memory corruption in the ngxhttpmp4module CVE-2022-41741 - Rejected reason: DO NOT USE THIS...

BIT-NGINX-INGRESS-CONTROLLER-2022-41742

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to cause a worker process crash, or might...

Rocky Linux 8 : nginx:1.20 (RLSA-2022:0323)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:0323 advisory. - A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory...

CVE-2023-28882

A vulnerability was found in Mod Security. When certain inputs are used in certain configurations, this issue can result in a segfault and cause a worker process crash. A high volume of these requests sent quickly can lead to the server becoming slow or unresponsive to legitimate requests...

h2o -- Malformed HTTP/1.1 causes Out-of-Memory Denial of Service

Elijah Glover reports: Malformed HTTP/1.1 requests can crash worker processes. occasionally locking up child workers and causing denial of service, and an outage dropping any open connections...

Low: nginx

Issue Overview: No CVE associated with this advisory Affected Packages: nginx Issue Correction: Run dnf update nginx --releasever 2023.0.20230322 or dnf update --advisory ALAS2023-2023-090 --releasever 2023.0.20230322 to update your system. More information on how to update your system can be fou...

Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2023-099)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-099 advisory. 2024-02-15: CVE-2021-3618 was added to this advisory. ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using...