Rocky Linux 8 : nginx:1.20 (RLSA-2022:0323)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:0323 advisory. - A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory...

Oracle Linux 7 : dovecot (ELSA-2020-1062)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1062 advisory. - fix CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory...

CVE-2023-34967

A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol...

Samba 安全漏洞

Samba is the standard Windows interoperability program suite for Linux and Unix. A security vulnerability exists in Samba versions prior to 4.18.5, which originates from an unauthenticated attacker who can exploit a lack of type validation to trigger a process crash in a shared worker process...

CVE-2023-34967

A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol...

CVE-2023-28882

A vulnerability was found in Mod Security. When certain inputs are used in certain configurations, this issue can result in a segfault and cause a worker process crash. A high volume of these requests sent quickly can lead to the server becoming slow or unresponsive to legitimate requests...

h2o -- Malformed HTTP/1.1 causes Out-of-Memory Denial of Service

Elijah Glover reports: Malformed HTTP/1.1 requests can crash worker processes. occasionally locking up child workers and causing denial of service, and an outage dropping any open connections...

Low: nginx

Issue Overview: No CVE associated with this advisory Affected Packages: nginx Issue Correction: Run dnf update nginx --releasever 2023.0.20230322 or dnf update --advisory ALAS2023-2023-090 --releasever 2023.0.20230322 to update your system. More information on how to update your system can be fou...

Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2023-090)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-090 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks ...

Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2023-099)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-099 advisory. 2024-02-15: CVE-2021-3618 was added to this advisory. ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using...

K12331123: NGINX Plus and Open Source vulnerability CVE-2021-23017

Security Advisory Description An issue in NGINX resolver may allow an attacker who is able to forge UDP packets from the specified DNS server to cause a 1-byte memory overwrite, resulting in a worker process crash or other unspecified impact. CVE-2021-23017 Impact A remote attacker can cause a...

K23073482: Nginx vulnerabilities CVE-2016-0742, CVE-2016-0746, and CVE-2016-0747

Security Advisory Description CVE-2016-0742 The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service invalid pointer dereference and worker process crash via a crafted UDP DNS response. CVE-2016-0746 Use-after-free vulnerability in the resolv...

K28112382: NGINX ngx_http_mp4_module vulnerability CVE-2022-41742

Security Advisory Description NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to cause a work...

K24374526: nginx vulnerability CVE-2018-16845

Security Advisory Description nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngxhttpmp4module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted...

SUSE CVE-2014-3199

The wrap function in bindings/core/v8/custom/V8EventCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 38.0.2125.101, has an erroneous fallback outcome for wrapper-selection failures, which allows remote attackers to cause a denial of service via vectors that trigger stopping...

SUSE SLES15 Security Update : nginx (SUSE-SU-2023:0293-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0293-1 advisory. - NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Pl...

SUSE SLES15 Security Update : nginx (SUSE-SU-2023:0210-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0210-1 advisory. - NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Pl...

SUSE SLES15 / openSUSE 15 Security Update : nginx (SUSE-SU-2023:0205-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0205-1 advisory. - NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1...

Amazon Linux 2022 : nginx, nginx-all-modules, nginx-core (ALAS2022-2023-270)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2023-270 advisory. NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the...

Medium: nginx

Issue Overview: NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to corrupt NGINX worker memor...