Amazon Linux AMI : nginx (ALAS-2023-1665)

The version of nginx installed on the remote host is prior to 1.18.0-1.44. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1665 advisory. NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and...

Description of the security update for Microsoft Exchange Server 2019: January 10, 2023 (KB5022193)

Description of the security update for Microsoft Exchange Server 2019: January 10, 2023 KB5022193 This security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and Exposures CVE CVE-2023-21745...

Fedora 35 : nginx (2022-97de53f202)

The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-97de53f202 advisory. Security: processing of a specially crafted mp4 file by the ngxhttpmp4module might cause a worker process crash, worker process memory disclosure, o...

Fedora 36 : nginx (2022-b0f5bc2175)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-b0f5bc2175 advisory. Security: processing of a specially crafted mp4 file by the ngxhttpmp4module might cause a worker process crash, worker process memory disclosure, o...

Debian DSA-5281-1 : nginx - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5281 advisory. It was discovered that parsing errors in the mp4 module of Nginx, a high-performance web and reverse proxy server, could result in denial of service, memory...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : nginx vulnerabilities (USN-5722-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5722-1 advisory. It was discovered that nginx incorrectly handled certain memory operations in the ngxhttpmp4module module. A local...

CVE-2022-41742

A vulnerability was found in NGINX’s module, ngxhttpmp4module. This flaw allows a local attacker to cause a worker process crash or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products built with ngxhttpmp4module...

CVE-2021-23017: NGINX Resolver Vulnerability

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. Products Affected. Brocade SANnav - Fixed in Brocade SANnav 2.2.1...

CVE-2021-23017: NGINX Resolver Vulnerability

Security Advisory ID : BSA-2021-1516 Component : NGINX Revision : 1.0 A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact...

MGASA-2022-0398 Updated nginx packages fix security vulnerability

Two security issues were identified in the ngxhttpmp4module, which might allow an attacker to cause a worker process crash or worker process memory disclosure by using a specially crafted mp4 file, or might have potential other impact. CVE-2022-41741, CVE-2022-41742...

Updated nginx packages fix security vulnerability

Two security issues were identified in the ngxhttpmp4module, which might allow an attacker to cause a worker process crash or worker process memory disclosure by using a specially crafted mp4 file, or might have potential other impact. CVE-2022-41741, CVE-2022-41742...

Mageia: Security Advisory (MGASA-2022-0398)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

nginx 1.1.x < 1.23.2 / 1.0.x < 1.22.1 Memory Disclosure

According to its Server response header, the installed version of nginx is 1.0.x prior to 1.22.1 or 1.1.x prior to 1.23.2. It is, therefore, affected by a memory disclosure in the ngxhttpmp4module that allows an attacker to cause a worker process crash or worker process memory disclosure. The...

FreeBSD : nginx -- Two vulnerabilities (676d4f16-4fb3-11ed-a374-8c164567ca3c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 676d4f16-4fb3-11ed-a374-8c164567ca3c advisory. - NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before...

CVE-2022-41742

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to cause a worker process crash, or might...

CVE-2022-41742

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to cause a worker process crash, or might...

CVE-2022-41742

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to cause a worker process crash, or might...

CVE-2022-41742 NGINX ngx_http_mp4_module vulnerability CVE-2022-41742

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to cause a worker process crash, or might...

CVE-2022-41742

CVE-2022-41742 affects NGINX ngx_http_mp4_module when mp4 is enabled; a crafted MP4 file can cause local memory disclosure or worker crashes. Affected: NGINX Open Source before 1.23.2 and 1.22.1, NGINX Open Source Subscription before R2 P1/R1 P1, and NGINX Plus before R27 P1/R26 P1. Root cause: p...

CVE-2022-41742

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to cause a worker process crash, or might...