CVE-2022-41742

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to cause a worker process crash, or might...

PT-2022-5184

Name of the Vulnerable Software and Affected Versions NGINX Open Source versions 1.23.2 and earlier, excluding version 1.22.1 and later NGINX Open Source versions 1.22.1 and earlier NGINX Open Source Subscription before versions R2 P1 and R1 P1 NGINX Plus before versions R27 P1 and R26 P1...

nginx -- Two vulnerabilities

NGINX Development Team reports: Two security issues were identified in the ngxhttpmp4module, which might allow an attacker to cause a worker process crash or worker process memory disclosure by using a specially crafted mp4 file, or might have potential other impact CVE-2022-41741, CVE-2022-41742...

Security Bulletin: A security vulnerability has been identified in Apache Subversion shipped with IBM Tivoli Netcool Impact (CVE-2022-24070)

Summary Apache Subversion is shipped with IBM Tivoli Netcool Impact. Information about a security vulnerability affecting Apache Subversion has been published in a security bulletin. Vulnerability Details CVEID: CVE-2022-24070 DESCRIPTION: Apache Subversion is vulnerable to a denial of service,...

Nginx Plus R1 < R15-P2 / R16 < R16-P1 Multiple Vulnerabilities

According to it's self reported version, the installed version of Nginx Plus is R1 built on Open Source version 1.5.3-1 prior to R15-P2 or R16 built on Open Source version 1.15.2 prior to R16-P1. It is, therefore, affected by the following issues : - An unspecified error exists related to the...

Celery local privilege escalation vulnerability

Celery 2.1 and 2.2 before 2.2.8, 2.3 before 2.3.4, and 2.4 before 2.4.4 changes the effective id but not the real id during processing of the --uid and --gid arguments to celerybeat, celeryddetach, celeryd-multi, and celeryev, which allows local users to gain privileges via vectors involving...

Rocky Linux 8 : nginx:1.16 (RLSA-2021:2290)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:2290 advisory. - A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory...

Oracle Linux 8 : nginx:1.20 (ELSA-2022-0323)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-0323 advisory. 1.20.1-1.0.1 - Remove Red Hat references Orabug: 29498217 1:1.20.1-1 - rebase to 1.20.1 addressing CVE-2021-23017 Tenable has extracted the preceding descriptio...

Huawei EulerOS: Security Advisory for nginx (EulerOS-SA-2021-2599)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : nginx (EulerOS-SA-2021-2599)

According to the versions of the nginx package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that cause...

EulerOS 2.0 SP2 : nginx (EulerOS-SA-2021-2412)

According to the versions of the nginx package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause...

EulerOS 2.0 SP5 : nginx (EulerOS-SA-2021-2340)

According to the version of the nginx packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byt...

openSUSE 15 Security Update : nginx (openSUSE-SU-2021:1815-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1815-1 advisory. - A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause...

SUSE: Security Advisory (SUSE-SU-2019:0334-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-23017

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact...

CVE-2021-23017

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact...

Memory corruption

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact...

CVE-2021-23017

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact...

CVE-2021-23017

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact...

CVE-2021-23017

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact...