VYPR

apk package

chainguard/nginx-stable-mod-mail

pkg:apk/chainguard/nginx-stable-mod-mail

Vulnerabilities (7)

  • CVE-2025-53859Aug 13, 2025
    affected < 1.30.0-r0fixed 1.30.0-r0

    NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication serv

  • CVE-2025-1695Mar 4, 2025
    affected < 0fixed 0

    In NGINX Unit before version 1.34.2 with the Java Language Module in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. This vulnerability allows a remote attacker to cause a degradation that can lead to a limited denial-of-

  • CVE-2024-34161May 29, 2024
    affected < 1.26.1-r0fixed 1.26.1-r0

    When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory.

  • CVE-2024-35200May 29, 2024
    affected < 1.26.1-r0fixed 1.26.1-r0

    When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate.

  • CVE-2024-32760May 29, 2024
    affected < 1.26.1-r0fixed 1.26.1-r0

    When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.

  • CVE-2024-31079May 29, 2024
    affected < 1.26.1-r0fixed 1.26.1-r0

    When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process,

  • CVE-2023-44487HigKEVOct 10, 2023
    affected < 1.24.0-r3fixed 1.24.0-r3

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.