apk package
wolfi/nginx-stable-mod-stream_geoip
pkg:apk/wolfi/nginx-stable-mod-stream_geoip
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-53859 | — | < 1.30.0-r0 | 1.30.0-r0 | Aug 13, 2025 | NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication serv | ||
| CVE-2025-1695 | — | < 0 | 0 | Mar 4, 2025 | In NGINX Unit before version 1.34.2 with the Java Language Module in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. This vulnerability allows a remote attacker to cause a degradation that can lead to a limited denial-of- | ||
| CVE-2024-34161 | — | < 1.26.1-r0 | 1.26.1-r0 | May 29, 2024 | When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory. | ||
| CVE-2024-35200 | — | < 1.26.1-r0 | 1.26.1-r0 | May 29, 2024 | When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate. | ||
| CVE-2024-32760 | — | < 1.26.1-r0 | 1.26.1-r0 | May 29, 2024 | When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact. | ||
| CVE-2024-31079 | — | < 1.26.1-r0 | 1.26.1-r0 | May 29, 2024 | When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, | ||
| CVE-2023-44487 | Hig | 7.5 | KEV | < 1.24.0-r3 | 1.24.0-r3 | Oct 10, 2023 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
- CVE-2025-53859Aug 13, 2025affected < 1.30.0-r0fixed 1.30.0-r0
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication serv
- CVE-2025-1695Mar 4, 2025affected < 0fixed 0
In NGINX Unit before version 1.34.2 with the Java Language Module in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. This vulnerability allows a remote attacker to cause a degradation that can lead to a limited denial-of-
- CVE-2024-34161May 29, 2024affected < 1.26.1-r0fixed 1.26.1-r0
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory.
- CVE-2024-35200May 29, 2024affected < 1.26.1-r0fixed 1.26.1-r0
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate.
- CVE-2024-32760May 29, 2024affected < 1.26.1-r0fixed 1.26.1-r0
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.
- CVE-2024-31079May 29, 2024affected < 1.26.1-r0fixed 1.26.1-r0
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process,
- affected < 1.24.0-r3fixed 1.24.0-r3
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.