VYPR

rpm package

almalinux/nginx-core

pkg:rpm/almalinux/nginx-core

Vulnerabilities (11)

  • CVE-2026-9256HigMay 22, 2026
    affected < 1:1.24.0-7.module_el9.8.0+259+a3b861bb.2.alma.1fixed 1:1.24.0-7.module_el9.8.0+259+a3b861bb.2.alma.1

    NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression (PCRE) captures (for example, ^/((.*))$) and a replac

  • CVE-2026-42945HigMay 13, 2026
    affected < 2:1.20.1-24.el9_7.3.alma.1fixed 2:1.20.1-24.el9_7.3.alma.1

    NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2)

  • CVE-2026-27651Mar 24, 2026
    affected < 1:1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1fixed 1:1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1

    When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP authentication is enabled, and (2) the authentication server permits retry by retu

  • CVE-2026-27654Mar 24, 2026
    affected < 1:1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1fixed 1:1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1

    NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or des

  • CVE-2026-32647Mar 24, 2026
    affected < 1:1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1fixed 1:1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1

    NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, using a specially crafted MP4 fil

  • CVE-2026-27784Mar 24, 2026
    affected < 1:1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1fixed 1:1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1

    The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects 32-bit NGINX

  • CVE-2026-1642Feb 4, 2026
    affected < 1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1fixed 1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1

    A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inje

  • CVE-2024-7347Aug 14, 2024
    affected < 1:1.22.1-8.module_el9.5.0+153+8c633b18.1.alma.1fixed 1:1.22.1-8.module_el9.5.0+153+8c633b18.1.alma.1

    NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_mod

  • CVE-2023-44487HigKEVOct 10, 2023
    affected < 1:1.20.1-14.el9_2.1.alma.1fixed 1:1.20.1-14.el9_2.1.alma.1

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2022-41742Oct 19, 2022
    affected < 2:1.20.1-22.el9_6.2.alma.1fixed 2:1.20.1-22.el9_6.2.alma.1

    NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process

  • CVE-2022-41741Oct 19, 2022
    affected < 2:1.20.1-22.el9_6.2.alma.1fixed 2:1.20.1-22.el9_6.2.alma.1

    NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker m