rpm package
opensuse/nginx&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/nginx&distro=openSUSE%20Tumbleweed
Vulnerabilities (36)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-42946 | Med | 6.5 | < 1.31.0-1.1 | 1.31.0-1.1 | May 13, 2026 | A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result in excessive memory allocation or an over-read of data. When scgi_pass or uwsgi_pass is configured, an unauthenticated attacker with man-in-the-middle (MITM) ability to control re | |
| CVE-2026-42945 | Hig | 8.1 | < 1.31.0-1.1 | 1.31.0-1.1 | May 13, 2026 | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) | |
| CVE-2026-42934 | Med | 4.8 | < 1.31.0-1.1 | 1.31.0-1.1 | May 13, 2026 | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map and proxy_pass with disabled buffering ("off") directives are configured, unauthenticated attackers can send requests that with conditions be | |
| CVE-2026-42926 | Med | 5.8 | < 1.31.0-1.1 | 1.31.0-1.1 | May 13, 2026 | When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxy_http_version to 2, and also uses proxy_set_body, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Supp | |
| CVE-2026-40701 | Med | 4.8 | < 1.31.0-1.1 | 1.31.0-1.1 | May 13, 2026 | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssl_module module when the ssl_verify_client directive is set to "on" or "optional," and the ssl_ocsp directive is set to "on" or the leaf parameters are configured with a resolver. With this configuration, an | |
| CVE-2026-40460 | Med | 6.5 | < 1.31.0-1.1 | 1.31.0-1.1 | May 13, 2026 | When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support (EoTS) | |
| CVE-2026-27651 | — | < 1.29.7-1.1 | 1.29.7-1.1 | Mar 24, 2026 | When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP authentication is enabled, and (2) the authentication server permits retry by retu | ||
| CVE-2026-27654 | — | < 1.29.7-1.1 | 1.29.7-1.1 | Mar 24, 2026 | NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or des | ||
| CVE-2026-28755 | — | < 1.29.7-1.1 | 1.29.7-1.1 | Mar 24, 2026 | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_stream_ssl_module module due to the improper handling of revoked certificates when configured with the ssl_verify_client on and ssl_ocsp on directives, allowing the TLS handshake to succeed even after an OCSP check | ||
| CVE-2026-28753 | — | < 1.29.7-1.1 | 1.29.7-1.1 | Mar 24, 2026 | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential re | ||
| CVE-2026-32647 | — | < 1.29.7-1.1 | 1.29.7-1.1 | Mar 24, 2026 | NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, using a specially crafted MP4 fil | ||
| CVE-2026-27784 | — | < 1.29.7-1.1 | 1.29.7-1.1 | Mar 24, 2026 | The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects 32-bit NGINX | ||
| CVE-2026-1642 | — | < 1.29.5-1.1 | 1.29.5-1.1 | Feb 4, 2026 | A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inje | ||
| CVE-2025-53859 | — | < 1.29.1-1.1 | 1.29.1-1.1 | Aug 13, 2025 | NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication serv | ||
| CVE-2025-23419 | — | < 1.27.4-1.1 | 1.27.4-1.1 | Feb 5, 2025 | When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets https://nginx.org/en/docs/http/n | ||
| CVE-2024-7347 | — | < 1.27.1-1.1 | 1.27.1-1.1 | Aug 14, 2024 | NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_mod | ||
| CVE-2024-24989 | — | < 1.25.4-1.1 | 1.25.4-1.1 | Feb 14, 2024 | When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC | ||
| CVE-2022-41741 | — | < 1.23.2-1.1 | 1.23.2-1.1 | Oct 19, 2022 | NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker m | ||
| CVE-2021-23017 | — | < 1.21.3-1.4 | 1.21.3-1.4 | Jun 1, 2021 | A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. | ||
| CVE-2019-20372 | — | < 1.21.3-1.4 | 1.21.3-1.4 | Jan 9, 2020 | NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer. |
- affected < 1.31.0-1.1fixed 1.31.0-1.1
A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result in excessive memory allocation or an over-read of data. When scgi_pass or uwsgi_pass is configured, an unauthenticated attacker with man-in-the-middle (MITM) ability to control re
- affected < 1.31.0-1.1fixed 1.31.0-1.1
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2)
- affected < 1.31.0-1.1fixed 1.31.0-1.1
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map and proxy_pass with disabled buffering ("off") directives are configured, unauthenticated attackers can send requests that with conditions be
- affected < 1.31.0-1.1fixed 1.31.0-1.1
When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxy_http_version to 2, and also uses proxy_set_body, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Supp
- affected < 1.31.0-1.1fixed 1.31.0-1.1
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssl_module module when the ssl_verify_client directive is set to "on" or "optional," and the ssl_ocsp directive is set to "on" or the leaf parameters are configured with a resolver. With this configuration, an
- affected < 1.31.0-1.1fixed 1.31.0-1.1
When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support (EoTS)
- CVE-2026-27651Mar 24, 2026affected < 1.29.7-1.1fixed 1.29.7-1.1
When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP authentication is enabled, and (2) the authentication server permits retry by retu
- CVE-2026-27654Mar 24, 2026affected < 1.29.7-1.1fixed 1.29.7-1.1
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or des
- CVE-2026-28755Mar 24, 2026affected < 1.29.7-1.1fixed 1.29.7-1.1
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_stream_ssl_module module due to the improper handling of revoked certificates when configured with the ssl_verify_client on and ssl_ocsp on directives, allowing the TLS handshake to succeed even after an OCSP check
- CVE-2026-28753Mar 24, 2026affected < 1.29.7-1.1fixed 1.29.7-1.1
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential re
- CVE-2026-32647Mar 24, 2026affected < 1.29.7-1.1fixed 1.29.7-1.1
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, using a specially crafted MP4 fil
- CVE-2026-27784Mar 24, 2026affected < 1.29.7-1.1fixed 1.29.7-1.1
The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects 32-bit NGINX
- CVE-2026-1642Feb 4, 2026affected < 1.29.5-1.1fixed 1.29.5-1.1
A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inje
- CVE-2025-53859Aug 13, 2025affected < 1.29.1-1.1fixed 1.29.1-1.1
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication serv
- CVE-2025-23419Feb 5, 2025affected < 1.27.4-1.1fixed 1.27.4-1.1
When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets https://nginx.org/en/docs/http/n
- CVE-2024-7347Aug 14, 2024affected < 1.27.1-1.1fixed 1.27.1-1.1
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_mod
- CVE-2024-24989Feb 14, 2024affected < 1.25.4-1.1fixed 1.25.4-1.1
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC
- CVE-2022-41741Oct 19, 2022affected < 1.23.2-1.1fixed 1.23.2-1.1
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker m
- CVE-2021-23017Jun 1, 2021affected < 1.21.3-1.4fixed 1.21.3-1.4
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
- CVE-2019-20372Jan 9, 2020affected < 1.21.3-1.4fixed 1.21.3-1.4
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
Page 1 of 2