VYPR

rpm package

suse/nginx&distro=SUSE Linux Enterprise Module for Server Applications 15 SP6

pkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6

Vulnerabilities (2)

  • CVE-2024-7347Aug 14, 2024
    affected < 1.21.5-150600.10.3.1fixed 1.21.5-150600.10.3.1

    NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_mod

  • CVE-2023-44487HigKEVOct 10, 2023
    affected < 1.21.5-150600.10.3.1fixed 1.21.5-150600.10.3.1

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.