F5

Nginx Open Source

27 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Medienbericht
  • EPSS 0.68%
  • Veröffentlicht 13.05.2026 14:12:43
  • Zuletzt bearbeitet 23.06.2026 13:57:51

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssl_module module when the ssl_verify_client directive is set to "on" or "optional," and the ssl_ocsp directive is set to "on" or the leaf parameters are configured with a resolver...

  • EPSS 0.92%
  • Veröffentlicht 24.03.2026 14:13:27
  • Zuletzt bearbeitet 30.06.2026 03:17:56

When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP authentication is enabled, and (2) the authenticatio...

  • EPSS 0.26%
  • Veröffentlicht 24.03.2026 14:13:26
  • Zuletzt bearbeitet 26.03.2026 21:15:24

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream req...

  • EPSS 0.13%
  • Veröffentlicht 24.03.2026 14:13:26
  • Zuletzt bearbeitet 26.03.2026 14:09:37

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_stream_ssl_module module due to the improper handling of revoked certificates when configured with the ssl_verify_client on and ssl_ocsp on directives, allowing the TLS handshake to suc...

Medienbericht
  • EPSS 21.62%
  • Veröffentlicht 24.03.2026 14:13:26
  • Zuletzt bearbeitet 30.06.2026 03:17:57

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or...

Medienbericht
  • EPSS 0.92%
  • Veröffentlicht 24.03.2026 14:13:25
  • Zuletzt bearbeitet 30.06.2026 03:18:33

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, usi...

  • EPSS 1.03%
  • Veröffentlicht 24.03.2026 14:13:25
  • Zuletzt bearbeitet 30.06.2026 03:17:57

The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The i...

  • EPSS 0.34%
  • Veröffentlicht 04.02.2026 15:02:06
  • Zuletzt bearbeitet 13.02.2026 21:35:01

A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker...

  • EPSS 0.37%
  • Veröffentlicht 13.08.2025 14:46:55
  • Zuletzt bearbeitet 04.11.2025 22:16:27

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a requ...

  • EPSS 2.65%
  • Veröffentlicht 05.02.2025 18:15:33
  • Zuletzt bearbeitet 27.01.2026 13:30:41

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets ht...