USN-8375-1
- Source
- https://ubuntu.com/security/notices/USN-8375-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8375-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-8375-1
- Upstream
- Related
- Published
- 2026-06-03T07:11:56Z
- Modified
- 2026-06-03T18:03:10.067582292Z
- Summary
- nginx vulnerabilities
- Details
-
It was discovered that the nginx ngxmailsmtp_module module incorrectly handled certain memory operations when doing SMTP authentication. This could possibly result in sensitive information being sent to the authentication server. (CVE-2025-53859)
It was discovered that nginx incorrectly handled proxying to upstream TLS servers. An attacker could possibly use this issue to insert plain text data into the response from an upstream proxied server. (CVE-2026-1642)
It was discovered that the nginx ngxmailauthhttpmodule module incorrectly handled certain requests. An attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service. (CVE-2026-27651)
It was discovered that the nginx ngxhttpdav_module module incorrectly handled certain destination URIs. An attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly modify source or destination names outside of the document root. (CVE-2026-27654)
It was discovered that the nginx ngxhttpmp4_module module incorrectly handled certain MP4 files. An attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-27784, CVE-2026-32647)
It was discovered that the nginx ngxmailsmtp_module module incorrectly handled certain CRLF sequences. An attacker could possibly use this issue to inject arbitrary SMTP headers. (CVE-2026-28753)
It was discovered that nginx contained a use-after-free vulnerability in the ngxhttpssl_module module when client certificate verification and OCSP validation were enabled. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly modify data in memory. (CVE-2026-40701)
It was discovered that nginx did not properly handle certain proxied responses in the ngxhttpcharset_module module. A remote attacker could possibly use this issue to obtain sensitive information or cause nginx to crash, resulting in a denial of service. (CVE-2026-42934)
It was discovered that the nginx ngxhttprewrite_module component incorrectly handled certain rewrite directives. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-42945)
It was discovered that nginx did not properly process certain SCGI and uWSGI responses. An attacker able to perform a machine-in-the-middle attack could possibly use this issue to obtain sensitive information or cause nginx to crash, resulting in a denial of service. (CVE-2026-42946)
It was discovered that nginx incorrectly handled certain rewrite rules in the ngxhttprewrite_module module. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-9256)
- References
-
- https://ubuntu.com/security/notices/USN-8375-1
- https://ubuntu.com/security/CVE-2025-53859
- https://ubuntu.com/security/CVE-2026-1642
- https://ubuntu.com/security/CVE-2026-9256
- https://ubuntu.com/security/CVE-2026-27651
- https://ubuntu.com/security/CVE-2026-27654
- https://ubuntu.com/security/CVE-2026-27784
- https://ubuntu.com/security/CVE-2026-28753
- https://ubuntu.com/security/CVE-2026-32647
- https://ubuntu.com/security/CVE-2026-40701
- https://ubuntu.com/security/CVE-2026-42934
- https://ubuntu.com/security/CVE-2026-42945
- https://ubuntu.com/security/CVE-2026-42946
Affected packages
Ubuntu:Pro:14.04:LTS / nginx
Package
- Name
- nginx
- Purl
- pkg:deb/ubuntu/nginx?arch=source&distro=esm-infra-legacy%2Ftrusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.4.6-1ubuntu3.9+esm6
Affected versions
1.*
1.4.1-3ubuntu1
1.4.3-2ubuntu1
1.4.4-1ubuntu1
1.4.4-2ubuntu1
1.4.4-4ubuntu1
1.4.5-1ubuntu1
1.4.6-1ubuntu2
1.4.6-1ubuntu3
1.4.6-1ubuntu3.1
1.4.6-1ubuntu3.2
1.4.6-1ubuntu3.3
1.4.6-1ubuntu3.4
1.4.6-1ubuntu3.5
1.4.6-1ubuntu3.6
1.4.6-1ubuntu3.7
1.4.6-1ubuntu3.8
1.4.6-1ubuntu3.9
1.4.6-1ubuntu3.9+esm1
1.4.6-1ubuntu3.9+esm2
1.4.6-1ubuntu3.9+esm3
1.4.6-1ubuntu3.9+esm4
1.4.6-1ubuntu3.9+esm5
Ecosystem specific
{
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "1.4.6-1ubuntu3.9+esm6",
"binary_name": "nginx"
},
{
"binary_version": "1.4.6-1ubuntu3.9+esm6",
"binary_name": "nginx-common"
},
{
"binary_version": "1.4.6-1ubuntu3.9+esm6",
"binary_name": "nginx-core"
},
{
"binary_version": "1.4.6-1ubuntu3.9+esm6",
"binary_name": "nginx-extras"
},
{
"binary_version": "1.4.6-1ubuntu3.9+esm6",
"binary_name": "nginx-full"
},
{
"binary_version": "1.4.6-1ubuntu3.9+esm6",
"binary_name": "nginx-light"
},
{
"binary_version": "1.4.6-1ubuntu3.9+esm6",
"binary_name": "nginx-naxsi"
},
{
"binary_version": "1.4.6-1ubuntu3.9+esm6",
"binary_name": "nginx-naxsi-ui"
}
]
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8375-1.json"
cves_map
{
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"cves": [
{
"id": "CVE-2025-53859",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-1642",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-9256",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-27651",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-27654",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-27784",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-28753",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-32647",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-40701",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-42934",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-42945",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "high"
}
]
},
{
"id": "CVE-2026-42946",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
]
}
Ubuntu:Pro:16.04:LTS / nginx
Package
- Name
- nginx
- Purl
- pkg:deb/ubuntu/nginx?arch=source&distro=esm-infra-legacy%2Fxenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.10.3-0ubuntu0.16.04.5+esm7
Affected versions
1.*
1.9.3-1ubuntu1
1.9.6-2ubuntu1
1.9.6-2ubuntu2
1.9.9-0ubuntu1
1.9.9-1ubuntu1
1.9.10-0ubuntu1
1.9.10-1ubuntu1
1.9.11-0ubuntu1
1.9.11-0ubuntu2
1.9.12-0ubuntu1
1.9.13-0ubuntu1
1.9.14-0ubuntu1
1.9.15-0ubuntu1
1.10.0-0ubuntu0.16.04.1
1.10.0-0ubuntu0.16.04.2
1.10.0-0ubuntu0.16.04.3
1.10.0-0ubuntu0.16.04.4
1.10.3-0ubuntu0.16.04.1
1.10.3-0ubuntu0.16.04.2
1.10.3-0ubuntu0.16.04.3
1.10.3-0ubuntu0.16.04.4
1.10.3-0ubuntu0.16.04.5
1.10.3-0ubuntu0.16.04.5+esm1
1.10.3-0ubuntu0.16.04.5+esm2
1.10.3-0ubuntu0.16.04.5+esm3
1.10.3-0ubuntu0.16.04.5+esm4
1.10.3-0ubuntu0.16.04.5+esm5
1.10.3-0ubuntu0.16.04.5+esm6
Ecosystem specific
{
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "1.10.3-0ubuntu0.16.04.5+esm7",
"binary_name": "nginx"
},
{
"binary_version": "1.10.3-0ubuntu0.16.04.5+esm7",
"binary_name": "nginx-common"
},
{
"binary_version": "1.10.3-0ubuntu0.16.04.5+esm7",
"binary_name": "nginx-core"
},
{
"binary_version": "1.10.3-0ubuntu0.16.04.5+esm7",
"binary_name": "nginx-extras"
},
{
"binary_version": "1.10.3-0ubuntu0.16.04.5+esm7",
"binary_name": "nginx-full"
},
{
"binary_version": "1.10.3-0ubuntu0.16.04.5+esm7",
"binary_name": "nginx-light"
}
]
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8375-1.json"
cves_map
{
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"cves": [
{
"id": "CVE-2025-53859",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-1642",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-9256",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-27651",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-27654",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-27784",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-28753",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-32647",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-40701",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-42934",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-42945",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "high"
}
]
},
{
"id": "CVE-2026-42946",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
]
}
Ubuntu:Pro:18.04:LTS / nginx
Package
- Name
- nginx
- Purl
- pkg:deb/ubuntu/nginx?arch=source&distro=esm-infra%2Fbionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.14.0-0ubuntu1.11+esm2
Affected versions
1.*
1.12.1-0ubuntu2
1.13.6-2ubuntu1
1.13.6-2ubuntu2
1.13.10-1ubuntu1
1.13.12-0ubuntu1
1.14.0-0ubuntu1
1.14.0-0ubuntu1.1
1.14.0-0ubuntu1.2
1.14.0-0ubuntu1.3
1.14.0-0ubuntu1.4
1.14.0-0ubuntu1.5
1.14.0-0ubuntu1.6
1.14.0-0ubuntu1.7
1.14.0-0ubuntu1.9
1.14.0-0ubuntu1.10
1.14.0-0ubuntu1.11
1.14.0-0ubuntu1.11+esm1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "1.14.0-0ubuntu1.11+esm2",
"binary_name": "libnginx-mod-http-auth-pam"
},
{
"binary_version": "1.14.0-0ubuntu1.11+esm2",
"binary_name": "libnginx-mod-http-cache-purge"
},
{
"binary_version": "1.14.0-0ubuntu1.11+esm2",
"binary_name": "libnginx-mod-http-dav-ext"
},
{
"binary_version": "1.14.0-0ubuntu1.11+esm2",
"binary_name": "libnginx-mod-http-echo"
},
{
"binary_version": "1.14.0-0ubuntu1.11+esm2",
"binary_name": "libnginx-mod-http-fancyindex"
},
{
"binary_version": "1.14.0-0ubuntu1.11+esm2",
"binary_name": "libnginx-mod-http-geoip"
},
{
"binary_version": "1.14.0-0ubuntu1.11+esm2",
"binary_name": "libnginx-mod-http-headers-more-filter"
},
{
"binary_version": "1.14.0-0ubuntu1.11+esm2",
"binary_name": "libnginx-mod-http-image-filter"
},
{
"binary_version": "1.14.0-0ubuntu1.11+esm2",
"binary_name": "libnginx-mod-http-lua"
},
{
"binary_version": "1.14.0-0ubuntu1.11+esm2",
"binary_name": "libnginx-mod-http-ndk"
},
{
"binary_version": "1.14.0-0ubuntu1.11+esm2",
"binary_name": "libnginx-mod-http-perl"
},
{
"binary_version": "1.14.0-0ubuntu1.11+esm2",
"binary_name": "libnginx-mod-http-subs-filter"
},
{
"binary_version": "1.14.0-0ubuntu1.11+esm2",
"binary_name": "libnginx-mod-http-uploadprogress"
},
{
"binary_version": "1.14.0-0ubuntu1.11+esm2",
"binary_name": "libnginx-mod-http-upstream-fair"
},
{
"binary_version": "1.14.0-0ubuntu1.11+esm2",
"binary_name": "libnginx-mod-http-xslt-filter"
},
{
"binary_version": "1.14.0-0ubuntu1.11+esm2",
"binary_name": "libnginx-mod-mail"
},
{
"binary_version": "1.14.0-0ubuntu1.11+esm2",
"binary_name": "libnginx-mod-nchan"
},
{
"binary_version": "1.14.0-0ubuntu1.11+esm2",
"binary_name": "libnginx-mod-rtmp"
},
{
"binary_version": "1.14.0-0ubuntu1.11+esm2",
"binary_name": "libnginx-mod-stream"
},
{
"binary_version": "1.14.0-0ubuntu1.11+esm2",
"binary_name": "nginx"
},
{
"binary_version": "1.14.0-0ubuntu1.11+esm2",
"binary_name": "nginx-common"
},
{
"binary_version": "1.14.0-0ubuntu1.11+esm2",
"binary_name": "nginx-core"
},
{
"binary_version": "1.14.0-0ubuntu1.11+esm2",
"binary_name": "nginx-extras"
},
{
"binary_version": "1.14.0-0ubuntu1.11+esm2",
"binary_name": "nginx-full"
},
{
"binary_version": "1.14.0-0ubuntu1.11+esm2",
"binary_name": "nginx-light"
}
]
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8375-1.json"
cves_map
{
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"cves": [
{
"id": "CVE-2025-53859",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-1642",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-9256",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-27651",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-27654",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-27784",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-28753",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-32647",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-40701",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-42934",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-42945",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "high"
}
]
},
{
"id": "CVE-2026-42946",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
]
}
Ubuntu:Pro:20.04:LTS / nginx
Package
- Name
- nginx
- Purl
- pkg:deb/ubuntu/nginx?arch=source&distro=esm-infra%2Ffocal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.18.0-0ubuntu1.7+esm1
Affected versions
1.*
1.16.1-0ubuntu2
1.16.1-0ubuntu3
1.17.5-0ubuntu1
1.17.6-0ubuntu1
1.17.7-0ubuntu1
1.17.8-0ubuntu1
1.17.8-0ubuntu2
1.17.8-0ubuntu3
1.17.9-0ubuntu1
1.17.9-0ubuntu2
1.17.9-0ubuntu3
1.17.10-0ubuntu1
1.18.0-0ubuntu1
1.18.0-0ubuntu1.2
1.18.0-0ubuntu1.3
1.18.0-0ubuntu1.4
1.18.0-0ubuntu1.5
1.18.0-0ubuntu1.6
1.18.0-0ubuntu1.7
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "1.18.0-0ubuntu1.7+esm1",
"binary_name": "libnginx-mod-http-auth-pam"
},
{
"binary_version": "1.18.0-0ubuntu1.7+esm1",
"binary_name": "libnginx-mod-http-cache-purge"
},
{
"binary_version": "1.18.0-0ubuntu1.7+esm1",
"binary_name": "libnginx-mod-http-dav-ext"
},
{
"binary_version": "1.18.0-0ubuntu1.7+esm1",
"binary_name": "libnginx-mod-http-echo"
},
{
"binary_version": "1.18.0-0ubuntu1.7+esm1",
"binary_name": "libnginx-mod-http-fancyindex"
},
{
"binary_version": "1.18.0-0ubuntu1.7+esm1",
"binary_name": "libnginx-mod-http-geoip"
},
{
"binary_version": "1.18.0-0ubuntu1.7+esm1",
"binary_name": "libnginx-mod-http-geoip2"
},
{
"binary_version": "1.18.0-0ubuntu1.7+esm1",
"binary_name": "libnginx-mod-http-headers-more-filter"
},
{
"binary_version": "1.18.0-0ubuntu1.7+esm1",
"binary_name": "libnginx-mod-http-image-filter"
},
{
"binary_version": "1.18.0-0ubuntu1.7+esm1",
"binary_name": "libnginx-mod-http-lua"
},
{
"binary_version": "1.18.0-0ubuntu1.7+esm1",
"binary_name": "libnginx-mod-http-ndk"
},
{
"binary_version": "1.18.0-0ubuntu1.7+esm1",
"binary_name": "libnginx-mod-http-perl"
},
{
"binary_version": "1.18.0-0ubuntu1.7+esm1",
"binary_name": "libnginx-mod-http-subs-filter"
},
{
"binary_version": "1.18.0-0ubuntu1.7+esm1",
"binary_name": "libnginx-mod-http-uploadprogress"
},
{
"binary_version": "1.18.0-0ubuntu1.7+esm1",
"binary_name": "libnginx-mod-http-upstream-fair"
},
{
"binary_version": "1.18.0-0ubuntu1.7+esm1",
"binary_name": "libnginx-mod-http-xslt-filter"
},
{
"binary_version": "1.18.0-0ubuntu1.7+esm1",
"binary_name": "libnginx-mod-mail"
},
{
"binary_version": "1.18.0-0ubuntu1.7+esm1",
"binary_name": "libnginx-mod-nchan"
},
{
"binary_version": "1.18.0-0ubuntu1.7+esm1",
"binary_name": "libnginx-mod-rtmp"
},
{
"binary_version": "1.18.0-0ubuntu1.7+esm1",
"binary_name": "libnginx-mod-stream"
},
{
"binary_version": "1.18.0-0ubuntu1.7+esm1",
"binary_name": "nginx"
},
{
"binary_version": "1.18.0-0ubuntu1.7+esm1",
"binary_name": "nginx-common"
},
{
"binary_version": "1.18.0-0ubuntu1.7+esm1",
"binary_name": "nginx-core"
},
{
"binary_version": "1.18.0-0ubuntu1.7+esm1",
"binary_name": "nginx-extras"
},
{
"binary_version": "1.18.0-0ubuntu1.7+esm1",
"binary_name": "nginx-full"
},
{
"binary_version": "1.18.0-0ubuntu1.7+esm1",
"binary_name": "nginx-light"
}
]
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8375-1.json"
cves_map
{
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"cves": [
{
"id": "CVE-2025-53859",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-1642",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-9256",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-27651",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-27654",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-27784",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-28753",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-32647",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-40701",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-42934",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2026-42945",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "high"
}
]
},
{
"id": "CVE-2026-42946",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
]
}