Search CVE reports
11 – 20 of 53 results
CVE-2022-41741
Medium priorityNGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that...
1 affected package
nginx
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nginx | — | Fixed | Fixed | Fixed | Fixed |
CVE-2021-3618
Low prioritySome fixes available 6 of 22
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having...
3 affected packages
nginx, sendmail, vsftpd
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nginx | Not affected | Fixed | Fixed | Fixed | Fixed |
sendmail | Not affected | Vulnerable | Vulnerable | Vulnerable | Needs evaluation |
vsftpd | Not affected | Not affected | Fixed | Vulnerable | Vulnerable |
CVE-2021-32762
Negligible priorityRedis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies....
7 affected packages
discque, hiredis, nginx, python-hiredis, redis...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
discque | Not in release | Not in release | Not in release | Not in release | Ignored |
hiredis | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
nginx | Not affected | Not affected | Not affected | Not affected | Not affected |
python-hiredis | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
redis | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
rspamd | Not affected | Not affected | Not affected | Not in release | Ignored |
webdis | Not affected | Not affected | Not affected | Not in release | Needs evaluation |
CVE-2017-20005
Medium priorityNGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when...
1 affected package
nginx
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nginx | — | Not affected | Not affected | Not affected | Fixed |
CVE-2021-23017
Medium priorityA security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
1 affected package
nginx
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nginx | — | Fixed | Fixed | Fixed | Fixed |
CVE-2020-36309
Low prioritySome fixes available 3 of 5
ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header.
1 affected package
nginx
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nginx | Not affected | Not affected | Fixed | Fixed | Fixed |
CVE-2020-11724
Medium prioritySome fixes available 3 of 5
An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API.
1 affected package
nginx
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nginx | Not affected | Not affected | Fixed | Fixed | Fixed |
CVE-2019-20372
Medium priorityNGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
1 affected package
nginx
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nginx | — | — | — | Fixed | Fixed |
CVE-2011-4968
Low prioritynginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)
1 affected package
nginx
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nginx | — | — | — | — | — |
CVE-2019-9516
Medium prioritySome fixes available 3 of 4
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into...
1 affected package
nginx
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nginx | — | — | — | Fixed | Fixed |