Search CVE reports


Toggle filters

11 – 20 of 53 results


CVE-2022-41741

Medium priority
Fixed

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that...

1 affected package

nginx

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nginx Fixed Fixed Fixed Fixed
Show less packages

CVE-2021-3618

Low priority

Some fixes available 6 of 22

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having...

3 affected packages

nginx, sendmail, vsftpd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nginx Not affected Fixed Fixed Fixed Fixed
sendmail Not affected Vulnerable Vulnerable Vulnerable Needs evaluation
vsftpd Not affected Not affected Fixed Vulnerable Vulnerable
Show less packages

CVE-2021-32762

Negligible priority
Needs evaluation

Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies....

7 affected packages

discque, hiredis, nginx, python-hiredis, redis...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
discque Not in release Not in release Not in release Not in release Ignored
hiredis Not affected Not affected Not affected Not affected Needs evaluation
nginx Not affected Not affected Not affected Not affected Not affected
python-hiredis Not affected Not affected Not affected Not affected Needs evaluation
redis Not affected Not affected Not affected Not affected Needs evaluation
rspamd Not affected Not affected Not affected Not in release Ignored
webdis Not affected Not affected Not affected Not in release Needs evaluation
Show all 7 packages Show less packages

CVE-2017-20005

Medium priority
Fixed

NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when...

1 affected package

nginx

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nginx Not affected Not affected Not affected Fixed
Show less packages

CVE-2021-23017

Medium priority
Fixed

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

1 affected package

nginx

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nginx Fixed Fixed Fixed Fixed
Show less packages

CVE-2020-36309

Low priority

Some fixes available 3 of 5

ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header.

1 affected package

nginx

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nginx Not affected Not affected Fixed Fixed Fixed
Show less packages

CVE-2020-11724

Medium priority

Some fixes available 3 of 5

An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API.

1 affected package

nginx

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nginx Not affected Not affected Fixed Fixed Fixed
Show less packages

CVE-2019-20372

Medium priority
Fixed

NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.

1 affected package

nginx

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nginx Fixed Fixed
Show less packages

CVE-2011-4968

Low priority
Ignored

nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)

1 affected package

nginx

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nginx
Show less packages

CVE-2019-9516

Medium priority

Some fixes available 3 of 4

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into...

1 affected package

nginx

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nginx Fixed Fixed
Show less packages