DATABASE RESOURCES PRICING ABOUT US

{"id": "ALPINE:CVE-2018-16845", "vendorId": null, "type": "alpinelinux", "bulletinFamily": "unix", "title": "CVE-2018-16845", "description": "nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.", "published": "2018-11-07T14:29:00", "modified": "2022-02-22T19:27:00", "epss": [{"cve": "CVE-2018-16845", "epss": 0.00142, "percentile": 0.48907, "modified": "2023-06-23"}], "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 4.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.8, "impactScore": 4.2}, "href": "https://security.alpinelinux.org/vuln/CVE-2018-16845", "reporter": "Alpine Linux Development Team", "references": [], "cvelist": ["CVE-2018-16845"], "immutableFields": [], "lastseen": "2023-06-23T15:27:02", "viewCount": 12, "enchantments": {"score": {"value": 6.7, "vector": "NONE"}, "dependencies": {"references": [{"type": "altlinux", "idList": ["6645ACA9C19E1295FCAE7938647538D8"]}, {"type": "apple", "idList": ["APPLE:276BA6E296271A3B66AE834C380D43C1"]}, {"type": "cve", "idList": ["CVE-2018-16845"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1572-1:1C3DC", "DEBIAN:DSA-4335-1:56B40"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-16845"]}, {"type": "f5", "idList": ["F5:K24374526"]}, {"type": "fedora", "idList": ["FEDORA:618C0608DFB1", "FEDORA:B122E605D6AD"]}, {"type": "freebsd", "idList": ["84CA56BE-E1DE-11E8-BCFD-00E04C1EA73D"]}, {"type": "ibm", "idList": ["1615871DB6D900C69F1E3E99183BE8581ED1CED870E2C3B0E3B990E1C56F30E0", "3350863404CF635F2E4409EFF96A57CEB67EE94544296497928EAB4D9DDE1D39", "AC622A6187A7992B3F04C541A8233851E516021322B7E8B55DBFE6D0C8088EAD", "DBD9A1975BC623ABAB74E4C554BBD559BAC0FFD3EEAE268448207BB1AF26CDFB"]}, {"type": "mageia", "idList": ["MGASA-2018-0459"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-1572.NASL", "DEBIAN_DSA-4335.NASL", "EULEROS_SA-2018-1399.NASL", "FEDORA_2018-7C540FDAB4.NASL", "FREEBSD_PKG_84CA56BEE1DE11E8BCFD00E04C1EA73D.NASL", "NGINX_1_15_6.NASL", "NGINX_PLUS_R16P1.NASL", "OPENSUSE-2019-195.NASL", "OPENSUSE-2019-2120.NASL", "ORACLELINUX_ELSA-2020-5859.NASL", "ORACLELINUX_ELSA-2020-5862.NASL", "PHOTONOS_PHSA-2019-1_0-0211_NGINX.NASL", "PHOTONOS_PHSA-2019-2_0-0132_NGINX.NASL", "SUSE_SU-2019-0334-1.NASL", "SUSE_SU-2019-2309-1.NASL", "UBUNTU_USN-3812-1.NASL", "WEB_APPLICATION_SCANNING_98596", "WEB_APPLICATION_SCANNING_98597"]}, {"type": "nginx", "idList": ["NGINX:CVE-2018-16845"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310112420", "OPENVAS:1361412562310704335", "OPENVAS:1361412562310843811", "OPENVAS:1361412562310852298", "OPENVAS:1361412562310852840", "OPENVAS:1361412562310875955", "OPENVAS:1361412562310876748", "OPENVAS:1361412562310891572", "OPENVAS:1361412562311220181399"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-5859", "ELSA-2020-5862"]}, {"type": "osv", "idList": ["OSV:DLA-1572-1", "OSV:DSA-4335-1"]}, {"type": "photon", "idList": ["PHSA-2019-0002", "PHSA-2019-0132", "PHSA-2019-0211", "PHSA-2019-1.0-0211", "PHSA-2019-2.0-0132", "PHSA-2019-3.0-0002"]}, {"type": "redhat", "idList": ["RHSA-2018:3652", "RHSA-2018:3653", "RHSA-2018:3680", "RHSA-2018:3681"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-16845"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:0195-1", "OPENSUSE-SU-2019:2120-1"]}, {"type": "symantec", "idList": ["SMNTC-1760"]}, {"type": "ubuntu", "idList": ["USN-3812-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-16845"]}, {"type": "veracode", "idList": ["VERACODE:13160"]}]}, "vulnersScore": 6.7}, "_state": {"score": 1687534712, "dependencies": 1687540704}, "_internal": {"score_hash": "b815b29eaae41fc00f44527c20d6486d"}, "affectedPackage": [{"OS": "Alpine", "OSVersion": "edge-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "1.14.1-r0", "operator": "lt", "packageName": "nginx"}, {"OS": "Alpine", "OSVersion": "3.10-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "1.14.1-r0", "operator": "lt", "packageName": "nginx"}, {"OS": "Alpine", "OSVersion": "3.11-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "1.14.1-r0", "operator": "lt", "packageName": "nginx"}, {"OS": "Alpine", "OSVersion": "3.12-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "1.14.1-r0", "operator": "lt", "packageName": "nginx"}, {"OS": "Alpine", "OSVersion": "3.13-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "1.14.1-r0", "operator": "lt", "packageName": "nginx"}, {"OS": "Alpine", "OSVersion": "3.14-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "1.14.1-r0", "operator": "lt", "packageName": "nginx"}, {"OS": "Alpine", "OSVersion": "3.15-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "1.14.1-r0", "operator": "lt", "packageName": "nginx"}, {"OS": "Alpine", "OSVersion": "3.16-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "1.14.1-r0", "operator": "lt", "packageName": "nginx"}, {"OS": "Alpine", "OSVersion": "3.17-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "1.14.1-r0", "operator": "lt", "packageName": "nginx"}, {"OS": "Alpine", "OSVersion": "3.18-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "1.14.1-r0", "operator": "lt", "packageName": "nginx"}, {"OS": "Alpine", "OSVersion": "3.6-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "1.12.2-r2", "operator": "lt", "packageName": "nginx"}, {"OS": "Alpine", "OSVersion": "3.7-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "1.12.1-r4", "operator": "lt", "packageName": "nginx"}, {"OS": "Alpine", "OSVersion": "3.8-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "1.14.1-r0", "operator": "lt", "packageName": "nginx"}, {"OS": "Alpine", "OSVersion": "3.9-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "1.14.1-r0", "operator": "lt", "packageName": "nginx"}]}

{"veracode": [{"lastseen": "2023-04-18T13:45:19", "description": "nginx is vulnerable to denial of service. An attacker is able to cause a infinite loop or a memory disclosure in `ngx_http_mp4_module` via a malicious `mp4` file.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 4.2}, "published": "2019-01-15T09:26:40", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16845"], "modified": "2022-02-22T21:31:07", "id": "VERACODE:13160", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-13160/summary", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}], "openvas": [{"lastseen": "2020-01-29T20:06:53", "description": "It was discovered that there was a denial of service (DoS) vulnerability\nin the nginx web/proxy server.\n\nAs there was no validation for the size of a 64-bit atom in an MP4 file,\nthis could have led to a CPU hog when the size was 0, or various other\nproblems due to integer underflow when the calculating atom data size,\nincluding segmentation faults or even worker-process memory disclosure.", "cvss3": {}, "published": "2018-11-09T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for nginx (DLA-1572-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16845"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891572", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891572", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891572\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-16845\");\n script_name(\"Debian LTS: Security Advisory for nginx (DLA-1572-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-11-09 00:00:00 +0100 (Fri, 09 Nov 2018)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/11/msg00010.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"nginx on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', this issue has been fixed in nginx version\n1.6.2-5+deb8u6.\n\nWe recommend that you upgrade your nginx packages.\");\n\n script_tag(name:\"summary\", value:\"It was discovered that there was a denial of service (DoS) vulnerability\nin the nginx web/proxy server.\n\nAs there was no validation for the size of a 64-bit atom in an MP4 file,\nthis could have led to a CPU hog when the size was 0, or various other\nproblems due to integer underflow when the calculating atom data size,\nincluding segmentation faults or even worker-process memory disclosure.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"nginx\", ver:\"1.6.2-5+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nginx-common\", ver:\"1.6.2-5+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nginx-doc\", ver:\"1.6.2-5+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nginx-extras\", ver:\"1.6.2-5+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nginx-extras-dbg\", ver:\"1.6.2-5+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nginx-full\", ver:\"1.6.2-5+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nginx-full-dbg\", ver:\"1.6.2-5+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nginx-light\", ver:\"1.6.2-5+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nginx-light-dbg\", ver:\"1.6.2-5+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:32:48", "description": "A security issue was identified in the ngx_http_mp4_module, which might\n allow an attacker to cause infinite loop in a worker process, cause a\n worker process crash, or might result in worker process memory\n disclosure by using a specially crafted mp4 file.", "cvss3": {}, "published": "2018-11-12T00:00:00", "type": "openvas", "title": "nginx 1.1.3 - 1.15.5 Denial of Service and Memory Disclosure via mp4 module", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16845"], "modified": "2019-02-05T00:00:00", "id": "OPENVAS:1361412562310112420", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112420", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_nginx_dos_info_disc_vuln.nasl 13455 2019-02-05 07:38:02Z mmartin $\n#\n# nginx 1.1.3 - 1.15.5 Denial of Service and Memory Disclosure via mp4 module\n#\n# Authors:\n# Adrian Steins <adrian.steins@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112420\");\n script_version(\"$Revision: 13455 $\");\n script_cve_id(\"CVE-2018-16845\");\n script_bugtraq_id(105868);\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-05 08:38:02 +0100 (Tue, 05 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-11-12 12:06:11 +0100 (Mon, 12 Nov 2018)\");\n\n script_name(\"nginx 1.1.3 - 1.15.5 Denial of Service and Memory Disclosure via mp4 module\");\n\n script_tag(name:\"summary\", value:\"A security issue was identified in the ngx_http_mp4_module, which might\n allow an attacker to cause infinite loop in a worker process, cause a\n worker process crash, or might result in worker process memory\n disclosure by using a specially crafted mp4 file.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The issue only affects nginx if it is built with the ngx_http_mp4_module\n (the module is not built by default) and the 'mp4' directive is used in\n the configuration file. Further, the attack is only possible if an\n attacker is able to trigger processing of a specially crafted mp4 file\n with the ngx_http_mp4_module.\");\n\n script_tag(name:\"affected\", value:\"nginx versions 1.1.3 through 1.15.5.\");\n\n script_tag(name:\"solution\", value:\"Upgrade nginx to version 1.15.6.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_xref(name:\"URL\", value:\"http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html\");\n\n script_category(ACT_GATHER_INFO);\n script_family(\"Web Servers\");\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_dependencies(\"nginx_detect.nasl\");\n script_mandatory_keys(\"nginx/installed\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\nCPE = \"cpe:/a:nginx:nginx\";\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!port = get_app_port(cpe:CPE)) exit(0);\nif(!vers = get_app_version(cpe:CPE, port:port)) exit(0);\n\nif(version_in_range(version:vers, test_version:\"1.1.3\", test_version2:\"1.15.5\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"1.15.6\");\n security_message(port:port, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:23", "description": "The remote host is missing an update for the\n", "cvss3": {}, "published": "2018-11-08T00:00:00", "type": "openvas", "title": "Ubuntu Update for nginx USN-3812-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16843", "CVE-2018-16845", "CVE-2018-16844"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843811", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843811", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3812_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for nginx USN-3812-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843811\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2018-16843\", \"CVE-2018-16844\", \"CVE-2018-16845\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-11-08 06:01:37 +0100 (Thu, 08 Nov 2018)\");\n script_name(\"Ubuntu Update for nginx USN-3812-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|18\\.04 LTS|18\\.10|16\\.04 LTS)\");\n script_xref(name:\"USN\", value:\"3812-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3812-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n'nginx' package(s) announced via the USN-3812-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version\nis present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that nginx incorrectly handled\nthe HTTP/2 implementation. A remote attacker could possibly use this issue to cause\nexcessive memory consumption, leading to a denial of service. This issue only affected\nUbuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16843)\n\nGal Goldshtein discovered that nginx incorrectly handled the HTTP/2\nimplementation. A remote attacker could possibly use this issue to cause\nexcessive CPU usage, leading to a denial of service. This issue only\naffected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10.\n(CVE-2018-16844)\n\nIt was discovered that nginx incorrectly handled the ngx_http_mp4_module\nmodule. A remote attacker could possibly use this issue with a specially\ncrafted mp4 file to cause nginx to crash, stop responding, or access\narbitrary memory. (CVE-2018-16845)\");\n\n script_tag(name:\"affected\", value:\"nginx on Ubuntu 18.10,\n Ubuntu 18.04 LTS,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"nginx-common\", ver:\"1.4.6-1ubuntu3.9\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nginx-core\", ver:\"1.4.6-1ubuntu3.9\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nginx-extras\", ver:\"1.4.6-1ubuntu3.9\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nginx-full\", ver:\"1.4.6-1ubuntu3.9\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nginx-light\", ver:\"1.4.6-1ubuntu3.9\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"nginx-common\", ver:\"1.14.0-0ubuntu1.2\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nginx-core\", ver:\"1.14.0-0ubuntu1.2\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nginx-extras\", ver:\"1.14.0-0ubuntu1.2\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nginx-full\", ver:\"1.14.0-0ubuntu1.2\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nginx-light\", ver:\"1.14.0-0ubuntu1.2\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"nginx-common\", ver:\"1.15.5-0ubuntu2.1\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nginx-core\", ver:\"1.15.5-0ubuntu2.1\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nginx-extras\", ver:\"1.15.5-0ubuntu2.1\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nginx-full\", ver:\"1.15.5-0ubuntu2.1\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nginx-light\", ver:\"1.15.5-0ubuntu2.1\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"nginx-common\", ver:\"1.10.3-0ubuntu0.16.04.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nginx-core\", ver:\"1.10.3-0ubuntu0.16.04.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nginx-extras\", ver:\"1.10.3-0ubuntu0.16.04.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nginx-full\", ver:\"1.10.3-0ubuntu0.16.04.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nginx-light\", ver:\"1.10.3-0ubuntu0.16.04.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-07-04T18:55:24", "description": "Three vulnerabilities were discovered in Nginx, a high-performance web\nand reverse proxy server, which could result in denial of service in processing\nHTTP/2 (via excessive memory/CPU usage) or server memory disclosure in\nthe ngx_http_mp4_module module (used for server-side MP4 streaming).", "cvss3": {}, "published": "2018-11-08T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4335-1 (nginx - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16843", "CVE-2018-16845", "CVE-2018-16844"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704335", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704335", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4335-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704335\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-16843\", \"CVE-2018-16844\", \"CVE-2018-16845\");\n script_name(\"Debian Security Advisory DSA 4335-1 (nginx - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-11-08 00:00:00 +0100 (Thu, 08 Nov 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4335.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"nginx on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 1.10.3-1+deb9u2.\n\nWe recommend that you upgrade your nginx packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/nginx\");\n script_tag(name:\"summary\", value:\"Three vulnerabilities were discovered in Nginx, a high-performance web\nand reverse proxy server, which could result in denial of service in processing\nHTTP/2 (via excessive memory/CPU usage) or server memory disclosure in\nthe ngx_http_mp4_module module (used for server-side MP4 streaming).\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-auth-pam\", ver:\"1.10.3-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-cache-purge\", ver:\"1.10.3-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-dav-ext\", ver:\"1.10.3-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-echo\", ver:\"1.10.3-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-fancyindex\", ver:\"1.10.3-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-geoip\", ver:\"1.10.3-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-headers-more-filter\", ver:\"1.10.3-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-image-filter\", ver:\"1.10.3-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-lua\", ver:\"1.10.3-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-ndk\", ver:\"1.10.3-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-perl\", ver:\"1.10.3-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-subs-filter\", ver:\"1.10.3-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-uploadprogress\", ver:\"1.10.3-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-upstream-fair\", ver:\"1.10.3-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-http-xslt-filter\", ver:\"1.10.3-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-mail\", ver:\"1.10.3-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-nchan\", ver:\"1.10.3-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnginx-mod-stream\", ver:\"1.10.3-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nginx\", ver:\"1.10.3-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nginx-common\", ver:\"1.10.3-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nginx-doc\", ver:\"1.10.3-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nginx-extras\", ver:\"1.10.3-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nginx-full\", ver:\"1.10.3-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"nginx-light\", ver:\"1.10.3-1+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-27T18:35:34", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for nginx (EulerOS-SA-2018-1399)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16843", "CVE-2018-16845", "CVE-2018-16844"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181399", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181399", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1399\");\n script_version(\"2020-01-23T11:24:42+0000\");\n script_cve_id(\"CVE-2018-16843\", \"CVE-2018-16844\", \"CVE-2018-16845\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:24:42 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:24:42 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for nginx (EulerOS-SA-2018-1399)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1399\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1399\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'nginx' package(s) announced via the EulerOS-SA-2018-1399 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.(CVE-2018-16843)\n\nnginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.(CVE-2018-16844)\n\nAn instance of missing input sanitization was found in the mp4 module for nginx. A local attacker could create a specially crafted video file that, when streamed by the server, would cause a denial of service (server crash or hang) and, possibly, information disclosure.(CVE-2018-16845)\");\n\n script_tag(name:\"affected\", value:\"'nginx' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"nginx\", rpm:\"nginx~1.13.3~1.h3\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-31T16:51:02", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-02-19T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for nginx (openSUSE-SU-2019:0195-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16843", "CVE-2018-16845", "CVE-2018-16844"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852298", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852298", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852298\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-16843\", \"CVE-2018-16844\", \"CVE-2018-16845\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-02-19 04:05:58 +0100 (Tue, 19 Feb 2019)\");\n script_name(\"openSUSE: Security Advisory for nginx (openSUSE-SU-2019:0195-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSELeap42\\.3|openSUSELeap15\\.0)\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:0195-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00036.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nginx'\n package(s) announced via the openSUSE-SU-2019:0195-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for nginx fixes the following issues:\n\n nginx was updated to 1.14.2:\n\n - Bugfix: nginx could not be built on Fedora 28 Linux.\n\n - Bugfix: in handling of client addresses when using unix domain listen\n sockets to work with datagrams on Linux.\n\n - Change: the logging level of the 'http request', 'https proxy request',\n 'unsupported protocol', 'version too low', 'no suitable key share', and\n 'no suitable signature algorithm' SSL errors has been lowered from\n 'crit' to 'info'.\n\n - Bugfix: when using OpenSSL 1.1.0 or newer it was not possible to switch\n off 'ssl_prefer_server_ciphers' in a virtual server if it was switched\n on in the default server.\n\n - Bugfix: nginx could not be built with LibreSSL 2.8.0.\n\n - Bugfix: if nginx was built with OpenSSL 1.1.0 and used with OpenSSL\n 1.1.1, the TLS 1.3 protocol was always enabled.\n\n - Bugfix: sending a disk-buffered request body to a gRPC backend might\n fail.\n\n - Bugfix: connections with some gRPC backends might not be cached when\n using the 'keepalive' directive.\n\n - Bugfix: a segmentation fault might occur in a worker process if the\n ngx_http_mp4_module was used on 32-bit platforms.\n\n Changes with nginx 1.14.1:\n\n - Security: when using HTTP/2 a client might cause excessive memory\n consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844).\n\n - Security: processing of a specially crafted mp4 file with the\n ngx_http_mp4_module might result in worker process memory disclosure\n (CVE-2018-16845).\n\n - Bugfix: working with gRPC backends might result in excessive memory\n consumption.\n\n Changes with nginx 1.13.12:\n\n - Bugfix: connections with gRPC backends might be closed unexpectedly when\n returning a large response.\n\n Changes with nginx 1.13.10\n\n - Feature: the 'set' parameter of the 'include' SSI directive now allows\n writing arbitrary responses to a variable the\n 'subrequest_output_buffer_size' directive defines maximum response size.\n\n - Feature: now nginx uses clock_gettime(CLOCK_MONOTONIC) if available, to\n avoid timeouts being incorrectly triggered on system time changes.\n\n - Feature: the 'escape=none' parameter of the 'log_format' directive.\n Thanks to Johannes Baiter and Calin Don.\n\n - Feature: the $ssl_preread_alpn_protocols variable in the\n ngx_stream_ssl_preread_module.\n\n - Feature: the ngx_http_grpc_module.\n\n - Bugfix: in memory allocation error handling in the 'geo' directive.\n\n - Bugfix: when using variables in the 'auth_basic_user_file' directive a\n null character might appear in logs. Thanks to Vadim Filimonov.\n\n Patch Instructions:\n\n To install this openSUSE Security Up ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"nginx on openSUSE Leap 42.3, openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"nginx\", rpm:\"nginx~1.14.2~2.7.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nginx-debuginfo\", rpm:\"nginx-debuginfo~1.14.2~2.7.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nginx-debugsource\", rpm:\"nginx-debugsource~1.14.2~2.7.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vim-plugin-nginx\", rpm:\"vim-plugin-nginx~1.14.2~2.7.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"nginx\", rpm:\"nginx~1.14.2~lp150.2.4.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nginx-debuginfo\", rpm:\"nginx-debuginfo~1.14.2~lp150.2.4.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nginx-debugsource\", rpm:\"nginx-debugsource~1.14.2~lp150.2.4.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vim-plugin-nginx\", rpm:\"vim-plugin-nginx~1.14.2~lp150.2.4.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:32:14", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-07T00:00:00", "type": "openvas", "title": "Fedora Update for nginx FEDORA-2018-7c540fdab4", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16843", "CVE-2018-16845", "CVE-2018-16844"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310875955", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875955", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875955\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2018-16843\", \"CVE-2018-16844\", \"CVE-2018-16845\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:29:35 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for nginx FEDORA-2018-7c540fdab4\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2018-7c540fdab4\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYFTQGONGIF4DU6U3EDY5MIB7LPHMF2W\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nginx'\n package(s) announced via the FEDORA-2018-7c540fdab4 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and\nIMAP protocols, with a strong focus on high concurrency, performance and low\nmemory usage.\");\n\n script_tag(name:\"affected\", value:\"'nginx' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"nginx\", rpm:\"nginx~1.14.1~2.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-09-06T18:49:51", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-09-05T00:00:00", "type": "openvas", "title": "Fedora Update for nginx FEDORA-2019-7a0b45fdc4", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-9511", "CVE-2019-9513", "CVE-2018-16843", "CVE-2018-16845", "CVE-2018-16844", "CVE-2019-9516"], "modified": "2019-09-05T00:00:00", "id": "OPENVAS:1361412562310876748", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876748", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876748\");\n script_version(\"2019-09-05T09:53:24+0000\");\n script_cve_id(\"CVE-2019-9511\", \"CVE-2019-9513\", \"CVE-2019-9516\", \"CVE-2018-16845\", \"CVE-2018-16843\", \"CVE-2018-16844\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-09-05 09:53:24 +0000 (Thu, 05 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-09-05 02:25:48 +0000 (Thu, 05 Sep 2019)\");\n script_name(\"Fedora Update for nginx FEDORA-2019-7a0b45fdc4\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-7a0b45fdc4\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nginx'\n package(s) announced via the FEDORA-2019-7a0b45fdc4 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and\nIMAP protocols, with a strong focus on high concurrency, performance and low\nmemory usage.\");\n\n script_tag(name:\"affected\", value:\"'nginx' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"nginx\", rpm:\"nginx~1.16.1~1.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-31T16:30:13", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-01-09T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for nginx (openSUSE-SU-2019:2120-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-9511", "CVE-2019-9513", "CVE-2018-16843", "CVE-2018-16845", "CVE-2018-16844", "CVE-2019-9516"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852840", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852840", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852840\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2018-16843\", \"CVE-2018-16844\", \"CVE-2018-16845\", \"CVE-2019-9511\",\n \"CVE-2019-9513\", \"CVE-2019-9516\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 09:35:30 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"openSUSE: Security Advisory for nginx (openSUSE-SU-2019:2120-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:2120-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nginx'\n package(s) announced via the openSUSE-SU-2019:2120-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for nginx fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-9511: Fixed a denial of service by manipulating the window size\n and stream prioritization (bsc#1145579).\n\n - CVE-2019-9513: Fixed a denial of service caused by resource loops\n (bsc#1145580).\n\n - CVE-2019-9516: Fixed a denial of service caused by header leaks\n (bsc#1145582).\n\n - CVE-2018-16845: Fixed denial of service and memory disclosure via mp4\n module (bsc#1115015).\n\n - CVE-2018-16843: Fixed excessive memory consumption in HTTP/2\n implementation (bsc#1115022).\n\n - CVE-2018-16844: Fixed excessive CPU usage via flaw in HTTP/2\n implementation (bsc#1115025).\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2019-2120=1\");\n\n script_tag(name:\"affected\", value:\"'nginx' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"nginx\", rpm:\"nginx~1.14.2~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nginx-debuginfo\", rpm:\"nginx-debuginfo~1.14.2~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nginx-debugsource\", rpm:\"nginx-debugsource~1.14.2~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nginx-source\", rpm:\"nginx-source~1.14.2~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vim-plugin-nginx\", rpm:\"vim-plugin-nginx~1.14.2~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "cve": [{"lastseen": "2023-06-23T14:37:21", "description": "nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 4.2}, "published": "2018-11-07T14:29:00", "type": "cve", "title": "CVE-2018-16845", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16845"], "modified": "2022-02-22T19:27:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/a:f5:nginx:1.15.5", "cpe:/a:f5:nginx:1.0.15", "cpe:/o:debian:debian_linux:9.0", "cpe:/o:opensuse:leap:15.1", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "CVE-2018-16845", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16845", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:nginx:1.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:f5:nginx:1.15.5:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"]}], "redhat": [{"lastseen": "2023-08-04T12:28:59", "description": "nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.\n\nSecurity Fix(es):\n\n* nginx: Denial of service and memory disclosure via mp4 module (CVE-2018-16845)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank the Nginx project for reporting this issue.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 4.2}, "published": "2018-11-26T11:39:20", "type": "redhat", "title": "(RHSA-2018:3652) Important: rh-nginx18-nginx security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16845"], "modified": "2018-11-26T11:40:33", "id": "RHSA-2018:3652", "href": "https://access.redhat.com/errata/RHSA-2018:3652", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-08-04T12:28:59", "description": "nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.\n\nSecurity Fix(es):\n\n* nginx: Denial of service and memory disclosure via mp4 module (CVE-2018-16845)\n\n* nginx: Excessive memory consumption via flaw in HTTP/2 implementation (CVE-2018-16843)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank the Nginx project for reporting these issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-11-26T11:39:41", "type": "redhat", "title": "(RHSA-2018:3653) Important: rh-nginx110-nginx security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16843", "CVE-2018-16845"], "modified": "2018-11-26T11:40:58", "id": "RHSA-2018:3653", "href": "https://access.redhat.com/errata/RHSA-2018:3653", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-08-04T12:28:59", "description": "nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.\n\nSecurity Fix(es):\n\n* nginx: Denial of service and memory disclosure via mp4 module (CVE-2018-16845)\n\n* nginx: Excessive memory consumption via flaw in HTTP/2 implementation (CVE-2018-16843)\n\n* nginx: Excessive CPU usage via flaw in HTTP/2 implementation (CVE-2018-16844)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank the Nginx project for reporting these issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-11-27T08:37:44", "type": "redhat", "title": "(RHSA-2018:3680) Important: rh-nginx112-nginx security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16843", "CVE-2018-16844", "CVE-2018-16845"], "modified": "2018-11-27T08:39:18", "id": "RHSA-2018:3680", "href": "https://access.redhat.com/errata/RHSA-2018:3680", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-08-04T12:28:59", "description": "nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.\n\nThe following packages have been upgraded to a later upstream version: rh-nginx114-nginx (1.14.1). (BZ#1648365)\n\nSecurity Fix(es):\n\n* nginx: Denial of service and memory disclosure via mp4 module (CVE-2018-16845)\n\n* nginx: Excessive memory consumption via flaw in HTTP/2 implementation (CVE-2018-16843)\n\n* nginx: Excessive CPU usage via flaw in HTTP/2 implementation (CVE-2018-16844)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank the Nginx project for reporting these issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-11-27T08:38:25", "type": "redhat", "title": "(RHSA-2018:3681) Important: rh-nginx114-nginx security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16843", "CVE-2018-16844", "CVE-2018-16845"], "modified": "2018-11-27T08:40:02", "id": "RHSA-2018:3681", "href": "https://access.redhat.com/errata/RHSA-2018:3681", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "f5": [{"lastseen": "2023-02-21T21:50:56", "description": "nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module. ([CVE-2018-16845](<https://vulners.com/cve/CVE-2018-16845>))\n\nImpact\n\nThere is no impact; F5 products are not affected by this vulnerability.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 4.2}, "published": "2019-01-11T03:14:00", "type": "f5", "title": "nginx vulnerability CVE-2018-16845 ", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16845"], "modified": "2019-01-11T03:14:00", "id": "F5:K24374526", "href": "https://support.f5.com/csp/article/K24374526", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}], "nessus": [{"lastseen": "2023-08-02T15:11:54", "description": "An update of the nginx package has been released.", "cvss3": {}, "published": "2019-03-18T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Nginx PHSA-2019-1.0-0211", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16845"], "modified": "2020-02-04T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:nginx", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2019-1_0-0211_NGINX.NASL", "href": "https://www.tenable.com/plugins/nessus/122895", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-1.0-0211. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122895);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/02/04\");\n\n script_cve_id(\"CVE-2018-16845\");\n\n script_name(english:\"Photon OS 1.0: Nginx PHSA-2019-1.0-0211\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the nginx package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-211.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16845\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"nginx-1.13.8-7.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"nginx-debuginfo-1.13.8-7.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nginx\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-03T15:18:34", "description": "It was discovered that there was a denial of service (DoS) vulnerability in the nginx web/proxy server.\n\nAs there was no validation for the size of a 64-bit atom in an MP4 file, this could have led to a CPU hog when the size was 0, or various other problems due to integer underflow when the calculating atom data size, including segmentation faults or even worker-process memory disclosure.\n\nFor Debian 8 'Jessie', this issue has been fixed in nginx version 1.6.2-5+deb8u6.\n\nWe recommend that you upgrade your nginx packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-11-09T00:00:00", "type": "nessus", "title": "Debian DLA-1572-1 : nginx security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16845"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:nginx", "p-cpe:/a:debian:debian_linux:nginx-common", "p-cpe:/a:debian:debian_linux:nginx-doc", "p-cpe:/a:debian:debian_linux:nginx-extras", "p-cpe:/a:debian:debian_linux:nginx-extras-dbg", "p-cpe:/a:debian:debian_linux:nginx-full", "p-cpe:/a:debian:debian_linux:nginx-full-dbg", "p-cpe:/a:debian:debian_linux:nginx-light", "p-cpe:/a:debian:debian_linux:nginx-light-dbg", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1572.NASL", "href": "https://www.tenable.com/plugins/nessus/118839", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1572-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118839);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-16845\");\n\n script_name(english:\"Debian DLA-1572-1 : nginx security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that there was a denial of service (DoS)\nvulnerability in the nginx web/proxy server.\n\nAs there was no validation for the size of a 64-bit atom in an MP4\nfile, this could have led to a CPU hog when the size was 0, or various\nother problems due to integer underflow when the calculating atom data\nsize, including segmentation faults or even worker-process memory\ndisclosure.\n\nFor Debian 8 'Jessie', this issue has been fixed in nginx version\n1.6.2-5+deb8u6.\n\nWe recommend that you upgrade your nginx packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/11/msg00010.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/nginx\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nginx-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nginx-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nginx-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nginx-extras-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nginx-full\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nginx-full-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nginx-light\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nginx-light-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"nginx\", reference:\"1.6.2-5+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"nginx-common\", reference:\"1.6.2-5+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"nginx-doc\", reference:\"1.6.2-5+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"nginx-extras\", reference:\"1.6.2-5+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"nginx-extras-dbg\", reference:\"1.6.2-5+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"nginx-full\", reference:\"1.6.2-5+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"nginx-full-dbg\", reference:\"1.6.2-5+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"nginx-light\", reference:\"1.6.2-5+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"nginx-light-dbg\", reference:\"1.6.2-5+deb8u6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-02T15:12:15", "description": "An update of the nginx package has been released.", "cvss3": {}, "published": "2019-03-18T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Nginx PHSA-2019-2.0-0132", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16845"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:nginx", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2019-2_0-0132_NGINX.NASL", "href": "https://www.tenable.com/plugins/nessus/122908", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-2.0-0132. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122908);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2018-16845\");\n\n script_name(english:\"Photon OS 2.0: Nginx PHSA-2019-2.0-0132\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the nginx package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-132.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16845\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"nginx-1.13.10-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"nginx-debuginfo-1.13.10-2.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nginx\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-02T15:10:14", "description": "This update for nginx to version 1.14.2 fixes the following issues :\n\nSecurity vulnerabilities addressed :\n\nCVE-2018-16843 CVE-2018-16844: Fixed an issue whereby a client using HTTP/2 might cause excessive memory consumption and CPU usage (bsc#1115025 bsc#1115022).\n\nCVE-2018-16845: Fixed an issue which might result in worker process memory disclosure whne processing of a specially crafted mp4 file with the ngx_http_mp4_module (bsc#1115015).\n\nOther bug fixes and changes made: Fixed an issue with handling of client addresses when using unix domain listen sockets to work with datagrams on Linux.\n\nThe logging level of the 'http request', 'https proxy request', 'unsupported protocol', 'version too low', 'no suitable key share', and 'no suitable signature algorithm' SSL errors has been lowered from 'crit' to 'info'.\n\nFixed an issue with using OpenSSL 1.1.0 or newer it was not possible to switch off 'ssl_prefer_server_ciphers' in a virtual server if it was switched on in the default server.\n\nFixed an issue with TLS 1.3 always being enabled when built with OpenSSL 1.1.0 and used with 1.1.1\n\nFixed an issue with sending a disk-buffered request body to a gRPC backend\n\nFixed an issue with connections of some gRPC backends might not be cached when using the 'keepalive' directive.\n\nFixed a segmentation fault, which might occur in a worker process if the ngx_http_mp4_module was used on 32-bit platforms.\n\nFixed an issue, whereby working with gRPC backends might result in excessive memory consumption.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-02-13T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : nginx (SUSE-SU-2019:0334-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16843", "CVE-2018-16844", "CVE-2018-16845"], "modified": "2020-02-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:nginx", "p-cpe:/a:novell:suse_linux:nginx-debuginfo", "p-cpe:/a:novell:suse_linux:nginx-debugsource", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-0334-1.NASL", "href": "https://www.tenable.com/plugins/nessus/122147", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0334-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122147);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/02/12\");\n\n script_cve_id(\"CVE-2018-16843\", \"CVE-2018-16844\", \"CVE-2018-16845\");\n\n script_name(english:\"SUSE SLES15 Security Update : nginx (SUSE-SU-2019:0334-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for nginx to version 1.14.2 fixes the following issues :\n\nSecurity vulnerabilities addressed :\n\nCVE-2018-16843 CVE-2018-16844: Fixed an issue whereby a client using\nHTTP/2 might cause excessive memory consumption and CPU usage\n(bsc#1115025 bsc#1115022).\n\nCVE-2018-16845: Fixed an issue which might result in worker process\nmemory disclosure whne processing of a specially crafted mp4 file with\nthe ngx_http_mp4_module (bsc#1115015).\n\nOther bug fixes and changes made: Fixed an issue with handling of\nclient addresses when using unix domain listen sockets to work with\ndatagrams on Linux.\n\nThe logging level of the 'http request', 'https proxy request',\n'unsupported protocol', 'version too low', 'no suitable key share',\nand 'no suitable signature algorithm' SSL errors has been lowered from\n'crit' to 'info'.\n\nFixed an issue with using OpenSSL 1.1.0 or newer it was not possible\nto switch off 'ssl_prefer_server_ciphers' in a virtual server if it\nwas switched on in the default server.\n\nFixed an issue with TLS 1.3 always being enabled when built with\nOpenSSL 1.1.0 and used with 1.1.1\n\nFixed an issue with sending a disk-buffered request body to a gRPC\nbackend\n\nFixed an issue with connections of some gRPC backends might not be\ncached when using the 'keepalive' directive.\n\nFixed a segmentation fault, which might occur in a worker process if\nthe ngx_http_mp4_module was used on 32-bit platforms.\n\nFixed an issue, whereby working with gRPC backends might result in\nexcessive memory consumption.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115015\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16843/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16844/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16845/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190334-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b695a9d7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15:zypper in -t\npatch SUSE-SLE-Module-Server-Applications-15-2019-334=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-334=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16845\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nginx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nginx-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"nginx-1.14.2-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"nginx-debuginfo-1.14.2-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"nginx-debugsource-1.14.2-3.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nginx\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-02T15:31:55", "description": "According to it's self reported version, the installed version of Nginx Plus is R1 (built on Open Source version 1.5.3-1) prior to R15-P2 or R16 (built on Open Source version 1.15.2) prior to R16-P1. It is, therefore, affected by the following issues :\n\n - An unspecified error exists related to the module 'ngx_http_v2_module' that allows excessive memory usage.\n (CVE-2018-16843)\n\n - An unspecified error exists related to the module 'ngx_http_v2_module' that allows excessive CPU usage.\n (CVE-2018-16844)\n\n - An unspecified error exists related to the module 'ngx_http_mp4_module' that allows worker process crashes or memory disclosure. (CVE-2018-16845)", "cvss3": {}, "published": "2022-05-31T00:00:00", "type": "nessus", "title": "Nginx Plus R1 < R15-P2 / R16 < R16-P1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16843", "CVE-2018-16844", "CVE-2018-16845"], "modified": "2022-05-31T00:00:00", "cpe": ["cpe:/a:nginx:nginx"], "id": "NGINX_PLUS_R16P1.NASL", "href": "https://www.tenable.com/plugins/nessus/161696", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161696);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/31\");\n\n script_cve_id(\"CVE-2018-16843\", \"CVE-2018-16844\", \"CVE-2018-16845\");\n script_bugtraq_id(105868);\n\n script_name(english:\"Nginx Plus R1 < R15-P2 / R16 < R16-P1 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to it's self reported version, the installed version of Nginx Plus is R1 (built on Open Source version \n1.5.3-1) prior to R15-P2 or R16 (built on Open Source version 1.15.2) prior to R16-P1. It is, therefore, affected by the \nfollowing issues :\n\n - An unspecified error exists related to the module\n 'ngx_http_v2_module' that allows excessive memory usage.\n (CVE-2018-16843)\n\n - An unspecified error exists related to the module\n 'ngx_http_v2_module' that allows excessive CPU usage.\n (CVE-2018-16844)\n\n - An unspecified error exists related to the module\n 'ngx_http_mp4_module' that allows worker process\n crashes or memory disclosure. (CVE-2018-16845)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.nginx.com/nginx/releases/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://nginx.org/en/security_advisories.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Nginx Plus R15-P2 / R16-P1 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16845\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:nginx:nginx\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nginx_nix_installed.nbin\");\n script_require_keys(\"installed_sw/nginx plus\");\n\n exit(0);\n}\n\ninclude('vcf_extras_nginx.inc');\n\nvar appname = 'Nginx Plus';\nget_install_count(app_name:appname, exit_if_zero:TRUE);\nvar app_info = vcf::nginx_plus::combined_get_app_info(app:appname);\n\nvcf::check_granularity(app_info:app_info, sig_segments:2);\n\n# Nginx Plus has backported pactches to BOTH R15 and R16 releases at the same time\n# CVE-2018-16843 Vulnerable Open Source Versions: 1.9.5-1.15.5 (Nginx Plus versions R8 -> 15-P2 or 16-P1)\n# CVE-2018-16844 Vulnerable Open Source Versions: 1.9.5-1.15.5 (Nginx Plus versions R8 -> 15-P2 or 16-P1)\n# CVE-2018-16845 Vulnerable Open Source Versions: 1.1.3-1.15.5, 1.0.7-1.0.15 (ALL Nginx Plus versions prior to R15-P2)\n\nvar constraints = [\n {'fixed_version' : '15.2', 'min_version' : '0', 'fixed_display' : 'R15-P2 / R16-P1'},\n {'fixed_version' : '16.1', 'min_version' : '16.0', 'fixed_display' : 'R16-P1'}\n];\n\nvcf::nginx_plus::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-02T14:55:02", "description": "It was discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive memory consumption, leading to a denial of service.\nThis issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16843)\n\nGal Goldshtein discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive CPU usage, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10.\n(CVE-2018-16844)\n\nIt was discovered that nginx incorrectly handled the ngx_http_mp4_module module. A remote attacker could possibly use this issue with a specially crafted mp4 file to cause nginx to crash, stop responding, or access arbitrary memory. (CVE-2018-16845).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-11-08T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : nginx vulnerabilities (USN-3812-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16843", "CVE-2018-16844", "CVE-2018-16845"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:nginx-common", "p-cpe:/a:canonical:ubuntu_linux:nginx-core", "p-cpe:/a:canonical:ubuntu_linux:nginx-extras", "p-cpe:/a:canonical:ubuntu_linux:nginx-full", "p-cpe:/a:canonical:ubuntu_linux:nginx-light", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.10"], "id": "UBUNTU_USN-3812-1.NASL", "href": "https://www.tenable.com/plugins/nessus/118820", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3812-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118820);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2018-16843\", \"CVE-2018-16844\", \"CVE-2018-16845\");\n script_xref(name:\"USN\", value:\"3812-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : nginx vulnerabilities (USN-3812-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that nginx incorrectly handled the HTTP/2\nimplementation. A remote attacker could possibly use this issue to\ncause excessive memory consumption, leading to a denial of service.\nThis issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu\n18.10. (CVE-2018-16843)\n\nGal Goldshtein discovered that nginx incorrectly handled the HTTP/2\nimplementation. A remote attacker could possibly use this issue to\ncause excessive CPU usage, leading to a denial of service. This issue\nonly affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10.\n(CVE-2018-16844)\n\nIt was discovered that nginx incorrectly handled the\nngx_http_mp4_module module. A remote attacker could possibly use this\nissue with a specially crafted mp4 file to cause nginx to crash, stop\nresponding, or access arbitrary memory. (CVE-2018-16845).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3812-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16845\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nginx-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nginx-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nginx-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nginx-full\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nginx-light\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|18\\.04|18\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 18.04 / 18.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"nginx-common\", pkgver:\"1.4.6-1ubuntu3.9\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"nginx-core\", pkgver:\"1.4.6-1ubuntu3.9\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"nginx-extras\", pkgver:\"1.4.6-1ubuntu3.9\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"nginx-full\", pkgver:\"1.4.6-1ubuntu3.9\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"nginx-light\", pkgver:\"1.4.6-1ubuntu3.9\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"nginx-common\", pkgver:\"1.10.3-0ubuntu0.16.04.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"nginx-core\", pkgver:\"1.10.3-0ubuntu0.16.04.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"nginx-extras\", pkgver:\"1.10.3-0ubuntu0.16.04.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"nginx-full\", pkgver:\"1.10.3-0ubuntu0.16.04.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"nginx-light\", pkgver:\"1.10.3-0ubuntu0.16.04.3\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"nginx-common\", pkgver:\"1.14.0-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"nginx-core\", pkgver:\"1.14.0-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"nginx-extras\", pkgver:\"1.14.0-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"nginx-full\", pkgver:\"1.14.0-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"nginx-light\", pkgver:\"1.14.0-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"nginx-common\", pkgver:\"1.15.5-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"nginx-core\", pkgver:\"1.15.5-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"nginx-extras\", pkgver:\"1.15.5-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"nginx-full\", pkgver:\"1.15.5-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"nginx-light\", pkgver:\"1.15.5-0ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nginx-common / nginx-core / nginx-extras / nginx-full / nginx-light\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-03T14:50:07", "description": "This update for nginx fixes the following issues :\n\nnginx was updated to 1.14.2 :\n\n - Bugfix: nginx could not be built on Fedora 28 Linux.\n\n - Bugfix: in handling of client addresses when using unix domain listen sockets to work with datagrams on Linux.\n\n - Change: the logging level of the 'http request', 'https proxy request', 'unsupported protocol', 'version too low', 'no suitable key share', and 'no suitable signature algorithm' SSL errors has been lowered from 'crit' to 'info'.\n\n - Bugfix: when using OpenSSL 1.1.0 or newer it was not possible to switch off 'ssl_prefer_server_ciphers' in a virtual server if it was switched on in the default server.\n\n - Bugfix: nginx could not be built with LibreSSL 2.8.0.\n\n - Bugfix: if nginx was built with OpenSSL 1.1.0 and used with OpenSSL 1.1.1, the TLS 1.3 protocol was always enabled.\n\n - Bugfix: sending a disk-buffered request body to a gRPC backend might fail.\n\n - Bugfix: connections with some gRPC backends might not be cached when using the 'keepalive' directive.\n\n - Bugfix: a segmentation fault might occur in a worker process if the ngx_http_mp4_module was used on 32-bit platforms.\n\nChanges with nginx 1.14.1 :\n\n - Security: when using HTTP/2 a client might cause excessive memory consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844).\n\n - Security: processing of a specially crafted mp4 file with the ngx_http_mp4_module might result in worker process memory disclosure (CVE-2018-16845).\n\n - Bugfix: working with gRPC backends might result in excessive memory consumption.\n\nChanges with nginx 1.13.12 :\n\n - Bugfix: connections with gRPC backends might be closed unexpectedly when returning a large response.\n\nChanges with nginx 1.13.10\n\n - Feature: the 'set' parameter of the 'include' SSI directive now allows writing arbitrary responses to a variable; the 'subrequest_output_buffer_size' directive defines maximum response size.\n\n - Feature: now nginx uses clock_gettime(CLOCK_MONOTONIC) if available, to avoid timeouts being incorrectly triggered on system time changes.\n\n - Feature: the 'escape=none' parameter of the 'log_format' directive. Thanks to Johannes Baiter and Calin Don.\n\n - Feature: the $ssl_preread_alpn_protocols variable in the ngx_stream_ssl_preread_module.\n\n - Feature: the ngx_http_grpc_module.\n\n - Bugfix: in memory allocation error handling in the 'geo' directive.\n\n - Bugfix: when using variables in the 'auth_basic_user_file' directive a null character might appear in logs. Thanks to Vadim Filimonov.", "cvss3": {}, "published": "2019-02-19T00:00:00", "type": "nessus", "title": "openSUSE Security Update : nginx (openSUSE-2019-195)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16843", "CVE-2018-16844", "CVE-2018-16845"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:nginx", "p-cpe:/a:novell:opensuse:nginx-debuginfo", "p-cpe:/a:novell:opensuse:nginx-debugsource", "p-cpe:/a:novell:opensuse:vim-plugin-nginx", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-195.NASL", "href": "https://www.tenable.com/plugins/nessus/122295", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-195.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122295);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-16843\", \"CVE-2018-16844\", \"CVE-2018-16845\");\n\n script_name(english:\"openSUSE Security Update : nginx (openSUSE-2019-195)\");\n script_summary(english:\"Check for the openSUSE-2019-195 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for nginx fixes the following issues :\n\nnginx was updated to 1.14.2 :\n\n - Bugfix: nginx could not be built on Fedora 28 Linux.\n\n - Bugfix: in handling of client addresses when using unix\n domain listen sockets to work with datagrams on Linux.\n\n - Change: the logging level of the 'http request', 'https\n proxy request', 'unsupported protocol', 'version too\n low', 'no suitable key share', and 'no suitable\n signature algorithm' SSL errors has been lowered from\n 'crit' to 'info'.\n\n - Bugfix: when using OpenSSL 1.1.0 or newer it was not\n possible to switch off 'ssl_prefer_server_ciphers' in a\n virtual server if it was switched on in the default\n server.\n\n - Bugfix: nginx could not be built with LibreSSL 2.8.0.\n\n - Bugfix: if nginx was built with OpenSSL 1.1.0 and used\n with OpenSSL 1.1.1, the TLS 1.3 protocol was always\n enabled.\n\n - Bugfix: sending a disk-buffered request body to a gRPC\n backend might fail.\n\n - Bugfix: connections with some gRPC backends might not be\n cached when using the 'keepalive' directive.\n\n - Bugfix: a segmentation fault might occur in a worker\n process if the ngx_http_mp4_module was used on 32-bit\n platforms.\n\nChanges with nginx 1.14.1 :\n\n - Security: when using HTTP/2 a client might cause\n excessive memory consumption (CVE-2018-16843) and CPU\n usage (CVE-2018-16844).\n\n - Security: processing of a specially crafted mp4 file\n with the ngx_http_mp4_module might result in worker\n process memory disclosure (CVE-2018-16845).\n\n - Bugfix: working with gRPC backends might result in\n excessive memory consumption.\n\nChanges with nginx 1.13.12 :\n\n - Bugfix: connections with gRPC backends might be closed\n unexpectedly when returning a large response.\n\nChanges with nginx 1.13.10\n\n - Feature: the 'set' parameter of the 'include' SSI\n directive now allows writing arbitrary responses to a\n variable; the 'subrequest_output_buffer_size' directive\n defines maximum response size.\n\n - Feature: now nginx uses clock_gettime(CLOCK_MONOTONIC)\n if available, to avoid timeouts being incorrectly\n triggered on system time changes.\n\n - Feature: the 'escape=none' parameter of the 'log_format'\n directive. Thanks to Johannes Baiter and Calin Don.\n\n - Feature: the $ssl_preread_alpn_protocols variable in the\n ngx_stream_ssl_preread_module.\n\n - Feature: the ngx_http_grpc_module.\n\n - Bugfix: in memory allocation error handling in the 'geo'\n directive.\n\n - Bugfix: when using variables in the\n 'auth_basic_user_file' directive a null character might\n appear in logs. Thanks to Vadim Filimonov.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115015\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115025\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected nginx packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16845\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nginx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nginx-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vim-plugin-nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"nginx-1.14.2-lp150.2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"nginx-debuginfo-1.14.2-lp150.2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"nginx-debugsource-1.14.2-lp150.2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"vim-plugin-nginx-1.14.2-lp150.2.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nginx / nginx-debuginfo / nginx-debugsource / vim-plugin-nginx\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-02T15:14:42", "description": "According to its Server response header, the installed version of nginx is 1.x prior to 1.14.1 or 1.15.x prior to 1.15.6. It is, therefore, affected by the following issues :\n\n - An unspecified error exists related to the module 'ngx_http_v2_module' that allows excessive memory usage. (CVE-2018-16843)\n\n - An unspecified error exists related to the module 'ngx_http_v2_module' that allows excessive CPU usage. (CVE-2018-16844)\n\n - An unspecified error exists related to the module 'ngx_http_mp4_module' that allows worker process crashes or memory disclosure. (CVE-2018-16845)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-05-17T00:00:00", "type": "nessus", "title": "Nginx 1.15.x < 1.15.6 Multiple Vulnerabilties", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16843", "CVE-2018-16844", "CVE-2018-16845"], "modified": "2023-03-14T00:00:00", "cpe": ["cpe:2.3:a:nginx:nginx:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98597", "href": "https://www.tenable.com/plugins/was/98597", "sourceData": "No source data", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-02T15:14:37", "description": "According to its Server response header, the installed version of nginx is 1.x prior to 1.14.1 or 1.15.x prior to 1.15.6. It is, therefore, affected by the following issues :\n\n - An unspecified error exists related to the module 'ngx_http_v2_module' that allows excessive memory usage. (CVE-2018-16843)\n\n - An unspecified error exists related to the module 'ngx_http_v2_module' that allows excessive CPU usage. (CVE-2018-16844)\n\n - An unspecified error exists related to the module 'ngx_http_mp4_module' that allows worker process crashes or memory disclosure. (CVE-2018-16845)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-05-17T00:00:00", "type": "nessus", "title": "Nginx 1.x < 1.14.1 Multiple Vulnerabilties", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16843", "CVE-2018-16844", "CVE-2018-16845"], "modified": "2023-03-14T00:00:00", "cpe": ["cpe:2.3:a:nginx:nginx:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98596", "href": "https://www.tenable.com/plugins/was/98596", "sourceData": "No source data", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-03T15:18:43", "description": "According to its Server response header, the installed version of nginx is 1.x prior to 1.14.1 or 1.15.x prior to 1.15.6. It is, therefore, affected by the following issues :\n\n - An unspecified error exists related to the module 'ngx_http_v2_module' that allows excessive memory usage.\n (CVE-2018-16843)\n\n - An unspecified error exists related to the module 'ngx_http_v2_module' that allows excessive CPU usage.\n (CVE-2018-16844)\n\n - An unspecified error exists related to the module 'ngx_http_mp4_module' that allows worker process crashes or memory disclosure. (CVE-2018-16845)", "cvss3": {}, "published": "2018-11-14T00:00:00", "type": "nessus", "title": "nginx 1.x < 1.14.1 / 1.15.x < 1.15.6 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16843", "CVE-2018-16844", "CVE-2018-16845"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:nginx:nginx"], "id": "NGINX_1_15_6.NASL", "href": "https://www.tenable.com/plugins/nessus/118956", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118956);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2018-16843\", \"CVE-2018-16844\", \"CVE-2018-16845\");\n script_bugtraq_id(105868);\n\n script_name(english:\"nginx 1.x < 1.14.1 / 1.15.x < 1.15.6 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its Server response header, the installed version of nginx\nis 1.x prior to 1.14.1 or 1.15.x prior to 1.15.6. It is, therefore,\naffected by the following issues :\n\n - An unspecified error exists related to the module\n 'ngx_http_v2_module' that allows excessive memory usage.\n (CVE-2018-16843)\n\n - An unspecified error exists related to the module\n 'ngx_http_v2_module' that allows excessive CPU usage.\n (CVE-2018-16844)\n\n - An unspecified error exists related to the module\n 'ngx_http_mp4_module' that allows worker process\n crashes or memory disclosure. (CVE-2018-16845)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://nginx.org/en/security_advisories.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to nginx 1.14.1 / 1.15.6 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16845\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:nginx:nginx\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nginx_detect.nasl\", \"nginx_nix_installed.nbin\");\n script_require_keys(\"installed_sw/nginx\");\n\n exit(0);\n}\n\ninclude('http.inc');\ninclude('vcf.inc');\n\nappname = 'nginx';\nget_install_count(app_name:appname, exit_if_zero:TRUE);\napp_info = vcf::combined_get_app_info(app:appname);\n\nvcf::check_all_backporting(app_info:app_info);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\n# If the detection is only remote, Detection Method won't be set, and we should require paranoia\nif (empty_or_null(app_info['Detection Method']) && report_paranoia < 2)\n audit(AUDIT_PARANOID);\n\nconstraints = [\n {'fixed_version' : '1.14.1', 'min_version' : '1.0.7', 'fixed_display' : '1.14.1'},\n {'fixed_version' : '1.15.6', 'min_version' : '1.15.0', 'fixed_display' : '1.15.6'}\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-02T15:07:54", "description": "Security fix for CVE-2018-16843, CVE-2018-16844, CVE-2018-16845 + nginx rebase to 1.14.1.\n\n----\n\nNew version 1.14.1\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 29 : 1:nginx (2018-7c540fdab4)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16843", "CVE-2018-16844", "CVE-2018-16845"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:nginx", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2018-7C540FDAB4.NASL", "href": "https://www.tenable.com/plugins/nessus/120557", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-7c540fdab4.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120557);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-16843\", \"CVE-2018-16844\", \"CVE-2018-16845\");\n script_xref(name:\"FEDORA\", value:\"2018-7c540fdab4\");\n\n script_name(english:\"Fedora 29 : 1:nginx (2018-7c540fdab4)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2018-16843, CVE-2018-16844, CVE-2018-16845 +\nnginx rebase to 1.14.1.\n\n----\n\nNew version 1.14.1\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-7c540fdab4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:nginx package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16845\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"nginx-1.14.1-2.fc29\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:nginx\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-02T14:54:59", "description": "Three vulnerabilities were discovered in Nginx, a high-performance web and reverse proxy server, which could result in denial of service in processing HTTP/2 (via excessive memory/CPU usage) or server memory disclosure in the ngx_http_mp4_module module (used for server-side MP4 streaming).", "cvss3": {}, "published": "2018-11-09T00:00:00", "type": "nessus", "title": "Debian DSA-4335-1 : nginx - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16843", "CVE-2018-16844", "CVE-2018-16845"], "modified": "2021-04-14T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:nginx", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4335.NASL", "href": "https://www.tenable.com/plugins/nessus/118840", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4335. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118840);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/14\");\n\n script_cve_id(\"CVE-2018-16843\", \"CVE-2018-16844\", \"CVE-2018-16845\");\n script_xref(name:\"DSA\", value:\"4335\");\n\n script_name(english:\"Debian DSA-4335-1 : nginx - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Three vulnerabilities were discovered in Nginx, a high-performance web\nand reverse proxy server, which could result in denial of service in\nprocessing HTTP/2 (via excessive memory/CPU usage) or server memory\ndisclosure in the ngx_http_mp4_module module (used for server-side MP4\nstreaming).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/nginx\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/nginx\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4335\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the nginx packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 1.10.3-1+deb9u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16845\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libnginx-mod-http-auth-pam\", reference:\"1.10.3-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnginx-mod-http-cache-purge\", reference:\"1.10.3-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnginx-mod-http-dav-ext\", reference:\"1.10.3-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnginx-mod-http-echo\", reference:\"1.10.3-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnginx-mod-http-fancyindex\", reference:\"1.10.3-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnginx-mod-http-geoip\", reference:\"1.10.3-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnginx-mod-http-headers-more-filter\", reference:\"1.10.3-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnginx-mod-http-image-filter\", reference:\"1.10.3-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnginx-mod-http-lua\", reference:\"1.10.3-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnginx-mod-http-ndk\", reference:\"1.10.3-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnginx-mod-http-perl\", reference:\"1.10.3-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnginx-mod-http-subs-filter\", reference:\"1.10.3-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnginx-mod-http-uploadprogress\", reference:\"1.10.3-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnginx-mod-http-upstream-fair\", reference:\"1.10.3-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnginx-mod-http-xslt-filter\", reference:\"1.10.3-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnginx-mod-mail\", reference:\"1.10.3-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnginx-mod-nchan\", reference:\"1.10.3-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnginx-mod-stream\", reference:\"1.10.3-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"nginx\", reference:\"1.10.3-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"nginx-common\", reference:\"1.10.3-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"nginx-doc\", reference:\"1.10.3-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"nginx-extras\", reference:\"1.10.3-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"nginx-full\", reference:\"1.10.3-1+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"nginx-light\", reference:\"1.10.3-1+deb9u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-02T14:54:28", "description": "NGINX Team reports :\n\nTwo security issues were identified in nginx HTTP/2 implementation, which might cause excessive memory consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844).\n\nThe issues affect nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.\n\nA security issue was identified in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory isclosure by using a specially crafted mp4 file (CVE-2018-16845).\n\nThe issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the 'mp4' directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.", "cvss3": {}, "published": "2018-11-07T00:00:00", "type": "nessus", "title": "FreeBSD : NGINX -- Multiple vulnerabilities (84ca56be-e1de-11e8-bcfd-00e04c1ea73d)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16843", "CVE-2018-16844", "CVE-2018-16845"], "modified": "2021-04-27T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:nginx", "p-cpe:/a:freebsd:freebsd:nginx-devel", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_84CA56BEE1DE11E8BCFD00E04C1EA73D.NASL", "href": "https://www.tenable.com/plugins/nessus/118754", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118754);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/27\");\n\n script_cve_id(\"CVE-2018-16843\", \"CVE-2018-16844\", \"CVE-2018-16845\");\n\n script_name(english:\"FreeBSD : NGINX -- Multiple vulnerabilities (84ca56be-e1de-11e8-bcfd-00e04c1ea73d)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"NGINX Team reports :\n\nTwo security issues were identified in nginx HTTP/2 implementation,\nwhich might cause excessive memory consumption (CVE-2018-16843) and\nCPU usage (CVE-2018-16844).\n\nThe issues affect nginx compiled with the ngx_http_v2_module (not\ncompiled by default) if the 'http2' option of the 'listen' directive\nis used in a configuration file.\n\nA security issue was identified in the ngx_http_mp4_module, which\nmight allow an attacker to cause infinite loop in a worker process,\ncause a worker process crash, or might result in worker process memory\nisclosure by using a specially crafted mp4 file (CVE-2018-16845).\n\nThe issue only affects nginx if it is built with the\nngx_http_mp4_module (the module is not built by default) and the 'mp4'\ndirective is used in the configuration file. Further, the attack is\nonly possible if an attacker is able to trigger processing of a\nspecially crafted mp4 file with the ngx_http_mp4_module.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://nginx.org/en/security_advisories.html\"\n );\n # https://vuxml.freebsd.org/freebsd/84ca56be-e1de-11e8-bcfd-00e04c1ea73d.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?982b8852\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16845\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:nginx-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"nginx<1.14.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"nginx-devel<1.15.6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-02T14:55:38", "description": "According to the versions of the nginx package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.(CVE-2018-16843)\n\n - nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.(CVE-2018-16844)\n\n - An instance of missing input sanitization was found in the mp4 module for nginx. A local attacker could create a specially crafted video file that, when streamed by the server, would cause a denial of service (server crash or hang) and, possibly, information disclosure.(CVE-2018-16845)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-12-10T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : nginx (EulerOS-SA-2018-1399)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16843", "CVE-2018-16844", "CVE-2018-16845"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:nginx", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1399.NASL", "href": "https://www.tenable.com/plugins/nessus/119527", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119527);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-16843\",\n \"CVE-2018-16844\",\n \"CVE-2018-16845\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : nginx (EulerOS-SA-2018-1399)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the nginx package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - nginx before versions 1.15.6 and 1.14.1 has a\n vulnerability in the implementation of HTTP/2 that can\n allow for excessive memory consumption. This issue\n affects nginx compiled with the ngx_http_v2_module (not\n compiled by default) if the 'http2' option of the\n 'listen' directive is used in a configuration\n file.(CVE-2018-16843)\n\n - nginx before versions 1.15.6 and 1.14.1 has a\n vulnerability in the implementation of HTTP/2 that can\n allow for excessive CPU usage. This issue affects nginx\n compiled with the ngx_http_v2_module (not compiled by\n default) if the 'http2' option of the 'listen'\n directive is used in a configuration\n file.(CVE-2018-16844)\n\n - An instance of missing input sanitization was found in\n the mp4 module for nginx. A local attacker could create\n a specially crafted video file that, when streamed by\n the server, would cause a denial of service (server\n crash or hang) and, possibly, information\n disclosure.(CVE-2018-16845)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1399\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d6876f3b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected nginx packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16845\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"nginx-1.13.3-1.h3\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nginx\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-02T15:04:17", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5862 advisory.\n\n - Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. (CVE-2017-7529)\n\n - nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module. (CVE-2018-16845)\n\n - Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. (CVE-2019-9511)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-09-28T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : olcne / nginx (ELSA-2020-5862)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7529", "CVE-2018-16845", "CVE-2019-9511"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:nginx", "p-cpe:/a:oracle:linux:nginx-all-modules", "p-cpe:/a:oracle:linux:nginx-filesystem", "p-cpe:/a:oracle:linux:nginx-mod-http-image-filter", "p-cpe:/a:oracle:linux:nginx-mod-http-perl", "p-cpe:/a:oracle:linux:nginx-mod-http-xslt-filter", "p-cpe:/a:oracle:linux:nginx-mod-mail", "p-cpe:/a:oracle:linux:nginx-mod-stream", "p-cpe:/a:oracle:linux:olcne-agent", "p-cpe:/a:oracle:linux:olcne-api-server", "p-cpe:/a:oracle:linux:olcne-nginx", "p-cpe:/a:oracle:linux:olcne-utils", "p-cpe:/a:oracle:linux:olcnectl"], "id": "ORACLELINUX_ELSA-2020-5862.NASL", "href": "https://www.tenable.com/plugins/nessus/140926", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5862.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140926);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2017-7529\", \"CVE-2018-16845\", \"CVE-2019-9511\");\n script_bugtraq_id(99534, 105868);\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"Oracle Linux 7 : olcne / nginx (ELSA-2020-5862)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-5862 advisory.\n\n - Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in\n nginx range filter module resulting into leak of potentially sensitive information triggered by specially\n crafted request. (CVE-2017-7529)\n\n - nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an\n attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in\n worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it\n is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used\n in the configuration file. Further, the attack is only possible if an attacker is able to trigger\n processing of a specially crafted mp4 file with the ngx_http_mp4_module. (CVE-2018-16845)\n\n - Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization\n manipulation, potentially leading to a denial of service. The attacker requests a large amount of data\n from a specified resource over multiple streams. They manipulate window size and stream priority to force\n the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can\n consume excess CPU, memory, or both. (CVE-2019-9511)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://linux.oracle.com/errata/ELSA-2020-5862.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16845\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2017-7529\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nginx-all-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nginx-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nginx-mod-http-image-filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nginx-mod-http-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nginx-mod-http-xslt-filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nginx-mod-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nginx-mod-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:olcne-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:olcne-api-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:olcne-nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:olcne-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:olcnectl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\npkgs = [\n {'reference':'nginx-1.17.7-2.el7', 'cpu':'x86_64', 'release':'7', 'epoch':'1'},\n {'reference':'nginx-all-modules-1.17.7-2.el7', 'release':'7', 'epoch':'1'},\n {'reference':'nginx-filesystem-1.17.7-2.el7', 'release':'7', 'epoch':'1'},\n {'reference':'nginx-mod-http-image-filter-1.17.7-2.el7', 'cpu':'x86_64', 'release':'7', 'epoch':'1'},\n {'reference':'nginx-mod-http-perl-1.17.7-2.el7', 'cpu':'x86_64', 'release':'7', 'epoch':'1'},\n {'reference':'nginx-mod-http-xslt-filter-1.17.7-2.el7', 'cpu':'x86_64', 'release':'7', 'epoch':'1'},\n {'reference':'nginx-mod-mail-1.17.7-2.el7', 'cpu':'x86_64', 'release':'7', 'epoch':'1'},\n {'reference':'nginx-mod-stream-1.17.7-2.el7', 'cpu':'x86_64', 'release':'7', 'epoch':'1'},\n {'reference':'olcne-agent-1.0.8-2.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'olcne-api-server-1.0.8-2.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'olcne-nginx-1.0.8-2.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'olcne-utils-1.0.8-2.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'olcnectl-1.0.8-2.el7', 'cpu':'x86_64', 'release':'7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nginx / nginx-all-modules / nginx-filesystem / etc');\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-02T15:03:36", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5859 advisory.\n\n - Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. (CVE-2017-7529)\n\n - nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module. (CVE-2018-16845)\n\n - Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. (CVE-2019-9511)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-09-25T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : olcne / nginx (ELSA-2020-5859)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7529", "CVE-2018-16845", "CVE-2019-9511"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:nginx-mod-http-image-filter", "p-cpe:/a:oracle:linux:nginx-mod-http-perl", "p-cpe:/a:oracle:linux:nginx-mod-http-xslt-filter", "p-cpe:/a:oracle:linux:nginx-mod-mail", "p-cpe:/a:oracle:linux:nginx-mod-stream", "p-cpe:/a:oracle:linux:olcne-agent", "p-cpe:/a:oracle:linux:olcne-api-server", "p-cpe:/a:oracle:linux:olcne-istio-chart", "p-cpe:/a:oracle:linux:olcne-nginx", "p-cpe:/a:oracle:linux:olcne-prometheus-chart", "p-cpe:/a:oracle:linux:olcne-utils", "p-cpe:/a:oracle:linux:olcnectl", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:nginx", "p-cpe:/a:oracle:linux:nginx-all-modules", "p-cpe:/a:oracle:linux:nginx-filesystem"], "id": "ORACLELINUX_ELSA-2020-5859.NASL", "href": "https://www.tenable.com/plugins/nessus/140789", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5859.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140789);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2017-7529\", \"CVE-2018-16845\", \"CVE-2019-9511\");\n script_bugtraq_id(99534, 105868);\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"Oracle Linux 7 : olcne / nginx (ELSA-2020-5859)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-5859 advisory.\n\n - Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in\n nginx range filter module resulting into leak of potentially sensitive information triggered by specially\n crafted request. (CVE-2017-7529)\n\n - nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an\n attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in\n worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it\n is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used\n in the configuration file. Further, the attack is only possible if an attacker is able to trigger\n processing of a specially crafted mp4 file with the ngx_http_mp4_module. (CVE-2018-16845)\n\n - Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization\n manipulation, potentially leading to a denial of service. The attacker requests a large amount of data\n from a specified resource over multiple streams. They manipulate window size and stream priority to force\n the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can\n consume excess CPU, memory, or both. (CVE-2019-9511)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://linux.oracle.com/errata/ELSA-2020-5859.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16845\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2017-7529\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nginx-all-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nginx-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nginx-mod-http-image-filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nginx-mod-http-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nginx-mod-http-xslt-filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nginx-mod-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nginx-mod-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:olcne-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:olcne-api-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:olcne-istio-chart\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:olcne-nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:olcne-prometheus-chart\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:olcne-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:olcnectl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\npkgs = [\n {'reference':'nginx-1.17.7-2.el7', 'cpu':'x86_64', 'release':'7', 'epoch':'1'},\n {'reference':'nginx-all-modules-1.17.7-2.el7', 'release':'7', 'epoch':'1'},\n {'reference':'nginx-filesystem-1.17.7-2.el7', 'release':'7', 'epoch':'1'},\n {'reference':'nginx-mod-http-image-filter-1.17.7-2.el7', 'cpu':'x86_64', 'release':'7', 'epoch':'1'},\n {'reference':'nginx-mod-http-perl-1.17.7-2.el7', 'cpu':'x86_64', 'release':'7', 'epoch':'1'},\n {'reference':'nginx-mod-http-xslt-filter-1.17.7-2.el7', 'cpu':'x86_64', 'release':'7', 'epoch':'1'},\n {'reference':'nginx-mod-mail-1.17.7-2.el7', 'cpu':'x86_64', 'release':'7', 'epoch':'1'},\n {'reference':'nginx-mod-stream-1.17.7-2.el7', 'cpu':'x86_64', 'release':'7', 'epoch':'1'},\n {'reference':'olcne-agent-1.1.6-1.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'olcne-api-server-1.1.6-1.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'olcne-istio-chart-1.1.6-1.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'olcne-nginx-1.1.6-1.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'olcne-prometheus-chart-1.1.6-1.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'olcne-utils-1.1.6-1.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'olcnectl-1.1.6-1.el7', 'cpu':'x86_64', 'release':'7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nginx / nginx-all-modules / nginx-filesystem / etc');\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-02T15:33:09", "description": "This update for nginx fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-9511: Fixed a denial of service by manipulating the window size and stream prioritization (bsc#1145579).\n\n - CVE-2019-9513: Fixed a denial of service caused by resource loops (bsc#1145580).\n\n - CVE-2019-9516: Fixed a denial of service caused by header leaks (bsc#1145582).\n\n - CVE-2018-16845: Fixed denial of service and memory disclosure via mp4 module (bsc#1115015).\n\n - CVE-2018-16843: Fixed excessive memory consumption in HTTP/2 implementation (bsc#1115022).\n\n - CVE-2018-16844: Fixed excessive CPU usage via flaw in HTTP/2 implementation (bsc#1115025).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", "cvss3": {}, "published": "2019-09-11T00:00:00", "type": "nessus", "title": "openSUSE Security Update : nginx (openSUSE-2019-2120) (0-Length Headers Leak) (Data Dribble) (Resource Loop)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16843", "CVE-2018-16844", "CVE-2018-16845", "CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:nginx", "p-cpe:/a:novell:opensuse:nginx-debuginfo", "p-cpe:/a:novell:opensuse:nginx-debugsource", "p-cpe:/a:novell:opensuse:nginx-source", "p-cpe:/a:novell:opensuse:vim-plugin-nginx", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2019-2120.NASL", "href": "https://www.tenable.com/plugins/nessus/128671", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2120.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128671);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-16843\",\n \"CVE-2018-16844\",\n \"CVE-2018-16845\",\n \"CVE-2019-9511\",\n \"CVE-2019-9513\",\n \"CVE-2019-9516\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"openSUSE Security Update : nginx (openSUSE-2019-2120) (0-Length Headers Leak) (Data Dribble) (Resource Loop)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for nginx fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-9511: Fixed a denial of service by manipulating\n the window size and stream prioritization (bsc#1145579).\n\n - CVE-2019-9513: Fixed a denial of service caused by\n resource loops (bsc#1145580).\n\n - CVE-2019-9516: Fixed a denial of service caused by\n header leaks (bsc#1145582).\n\n - CVE-2018-16845: Fixed denial of service and memory\n disclosure via mp4 module (bsc#1115015).\n\n - CVE-2018-16843: Fixed excessive memory consumption in\n HTTP/2 implementation (bsc#1115022).\n\n - CVE-2018-16844: Fixed excessive CPU usage via flaw in\n HTTP/2 implementation (bsc#1115025).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115025\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1145579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1145580\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1145582\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected nginx packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16845\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nginx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nginx-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nginx-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vim-plugin-nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"nginx-1.14.2-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"nginx-debuginfo-1.14.2-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"nginx-debugsource-1.14.2-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"nginx-source-1.14.2-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"vim-plugin-nginx-1.14.2-lp151.4.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nginx / nginx-debuginfo / nginx-debugsource / nginx-source / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-02T15:34:31", "description": "This update for nginx fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-9511: Fixed a denial of service by manipulating the window size and stream prioritization (bsc#1145579).\n\nCVE-2019-9513: Fixed a denial of service caused by resource loops (bsc#1145580).\n\nCVE-2019-9516: Fixed a denial of service caused by header leaks (bsc#1145582).\n\nCVE-2018-16845: Fixed denial of service and memory disclosure via mp4 module (bsc#1115015).\n\nCVE-2018-16843: Fixed excessive memory consumption in HTTP/2 implementation (bsc#1115022).\n\nCVE-2018-16844: Fixed excessive CPU usage via flaw in HTTP/2 implementation (bsc#1115025).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-09-06T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : nginx (SUSE-SU-2019:2309-1) (0-Length Headers Leak) (Data Dribble) (Resource Loop)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16843", "CVE-2018-16844", "CVE-2018-16845", "CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:nginx", "p-cpe:/a:novell:suse_linux:nginx-debuginfo", "p-cpe:/a:novell:suse_linux:nginx-debugsource", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-2309-1.NASL", "href": "https://www.tenable.com/plugins/nessus/128544", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2309-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128544);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-16843\",\n \"CVE-2018-16844\",\n \"CVE-2018-16845\",\n \"CVE-2019-9511\",\n \"CVE-2019-9513\",\n \"CVE-2019-9516\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"SUSE SLES15 Security Update : nginx (SUSE-SU-2019:2309-1) (0-Length Headers Leak) (Data Dribble) (Resource Loop)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for nginx fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-9511: Fixed a denial of service by manipulating the window\nsize and stream prioritization (bsc#1145579).\n\nCVE-2019-9513: Fixed a denial of service caused by resource loops\n(bsc#1145580).\n\nCVE-2019-9516: Fixed a denial of service caused by header leaks\n(bsc#1145582).\n\nCVE-2018-16845: Fixed denial of service and memory disclosure via mp4\nmodule (bsc#1115015).\n\nCVE-2018-16843: Fixed excessive memory consumption in HTTP/2\nimplementation (bsc#1115022).\n\nCVE-2018-16844: Fixed excessive CPU usage via flaw in HTTP/2\nimplementation (bsc#1115025).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115025\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1145579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1145580\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1145582\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16843/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16844/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16845/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9511/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9513/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9516/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192309-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b73be31f\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15-SP1:zypper in\n-t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2309=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2309=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16845\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nginx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nginx-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"nginx-1.14.2-6.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"nginx-debuginfo-1.14.2-6.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"nginx-debugsource-1.14.2-6.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nginx\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "nginx": [{"lastseen": "2023-06-23T15:08:51", "description": "Memory disclosure in the ngx_http_mp4_module\nSeverity: medium\nCVE-2018-16845\nNot vulnerable: 1.15.6+, 1.14.1+\nVulnerable: 1.1.3-1.15.5, 1.0.7-1.0.15", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 4.2}, "published": "2018-11-07T14:29:00", "type": "nginx", "title": "Memory disclosure in the ngx_http_mp4_module", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16845"], "modified": "2018-11-07T14:29:00", "id": "NGINX:CVE-2018-16845", "href": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}], "debian": [{"lastseen": "2021-12-03T04:06:14", "description": "Package : nginx\nVersion : 1.6.2-5+deb8u6\nCVE ID : CVE-2018-16845\nDebian Bug : #913090\n\nIt was discovered that there was a denial of service (DoS) vulnerability\nin the nginx web/proxy server.\n\nAs there was no validation for the size of a 64-bit atom in an MP4 file,\nthis could have led to a CPU hog when the size was 0, or various other\nproblems due to integer underflow when the calculating atom data size,\nincluding segmentation faults or even worker-process memory disclosure.\n\nFor Debian 8 &quot;Jessie&quot;, this issue has been fixed in nginx version\n1.6.2-5+deb8u6.\n\nWe recommend that you upgrade your nginx packages.\n\n\nRegards,\n\n- -- \n ,&#x27;&#x27;`.\n : :&#x27; : Chris Lamb\n `. `&#x27;` lamby@debian.org / chris-lamb.co.uk\n `-", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 4.2}, "published": "2018-11-08T17:54:18", "type": "debian", "title": "[SECURITY] [DLA 1572-1] nginx security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16845"], "modified": "2018-11-08T17:54:18", "id": "DEBIAN:DLA-1572-1:1C3DC", "href": "https://lists.debian.org/debian-lts-announce/2018/11/msg00010.html", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-05-04T15:14:04", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4335-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nNovember 08, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : nginx\nCVE ID : CVE-2018-16843 CVE-2018-16844 CVE-2018-16845\n\nThree vulnerabilities were discovered in Nginx, a high-performance web\nand reverse proxy server, which could in denial of service in processing\nHTTP/2 (via excessive memory/CPU usage) or server memory disclosure in\nthe ngx_http_mp4_module module (used for server-side MP4 streaming).\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.10.3-1+deb9u2.\n\nWe recommend that you upgrade your nginx packages.\n\nFor the detailed security status of nginx please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/nginx\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-11-08T21:34:23", "type": "debian", "title": "[SECURITY] [DSA 4335-1] nginx security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16843", "CVE-2018-16844", "CVE-2018-16845"], "modified": "2018-11-08T21:34:23", "id": "DEBIAN:DSA-4335-1:56B40", "href": "https://lists.debian.org/debian-security-announce/2018/msg00267.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntucve": [{"lastseen": "2023-06-28T14:04:36", "description": "nginx before versions 1.15.6, 1.14.1 has a vulnerability in the\nngx_http_mp4_module, which might allow an attacker to cause infinite loop\nin a worker process, cause a worker process crash, or might result in\nworker process memory disclosure by using a specially crafted mp4 file. The\nissue only affects nginx if it is built with the ngx_http_mp4_module (the\nmodule is not built by default) and the .mp4. directive is used in the\nconfiguration file. Further, the attack is only possible if an attacker is\nable to trigger processing of a specially crafted mp4 file with the\nngx_http_mp4_module.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | module is built in the nginx-extras package\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 4.2}, "published": "2018-11-06T00:00:00", "type": "ubuntucve", "title": "CVE-2018-16845", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16845"], "modified": "2018-11-06T00:00:00", "id": "UB:CVE-2018-16845", "href": "https://ubuntu.com/security/CVE-2018-16845", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}], "redhatcve": [{"lastseen": "2023-06-23T20:30:12", "description": "An instance of missing input sanitization was found in the mp4 module for nginx. A local attacker could create a specially crafted video file that, when streamed by the server, would cause a denial of service (server crash or hang) and, possibly, information disclosure.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 4.2}, "published": "2020-01-29T16:09:30", "type": "redhatcve", "title": "CVE-2018-16845", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16845"], "modified": "2023-04-06T05:04:56", "id": "RH:CVE-2018-16845", "href": "https://access.redhat.com/security/cve/cve-2018-16845", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}], "osv": [{"lastseen": "2022-07-21T08:19:06", "description": "\nIt was discovered that there was a denial of service (DoS) vulnerability\nin the nginx web/proxy server.\n\n\nAs there was no validation for the size of a 64-bit atom in an MP4 file,\nthis could have led to a CPU hog when the size was 0, or various other\nproblems due to integer underflow when the calculating atom data size,\nincluding segmentation faults or even worker-process memory disclosure.\n\n\nFor Debian 8 Jessie, this issue has been fixed in nginx version\n1.6.2-5+deb8u6.\n\n\nWe recommend that you upgrade your nginx packages.\n\n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 4.2}, "published": "2018-11-08T00:00:00", "type": "osv", "title": "nginx - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16845"], "modified": "2022-07-21T05:52:22", "id": "OSV:DLA-1572-1", "href": "https://osv.dev/vulnerability/DLA-1572-1", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-10T07:06:59", "description": "\nThree vulnerabilities were discovered in Nginx, a high-performance web\nand reverse proxy server, which could result in denial of service in processing\nHTTP/2 (via excessive memory/CPU usage) or server memory disclosure in\nthe ngx\\_http\\_mp4\\_module module (used for server-side MP4 streaming).\n\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.10.3-1+deb9u2.\n\n\nWe recommend that you upgrade your nginx packages.\n\n\nFor the detailed security status of nginx please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/nginx](https://security-tracker.debian.org/tracker/nginx)\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2018-11-08T00:00:00", "type": "osv", "title": "nginx - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16843", "CVE-2018-16845", "CVE-2018-16844"], "modified": "2022-08-10T07:06:57", "id": "OSV:DSA-4335-1", "href": "https://osv.dev/vulnerability/DSA-4335-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "debiancve": [{"lastseen": "2023-06-23T14:39:40", "description": "nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 4.2}, "published": "2018-11-07T14:29:00", "type": "debiancve", "title": "CVE-2018-16845", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16845"], "modified": "2018-11-07T14:29:00", "id": "DEBIANCVE:CVE-2018-16845", "href": "https://security-tracker.debian.org/tracker/CVE-2018-16845", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}], "photon": [{"lastseen": "2021-11-03T11:51:15", "description": "An update of {'nginx', 'linux'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2019-02-25T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2019-1.0-0211", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16845", "CVE-2018-16882"], "modified": "2019-02-25T00:00:00", "id": "PHSA-2019-1.0-0211", "href": "https://github.com/vmware/photon/wiki/Security-Updates-1.0-211", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-23T17:01:41", "description": "Updates of ['nginx', 'linux', 'linux-esx'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-02-25T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2019-0211", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16845", "CVE-2018-16882", "CVE-2019-8912"], "modified": "2019-02-25T00:00:00", "id": "PHSA-2019-0211", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-211", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-03T21:00:47", "description": "An update of {'kibana', 'python3', 'nginx', 'elasticsearch'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-02-21T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2019-2.0-0132", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16845", "CVE-2018-17244", "CVE-2018-17245", "CVE-2018-17246", "CVE-2018-20406"], "modified": "2019-02-21T00:00:00", "id": "PHSA-2019-2.0-0132", "href": "https://github.com/vmware/photon/wiki/Security-Updates-2-132", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T16:42:51", "description": "Updates of ['elasticsearch', 'python3', 'kibana', 'nginx', 'sqlite'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-21T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2019-0132", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16845", "CVE-2018-17244", "CVE-2018-17245", "CVE-2018-17246", "CVE-2018-20346", "CVE-2018-20406"], "modified": "2019-02-21T00:00:00", "id": "PHSA-2019-0132", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-132", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T18:51:54", "description": "Updates of ['kibana', 'curl', 'sqlite', 'libgd', 'nginx', 'linux-esx', 'openjdk8', 'libtiff', 'linux', 'elasticsearch', 'linux-secure', 'linux-aws'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-26T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2019-0002", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16845", "CVE-2018-16890", "CVE-2018-17244", "CVE-2018-17245", "CVE-2018-17246", "CVE-2018-20346", "CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2449", "CVE-2019-3822", "CVE-2019-3823", "CVE-2019-6128", "CVE-2019-6977", "CVE-2019-8912"], "modified": "2019-02-26T00:00:00", "id": "PHSA-2019-0002", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-2", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-24T15:24:49", "description": "Updates of ['linux-secure', 'openjdk8', 'curl', 'libgd', 'elasticsearch', 'sqlite', 'linux', 'linux-aws', 'kibana', 'nginx', 'linux-esx', 'libtiff'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-26T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2019-3.0-0002", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16845", "CVE-2018-16890", "CVE-2018-17244", "CVE-2018-17245", "CVE-2018-17246", "CVE-2018-20346", "CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2449", "CVE-2019-3822", "CVE-2019-3823", "CVE-2019-6128", "CVE-2019-6977", "CVE-2019-8912"], "modified": "2019-02-26T00:00:00", "id": "PHSA-2019-3.0-0002", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-2", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2023-06-23T15:16:53", "description": "nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption (CVE-2018-16843). nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage (CVE-2018-16844). nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file (CVE-2018-16845). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-11-17T22:23:26", "type": "mageia", "title": "Updated nginx package fixes security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16843", "CVE-2018-16844", "CVE-2018-16845"], "modified": "2018-11-17T22:23:26", "id": "MGASA-2018-0459", "href": "https://advisories.mageia.org/MGASA-2018-0459.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "oraclelinux": [{"lastseen": "2021-07-30T06:24:51", "description": "olcne\n[1.1.6-1]\n- support upgrading nginx\n- Adress CVE-2019-9511\n- Adress CVE-2018-16845\n- Adress CVE-2017-7529\n- support upgrading flannel\nnginx\n[1.17.7-2]\n- Changed nginx home dir to /var/lib/nginx for consistency\n[1.17.7-1]\n- Added Oracle Specific Build Files for nginx\n- Adress CVE-2019-9511\n- Adress CVE-2018-16845\n- Adress CVE-2017-7529", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-09-24T00:00:00", "type": "oraclelinux", "title": "olcne nginx security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7529", "CVE-2018-16845", "CVE-2019-9511"], "modified": "2020-09-24T00:00:00", "id": "ELSA-2020-5859", "href": "http://linux.oracle.com/errata/ELSA-2020-5859.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-30T06:24:52", "description": "olcne\n[1.0.8-2]\n- Added nginx-image resource in module definitions to ensure nginx image upgrading\n[1.0.8-1]\n- support upgrading nginx\n- Adress CVE-2019-9511\n- Adress CVE-2018-16845\n- Adress CVE-2017-7529\n- support upgrading flannel\nnginx\n[1.17.7-2]\n- Changed nginx home dir to /var/lib/nginx for consistency\n[1.17.7-1]\n- Added Oracle Specific Build Files for nginx\n- Adress CVE-2019-9511\n- Adress CVE-2018-16845\n- Adress CVE-2017-7529", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-09-28T00:00:00", "type": "oraclelinux", "title": "olcne nginx security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7529", "CVE-2018-16845", "CVE-2019-9511"], "modified": "2020-09-28T00:00:00", "id": "ELSA-2020-5862", "href": "http://linux.oracle.com/errata/ELSA-2020-5862.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2023-06-23T15:48:25", "description": "## Releases\n\n * Ubuntu 18.10 \n * Ubuntu 18.04 ESM\n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * nginx \\- small, powerful, scalable web/proxy server\n\nIt was discovered that nginx incorrectly handled the HTTP/2 implementation. \nA remote attacker could possibly use this issue to cause excessive memory \nconsumption, leading to a denial of service. This issue only affected \nUbuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16843)\n\nGal Goldshtein discovered that nginx incorrectly handled the HTTP/2 \nimplementation. A remote attacker could possibly use this issue to cause \nexcessive CPU usage, leading to a denial of service. This issue only \naffected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. \n(CVE-2018-16844)\n\nIt was discovered that nginx incorrectly handled the ngx_http_mp4_module \nmodule. A remote attacker could possibly use this issue with a specially \ncrafted mp4 file to cause nginx to crash, stop responding, or access \narbitrary memory. (CVE-2018-16845)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-11-07T00:00:00", "type": "ubuntu", "title": "nginx vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16843", "CVE-2018-16844", "CVE-2018-16845"], "modified": "2018-11-07T00:00:00", "id": "USN-3812-1", "href": "https://ubuntu.com/security/notices/USN-3812-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "freebsd": [{"lastseen": "2023-06-23T15:10:47", "description": "\n\nNGINX Team reports:\n\nTwo security issues were identified in nginx HTTP/2 implementation,\n\t which might cause excessive memory consumption (CVE-2018-16843)\n\t and CPU usage (CVE-2018-16844).\nThe issues affect nginx compiled with the ngx_http_v2_module (not\n\t compiled by default) if the \"http2\" option of the \"listen\" directive is\n\t used in a configuration file.\nA security issue was identified in the ngx_http_mp4_module, which might\n\t allow an attacker to cause infinite loop in a worker process, cause a\n\t worker process crash, or might result in worker process memory\n\t isclosure by using a specially crafted mp4 file (CVE-2018-16845).\nThe issue only affects nginx if it is built with the ngx_http_mp4_module\n\t (the module is not built by default) and the \"mp4\" directive is used in\n\t the configuration file. Further, the attack is only possible if an\n\t attacker is able to trigger processing of a specially crafted mp4 file\n\t with the ngx_http_mp4_module. \n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-11-06T00:00:00", "type": "freebsd", "title": "NGINX -- Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16843", "CVE-2018-16844", "CVE-2018-16845"], "modified": "2018-11-06T00:00:00", "id": "84CA56BE-E1DE-11E8-BCFD-00E04C1EA73D", "href": "https://vuxml.freebsd.org/freebsd/84ca56be-e1de-11e8-bcfd-00e04c1ea73d.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "ibm": [{"lastseen": "2023-02-24T05:45:28", "description": "## Summary\n\nIBM Aspera Shares has addressed the following OpenSSL vulnerabilities.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-7401](<https://vulners.com/cve/CVE-2019-7401>) \n** DESCRIPTION: **NGINX Unit before 1.7.1 might allow an attacker to cause a heap-based buffer overflow in the router process with a specially crafted request. This may result in a denial of service (router process crash) or possibly have unspecified other impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/156770](<https://exchange.xforce.ibmcloud.com/vulnerabilities/156770>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n \n** CVEID: **[CVE-2018-16843](<https://vulners.com/cve/CVE-2018-16843>) \n** DESCRIPTION: **nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/152679](<https://exchange.xforce.ibmcloud.com/vulnerabilities/152679>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n \n** CVEID: **[CVE-2018-16845](<https://vulners.com/cve/CVE-2018-16845>) \n** DESCRIPTION: **nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/152681](<https://exchange.xforce.ibmcloud.com/vulnerabilities/152681>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L) \n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Aspera Shares| 1.9.12 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Aspera Shares| 1.9.14 \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-07T01:27:20", "type": "ibm", "title": "Security Bulletin: Aspera Web Shares application is affected by NGINX Vulnerabilities (CVE-2018-16845, CVE-2018-16843, CVE-2019-7401)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16843", "CVE-2018-16845", "CVE-2019-7401"], "modified": "2020-02-07T01:27:20", "id": "3350863404CF635F2E4409EFF96A57CEB67EE94544296497928EAB4D9DDE1D39", "href": "https://www.ibm.com/support/pages/node/1489143", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-06-24T06:06:37", "description": "## Summary\n\nSecurity Vulnerabilities affect IBM Cloud Private - nginx \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2018-16844](<https://vulners.com/cve/CVE-2018-16844>) \n** DESCRIPTION: **nginx is vulnerable to a denial of service, caused by a flaw when complied with ngx_http_v2_module. By sending a specially-crafted HTTP/2 request, a remote attacker could exploit this vulnerability to cause excessive CPU consumption. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/152680](<https://exchange.xforce.ibmcloud.com/vulnerabilities/152680>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-16845](<https://vulners.com/cve/CVE-2018-16845>) \n** DESCRIPTION: **nginx is vulnerable to a denial of service, caused by an error when compiled with the ngx_http_mp4_module. By persuading a victim to open a specially-crafted mp4 file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop or obtain sensitive information from worker process memory. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/152681](<https://exchange.xforce.ibmcloud.com/vulnerabilities/152681>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L) \n \n** CVEID: **[CVE-2018-16843](<https://vulners.com/cve/CVE-2018-16843>) \n** DESCRIPTION: **nginx is vulnerable to a denial of service, caused by a flaw when complied with ngx_http_v2_module. By sending a specially-crafted HTTP/2 request, a remote attacker could exploit this vulnerability to cause excessive memory consumption. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/152679](<https://exchange.xforce.ibmcloud.com/vulnerabilities/152679>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-7401](<https://vulners.com/cve/CVE-2019-7401>) \n** DESCRIPTION: **NGINX Unit is vulnerable to a denial of service, caused by a heap-based buffer overflow in the router process. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the router process to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/156770](<https://exchange.xforce.ibmcloud.com/vulnerabilities/156770>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Private| 3.2.1 CD \nIBM Cloud Private| 3.2.2 CD \n \n\n\n## Remediation/Fixes\n\nProduct defect fixes and security updates are only available for the two most recent Continuous Delivery (CD) update packages \n\n * IBM Cloud Private 3.2.1\n * IBM Cloud Private 3.2.2\n\nFor IBM Cloud Private 3.2.1, apply fix pack:\n\n * [IBM Cloud Private 3.2.1.2203](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-3.2.1.2203-build601095-48411&includeSupersedes=0> \"IBM Cloud Private 3.2.1.2203\" )\n\n \n\n\nFor IBM Cloud Private 3.2.2, apply fix pack:\n\n * [IBM Cloud Private 3.2.2.2203](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-3.2.2.2203-build601096-48413&includeSupersedes=0> \"IBM Cloud Private 3.2.2.2203\" )\n\n \nFor IBM Cloud Private 3.1.0, 3.1.1, 3.1.2, 3.2.0\n\n * Upgrade to the latest Continuous Delivery (CD) update package, IBM Cloud Private 3.2.2. \n * If required, individual product fixes can be made available between CD update packages for resolution of problems. Contact IBM support for assistance\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-21T18:28:14", "type": "ibm", "title": "Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - nginx (CVE-2018-16844, CVE-2018-16845, CVE-2018-16843, CVE-2019-7401)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16843", "CVE-2018-16844", "CVE-2018-16845", "CVE-2019-7401"], "modified": "2022-04-21T18:28:14", "id": "AC622A6187A7992B3F04C541A8233851E516021322B7E8B55DBFE6D0C8088EAD", "href": "https://www.ibm.com/support/pages/node/6574081", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-23T21:44:41", "description": "## Summary\n\nIBM Aspera Shares has addressed the following NGINX vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2019-7401](<https://vulners.com/cve/CVE-2019-7401>) \n**DESCRIPTION:** NGINX Unit is vulnerable to a denial of service, caused by a heap-based buffer overflow in the router process. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the router process to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/156770> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-16843](<https://vulners.com/cve/CVE-2018-16843>) \n**DESCRIPTION:** nginx is vulnerable to a denial of service, caused by a flaw when complied with ngx_http_v2_module. By sending a specially-crafted HTTP/2 request, a remote attacker could exploit this vulnerability to cause excessive memory consumption. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152679> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-16845](<https://vulners.com/cve/CVE-2018-16845>) \n**DESCRIPTION:** nginx is vulnerable to a denial of service, caused by an error when compiled with the ngx_http_mp4_module. By persuading a victim to open a specially-crafted mp4 file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop or obtain sensitive information from worker process memory. \nCVSS Base Score: 4.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152681> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L)\n\n**CVEID:** [CVE-2019-13617](<https://vulners.com/cve/CVE-2019-13617>) \n**DESCRIPTION:** njs, used in NGINX, is vulnerable to a denial of service, caused by a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling. By persuading a victim to run a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163760> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-12208](<https://vulners.com/cve/CVE-2019-12208>) \n**DESCRIPTION:** NGINX njs is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the njs_function_native_call function in njs/njs_function.c. By sending overly long data, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/161282> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2019-12207](<https://vulners.com/cve/CVE-2019-12207>) \n**DESCRIPTION:** NGINX njs is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the nxt_utf8_encode function in nxt/nxt_utf8.c. By sending overly long data, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/161281> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVE-ID:** [CVE-2019-12206](<https://vulners.com/cve/CVE-2019-12207>) \n**DESCRIPTION:** NGINX njs is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the nxt_utf8_encode function in nxt_utf8.c. By sending overly long data, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/161279> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Aspera Shares 1.9.12\n\n## Remediation/Fixes\n\nProduct | VRMF | APAR | Remediation/First Fix \n---|---|---|--- \nIBM Aspera Shares | 1.9.next (ex. 1.9.14 or Higher) | None | \n\n[https://downloads.asperasoft.com/en/downloads](<https://downloads.asperasoft.com/en/downloads/34>) \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-08-15T18:53:15", "type": "ibm", "title": "Security Bulletin: Aspera Shares application is affected by multiple NGINX Vulnerabilities (CVE-2019-12206, CVE-2019-12207, CVE-2019-12208, CVE-2019-13617, CVE-2018-16845, CVE-2018-16843, CVE-2019-7401)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16843", "CVE-2018-16845", "CVE-2019-12206", "CVE-2019-12207", "CVE-2019-12208", "CVE-2019-13617", "CVE-2019-7401"], "modified": "2019-08-15T18:53:15", "id": "DBD9A1975BC623ABAB74E4C554BBD559BAC0FFD3EEAE268448207BB1AF26CDFB", "href": "https://www.ibm.com/support/pages/node/960890", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-23T21:53:25", "description": "## Summary\n\nIBM API Connect has addressed the following vulnerabilities. \n\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-16276](<https://vulners.com/cve/CVE-2018-16276>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by improper bounds checking in the yurex_read function in drivers/usb/misc/yurex.cr. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause the system to crash, or gain elevated privileges. \nCVSS Base Score: 7.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/149198> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-6554](<https://vulners.com/cve/CVE-2018-6554>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a memory leak in the irda_bind function. By repeatedly binding an AF_IRDA socket, a local attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/149360> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-15594](<https://vulners.com/cve/CVE-2018-15594>) \n**DESCRIPTION:** Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by the improper handling of certain indirect calls. By conducting Spectre-v2 attacks against paravirtual guests, an attacker could exploit this vulnerability to leak memory contents into a CPU cache and read host kernel memory. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148547> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-15572](<https://vulners.com/cve/CVE-2018-15572>) \n**DESCRIPTION:** Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by the failure to always fill RSB upon a context switch by the spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c. An attacker could exploit this vulnerability to conduct userspace-userspace spectreRSB attacks and obtain private data. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148546> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-17182](<https://vulners.com/cve/CVE-2018-17182>) \n**DESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by the improper handling of sequence number overflows by the vmacache_flush_all function. An attacker could exploit this vulnerability using certain thread creation, map, unmap, invalidation, and dereference operations to trigger a use-after-free error and gain elevated privileges on the system. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/150102> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-10902](<https://vulners.com/cve/CVE-2018-10902>) \n**DESCRIPTION:** Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a double-free in in snd_rawmidi_input_params() and snd_rawmidi_output_status() triggered by the raw midi kernel driver. An attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system with elevated privileges. \nCVSS Base Score: 7.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148627> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-14633](<https://vulners.com/cve/CVE-2018-14633>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the chap_server_compute_md5() function. If the iSCSI target to be enabled on the victim host, an attacker could overflow a buffer and execute arbitrary code on the system or cause the system to crash. \nCVSS Base Score: 7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/150238> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H)\n\n**CVEID:** [CVE-2018-6555](<https://vulners.com/cve/CVE-2018-6555>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error in the irda_setsockopt function. A local attacker could exploit this vulnerability using an AF_IRDA socket to cause the system to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/149361> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-3062](<https://vulners.com/cve/CVE-2018-3062>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server Server: Memcached component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146957> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2017-18216](<https://vulners.com/cve/CVE-2017-18216>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in fs/ocfs2/cluster/nodemanager.c. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139923> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-7603](<https://vulners.com/cve/CVE-2018-7603>) \n**DESCRIPTION:** The Search Autocomplete for Drupal is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim''s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim''s cookie-based authentication credentials. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151407> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2018-12123](<https://vulners.com/cve/CVE-2018-12123>) \n**DESCRIPTION:** Node.js is vulnerable to HTTP request splitting attacks, caused by improper input validation by the path option of an HTTP request. A remote attacker could exploit this vulnerability to inject arbitrary HTTP request and cause the browser to send 2 HTTP requests, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153457> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2018-12122](<https://vulners.com/cve/CVE-2018-12122>) \n**DESCRIPTION:** Node.js is vulnerable to a denial of service, caused by improper validation of HTTP headers. By sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153456> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-12121](<https://vulners.com/cve/CVE-2018-12121>) \n**DESCRIPTION:** Node.js is vulnerable to a denial of service, caused by improper validation of HTTP headers. By sending specially-crafted HTTP requests with maximum sized headers, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153455> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-12116](<https://vulners.com/cve/CVE-2018-12116>) \n**DESCRIPTION:** Node.js is vulnerable to HTTP request splitting attacks, caused by improper input validation by the path option of an HTTP request. A remote attacker could exploit this vulnerability to inject arbitrary HTTP request and cause the browser to send 2 HTTP requests, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153452> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2018-0734](<https://vulners.com/cve/CVE-2018-0734>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing side channel attack in the DSA signature algorithm. An attacker could exploit this vulnerability using variations in the signing algorithm to recover the private key. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152085> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-0732](<https://vulners.com/cve/CVE-2018-0732>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the sending of a very large prime value to the client by a malicious server during key agreement in a TLS handshake. By spending an unreasonably long period of time generating a key for this prime, a remote attacker could exploit this vulnerability to cause the client to hang. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144658> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-16845](<https://vulners.com/cve/CVE-2018-16845>) \n**DESCRIPTION:** nginx is vulnerable to a denial of service, caused by an error when compiled with the ngx_http_mp4_module. By persuading a victim to open a specially-crafted mp4 file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop or obtain sensitive information from worker process memory. \nCVSS Base Score: 4.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152681> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L)\n\n**CVEID:** [CVE-2018-14647](<https://vulners.com/cve/CVE-2018-14647>) \n**DESCRIPTION:** Python is vulnerable to a denial of service, caused by a flaw in the elementtree C accelerator. By using a specially-crafted XML document, a remote attacker could exploit this vulnerability to cause a resource exhaustion. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/150579> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-18314](<https://vulners.com/cve/CVE-2018-18314>) \n**DESCRIPTION:** Perl is vulnerable to a heap-based buffer overflow, caused by a flaw in the S_regatom function in regcomp.c. By using a specially-crafted regular expression, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153589> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-18313](<https://vulners.com/cve/CVE-2018-18313>) \n**DESCRIPTION:** Perl could allow a remote attacker to obtain sensitive information, caused by a heap-based buffer overflow in the S_grok_bslash_N function in regcomp.c. By using a specially-crafted regular expression, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153588> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-18312](<https://vulners.com/cve/CVE-2018-18312>) \n**DESCRIPTION:** Perl is vulnerable to a heap-based buffer overflow, caused by a flaw in the S_regatom function in regcomp.c. By using a specially-crafted regular expression, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153587> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-18311](<https://vulners.com/cve/CVE-2018-18311>) \n**DESCRIPTION:** Perl is vulnerable to a heap-based buffer overflow, caused by an integer overflow in the Perl_my_setenv function. By sending a specially-crafted request, a local attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153586> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-13053](<https://vulners.com/cve/CVE-2018-13053>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an integer overflow in alarm_timer_nsleep. By sending an overly long string, an attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/145647> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-15687](<https://vulners.com/cve/CVE-2018-15687>) \n**DESCRIPTION:** systemd could allow a remote attacker to bypass security restrictions, caused by a race condition in the chown_one function. By sending a specially-crafted request, an attacker could exploit this vulnerability to set arbitrary permissions on arbitrary files. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152040> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-10880](<https://vulners.com/cve/CVE-2018-10880>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a stack-out-of-bounds write in the ext4 filesystem code. By using a specially-crafted ext4 image, a local authenticated attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147436> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-13096](<https://vulners.com/cve/CVE-2018-13096>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds memory access flaw in fs/f2fs/super.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/145961> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-14609](<https://vulners.com/cve/CVE-2018-14609>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the __del_reloc_root function in fs/btrfs/relocation.c when mounting a crafted btrfs image. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147619> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-14617](<https://vulners.com/cve/CVE-2018-14617>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the hfsplus_lookup function in fs/hfsplus/dir.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147627> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-5407](<https://vulners.com/cve/CVE-2018-5407>) \n**DESCRIPTION:** Multiple SMT/Hyper-Threading architectures and processors could allow a local attacker to obtain sensitive information, caused by execution engine sharing on Simultaneous Multithreading (SMT) architecture. By using the PortSmash new side-channel attack, an attacker could run a malicious process next to legitimate processes using the architectures parallel thread running capabilities to leak encrypted data from the CPU''s internal processes. Note: This vulnerability is known as PortSmash. \nCVSS Base Score: 5.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152484> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-14600](<https://vulners.com/cve/CVE-2018-14600>) \n**DESCRIPTION:** X.Org libx11 could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write flaw. By sending a specially-crafted value, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148663> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-14599](<https://vulners.com/cve/CVE-2018-14599>) \n**DESCRIPTION:** X.Org libx11 is vulnerable to a denial of service, caused by an off-by-one flaw in multiple functions. By sending malicious server responses, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148661> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-14598](<https://vulners.com/cve/CVE-2018-14598>) \n**DESCRIPTION:** X.Org libx11 is vulnerable to a denial of service. By sending a specially-crafted reply, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148664> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-16429](<https://vulners.com/cve/CVE-2018-16429>) \n**DESCRIPTION:** GNOME GLib is vulnerable to a denial of service, caused by an out-of-bounds read in g_markup_parse_context_parse() in gmarkup.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/149332> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-16428](<https://vulners.com/cve/CVE-2018-16428>) \n**DESCRIPTION:** GNOME GLib is vulnerable to a denial of service, caused by a NULL pointer dereference in g_markup_parse_context_end_parse() in gmarkup.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/149333> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-1000222](<https://vulners.com/cve/CVE-2018-1000222>) \n**DESCRIPTION:** libgd could allow a remote attacker to execute arbitrary code on the system, caused by a double free in the gdImageBmpPtr function. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148755> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-14618](<https://vulners.com/cve/CVE-2018-14618>) \n**DESCRIPTION:** cURL libcurl is vulnerable to a buffer overflow, caused by an integer overflow flaw in the Curl_ntlm_core_mk_nt_hash internal function in the NTLM authentication code. By sending an overly long password, a remote attacker could overflow a buffer and execute arbitrary code and cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/149359> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-5740](<https://vulners.com/cve/CVE-2018-5740>) \n**DESCRIPTION:** ISC BIND is vulnerable to a denial of service, caused by a defect in the deny-answer-aliases feature. By triggering this defect, a remote attacker could exploit this vulnerability to cause an INSIST assertion failure in name.c. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148131> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-10853](<https://vulners.com/cve/CVE-2018-10853>) \n**DESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by the failure to check current privilege(CPL) level while emulating unprivileged instructions by the KVM hypervisor. An attacker could exploit this vulnerability to gain elevated privileges on the system. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/149311> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-5391](<https://vulners.com/cve/CVE-2018-5391>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the improper handling of the reassembly of fragmented IPv4 and IPv6 packets by the IP implementation. By sending specially crafted IP fragments with random offsets, a remote attacker could exploit this vulnerability to exhaust all available CPU resources and cause a denial of service. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148388> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-9516](<https://vulners.com/cve/CVE-2018-9516>) \n**DESCRIPTION:** Google Android could allow a local attacker to gain elevated privileges on the system, caused by an out-of-bounds write in hid_debug_events_read of drivers/hid/hid-debug.c. An attacker could exploit this vulnerability to escalate privileges. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152645> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-5390](<https://vulners.com/cve/CVE-2018-5390>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error in the tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions. By sending specially crafted packets within ongoing TCP sessions, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147950> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-5711](<https://vulners.com/cve/CVE-2018-5711>) \n**DESCRIPTION:** PHP is vulnerable to a denial of service, caused by an integer signedness error in the imagecreatefromgif and imagecreatefromstring functions in the GD Graphics Library (aka libgd). By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137653> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-10876](<https://vulners.com/cve/CVE-2018-10876>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in the ext4_ext_remove_space() function. By mounting and operating on a specially crafted ext4 filesystem image, a local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147834> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-10881](<https://vulners.com/cve/CVE-2018-10881>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an out-of-bound access in the ext4_get_group_info function. By mounting and operating on a specially crafted ext4 filesystem image, a local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147820> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-10882](<https://vulners.com/cve/CVE-2018-10882>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an out-of-bound write in the fs/jbd2/transaction.c code function. By unmounting a specially crafted ext4 filesystem image, a local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147831> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-13094](<https://vulners.com/cve/CVE-2018-13094>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a flaw in the xfs_da_shrink_inode function in fs/xfs/libxfs/xfs_attr_leaf.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a kernel OOPS. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/145959> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-3646](<https://vulners.com/cve/CVE-2018-3646>) \n**DESCRIPTION:** Multiple Intel CPU''s could allow a local attacker to obtain sensitive information, caused by a flaw in the CPU speculative branch instruction execution feature. By conducting targeted cache side-channel attacks and via a terminal page fault, an attacker with guest OS privilege could exploit this vulnerability to leak information residing in the L1 data cache and read data belonging to different security contexts. \nCVSS Base Score: 7.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148319> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-10877](<https://vulners.com/cve/CVE-2018-10877>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an out-of-bound access in the ext4_ext_drop_refs() function. By using a specially-crafted ext4 image, a local authenticated attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147438> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2017-13168](<https://vulners.com/cve/CVE-2017-13168>) \n**DESCRIPTION:** Google Android could allow a remote attacker to gain elevated privileges on the system, caused by a flaw in kernel scsi driver. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to gain elevated privileges. \nCVSS Base Score: 7.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136062> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-10878](<https://vulners.com/cve/CVE-2018-10878>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds write in the ext4 filesystem. By mounting and operating on a specially crafted ext4 filesystem image, a local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147833> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-10879](<https://vulners.com/cve/CVE-2018-10879>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in the ext4_xattr_set_entry function. By renaming a file a specially crafted ext4 filesystem image, a local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147832> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-12233](<https://vulners.com/cve/CVE-2018-12233>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a memory corruption in the ea_get function in fs/jfs/xattr.c. A local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144767> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-13405](<https://vulners.com/cve/CVE-2018-13405>) \n**DESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a flaw in the fs/inode.c:inode_init_owner() function. An attacker could exploit this vulnerability to create files with an unintended group ownership. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146434> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-13406](<https://vulners.com/cve/CVE-2018-13406>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c. A local attacker could exploit this vulnerability to crash the kernel or potentially gain elevated privileges. \nCVSS Base Score: 7.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147005> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2016-7942](<https://vulners.com/cve/CVE-2016-7942>) \n**DESCRIPTION:** X.Org libX11 could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read in the XGetImage() function. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117541> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2016-7943](<https://vulners.com/cve/CVE-2016-7943>) \n**DESCRIPTION:** X.Org libX11 could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read in the XListFonts() function. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117542> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-3639](<https://vulners.com/cve/CVE-2018-3639>) \n**DESCRIPTION:** Multiple Intel CPU''s could allow a local attacker to obtain sensitive information, caused by utilizing sequences of speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known. By conducting targeted cache side-channel attacks, an attacker could exploit this vulnerability to bypass security restrictions and gain read access to privileged memory. Note: This vulnerability is the Speculative Store Bypass (SSB), also known as Variant 4 or \"SpectreNG\". \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143569> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-3640](<https://vulners.com/cve/CVE-2018-3640>) \n**DESCRIPTION:** Multiple Intel CPU''s could allow a local attacker to obtain sensitive information, caused by utilizing sequences of speculative execution that perform speculative reads of system registers. By conducting targeted cache side-channel attacks, an attacker could exploit this vulnerability to determine the values stored in system registers. Note: This vulnerability is the Rogue System Register Read (RSRE), also known as Variant 3a. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143570> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-3620](<https://vulners.com/cve/CVE-2018-3620>) \n**DESCRIPTION:** Multiple Intel CPU''s could allow a local attacker to obtain sensitive information, caused by a flaw in the CPU speculative branch instruction execution feature. By conducting targeted cache side-channel attacks and via a terminal page fault, an attacker could exploit this vulnerability to leak information residing in the L1 data cache and read data belonging to different security contexts. Note: This vulnerability is also known as the \"L1 Terminal Fault (L1TF)\" or \"Foreshadow\" attack. \nCVSS Base Score: 7.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148318> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-10021](<https://vulners.com/cve/CVE-2018-10021>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by ata qc leak in the drivers/scsi/libsas/sas_scsi_host.c. By triggering certain failure conditions, a local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141588> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-10087](<https://vulners.com/cve/CVE-2018-10087>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a flaw in the kernel_wait4 function in kernel/exit.c. By triggering an attempted use of the -INT_MIN value, a local attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141640> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-10124](<https://vulners.com/cve/CVE-2018-10124>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a flaw in the kill_something_info function in kernel/signal.c. By using an INT_MIN argument, a local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141698> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-7755](<https://vulners.com/cve/CVE-2018-7755>) \n**DESCRIPTION:** Linux Kernel could allow a local attacker to bypass security restrictions, caused by a flaw in the fd_locked_ioctl function in drivers/block/floppy.c. By using the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data, an attacker could exploit this vulnerability to bypass kernel security protections. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140065> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2017-5715](<https://vulners.com/cve/CVE-2017-5715>) \n**DESCRIPTION:** Intel Haswell Xeon, AMD PRO and ARM Cortex A57 CPUs could allow a local authenticated attacker to obtain sensitive information, caused by a branch target injection in the CPU speculative branch instruction execution feature. By conducting targeted cache side-channel attacks, an attacker could exploit this vulnerability to leak memory contents into a CPU cache and read host kernel memory. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137054> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-0737](<https://vulners.com/cve/CVE-2018-0737>) \n**DESCRIPTION:** OpenSSL could allow a local attacker to obtain sensitive information, caused by a cache-timing side channel attack in the RSA Key generation algorithm. An attacker with access to mount cache timing attacks during the RSA key generation process could exploit this vulnerability to recover the private key and obtain sensitive information. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141679> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-1152](<https://vulners.com/cve/CVE-2018-1152>) \n**DESCRIPTION:** Libjpeg Turbo is vulnerable to a denial of service, caused by a divide-by-zero when processing a BMP image. By persuading a victim to open a specially crafted BMP image, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/145045> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2017-18258](<https://vulners.com/cve/CVE-2017-18258>) \n**DESCRIPTION:** libxml2 is vulnerable to a denial of service, caused by a flaw in the xz_head function in xzlib.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141432> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-5814](<https://vulners.com/cve/CVE-2018-5814>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by multiple race condition errors when handling probe, disconnect and rebind operations in USB over IP daemon. By sending multiple USB over IP packets, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144508> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-1116](<https://vulners.com/cve/CVE-2018-1116>) \n**DESCRIPTION:** polkit is vulnerable to a denial of service, caused by a flaw in the implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service or obtain sensitive information. \nCVSS Base Score: 7.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146202> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)\n\n**CVEID:** [CVE-2016-10087](<https://vulners.com/cve/CVE-2016-10087>) \n**DESCRIPTION:** libpng is vulnerable to a denial of service, caused by a NULL pointer dereference in the png_set_text_2 function. By loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/124207> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-14404](<https://vulners.com/cve/CVE-2018-14404>) \n**DESCRIPTION:** libxml2 is vulnerable to a denial of service, caused by a NULL pointer dereference in the xpath.c:xmlXPathCompOpEval() function. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147260> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-7185](<https://vulners.com/cve/CVE-2018-7185>) \n**DESCRIPTION:** NTP is vulnerable to a denial of service. By sending specially crafted packets, a remote authenticated attacker could exploit this vulnerability to reset authenticated interleaved association. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139783> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2016-9318](<https://vulners.com/cve/CVE-2016-9318>) \n**DESCRIPTION:** Libxml2 could allow a remote attacker to obtain sensitive information, caused by failure to offer a flag directly indicating the status of current document. By using a specially-crafted document to conduct a XML external entity (XXE) attack, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119018> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2017-18255](<https://vulners.com/cve/CVE-2017-18255>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an integer overflow in the perf_cpu_time_max_percent_handler function in kernel/events/core.c. By using a specially-crafted input, a local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141329> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-7183](<https://vulners.com/cve/CVE-2018-7183>) \n**DESCRIPTION:** NTP is vulnerable to a buffer overflow, caused by improper bounds checking by the decodearr function. By leveraging an ntpq query and sending a response with a crafted array, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140092> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2017-15896](<https://vulners.com/cve/CVE-2017-15896>) \n**DESCRIPTION:** Node.js could allow a remote attacker to bypass security restrictions, caused by an error in OpenSSL within the \"error state\" mechanism when directly calling SSL_read() due to TLS handshake failure. An attacker could exploit this vulnerability to bypass the decryption or encryption process and perform unauthorized actions. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136225> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2018-12115](<https://vulners.com/cve/CVE-2018-12115>) \n**DESCRIPTION:** Node.js is vulnerable to a denial of service, caused by an out-of-bounds write in Buffer. An attacker could exploit this vulnerability to write to memory outside of a Buffer''s memory space, corrupt Buffer objects or cause the process to crash. \nCVSS Base Score: 8.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148426> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H)\n\n**CVEID:** [CVE-2018-7159](<https://vulners.com/cve/CVE-2018-7159>) \n**DESCRIPTION:** Node.js http module could allow a remote attacker to bypass security restrictions, caused by the acceptance of incorrect Content-Length values, containing spaces within the value, in HTTP headers. An attacker could exploit this vulnerability to confuse the script and launch further attacks on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143448> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-7158](<https://vulners.com/cve/CVE-2018-7158>) \n**DESCRIPTION:** Node.js path module is vulnerable to a denial of service. By sending a specially crafted file path, an attacker could exploit this vulnerability to cause a regular expression denial of service. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143449> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-1000168](<https://vulners.com/cve/CVE-2018-1000168>) \n**DESCRIPTION:** nghttp2 is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141584> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-7161](<https://vulners.com/cve/CVE-2018-7161>) \n**DESCRIPTION:** Node.js is vulnerable to a denial of service, caused by an error within the http2 implementation. By interacting with the http2 server in an insecure manner, a remote attacker could exploit this vulnerability to cause the node server providing an http2 server to crash. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144736> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-7167](<https://vulners.com/cve/CVE-2018-7167>) \n**DESCRIPTION:** Node.js is vulnerable to a denial of service. By invoking Buffer.fill() or Buffer.alloc() , a remote attacker could exploit this vulnerability to cause the application to hang. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144740> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-7160](<https://vulners.com/cve/CVE-2018-7160>) \n**DESCRIPTION:** Node.js inspector module could allow a remote attacker to bypass security restrictions, caused by the failure to properly validate the Host header. An attacker could exploit this vulnerability to bypass same-origin policy and conduct a DNS rebinding attack. \nCVSS Base Score: 5.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143447> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-3665](<https://vulners.com/cve/CVE-2018-3665>) \n**DESCRIPTION:** Intel Core-based microprocessors could allow a local attacker to obtain sensitive information, caused by utilizing the Lazy FP state restore technique for floating point state when context switching between application processes. By conducting targeted cache side-channel attacks, an attacker could exploit this vulnerability to determine register values of other processes. Note: This vulnerability is known as LazyFP. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144757> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-14567](<https://vulners.com/cve/CVE-2018-14567>) \n**DESCRIPTION:** libxml2 is vulnerable to a denial of service, caused by an error in xzlib.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148541> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-14680](<https://vulners.com/cve/CVE-2018-14680>) \n**DESCRIPTION:** An unspecified error in libmspack related to the failure to reject blank CHM filenames has an unknown impact and attack vector. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147668> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-14681](<https://vulners.com/cve/CVE-2018-14681>) \n**DESCRIPTION:** libmspack could allow a remote attacker to overwrite arbitrary files, caused by an error in the kwajd_read_headers function in mspack/kwajd.c in libmspack. An attacker could exploit this vulnerability using bad KWAJ file header extensions to cause a one or two byte overwrite. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147669> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-14679](<https://vulners.com/cve/CVE-2018-14679>) \n**DESCRIPTION:** libmspack is vulnerable to a denial of service, caused by an off-by-one error in the CHM PMGI/PMGL chunk number validity checks in mspack/chmd.c. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147667> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-14682](<https://vulners.com/cve/CVE-2018-14682>) \n**DESCRIPTION:** libmspack is vulnerable to a denial of service, caused by an off-by-one in mspack/chmd.c in the TOLOWER() macro for CHM decompression. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147666> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2017-7526](<https://vulners.com/cve/CVE-2017-7526>) \n**DESCRIPTION:** Libgcrypt could allow a remote attacker to obtain sensitive information, caused by a cache side-channel attack when using left-to-right sliding window method by the RSA-1024 implementation. By running arbitrary software where the private key is used, an attacker could exploit this vulnerability to obtain the RSA private key. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/128271> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-9518](<https://vulners.com/cve/CVE-2018-9518>) \n**DESCRIPTION:** Google Android could allow a local attacker to gain elevated privileges on the system, caused by an out-of-bounds write flaw in the nfc_llcp_build_sdreq_tlv function in llcp_commands.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain elevated privileges. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/154089> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-0495](<https://vulners.com/cve/CVE-2018-0495>) \n**DESCRIPTION:** GnuPG Libgcrypt could allow a local attacker to obtain sensitive information, caused by a memory-cache side-channel attack on ECDSA signatures in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c. An attacker could exploit this vulnerability to recover ECDSA or DSA private keys. \nCVSS Base Score: 5.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144828> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-1000204](<https://vulners.com/cve/CVE-2018-1000204>) \n**DESCRIPTION:** Linux Kernel could allow a remote attacker to obtain sensitive information, caused by the improper handling of an SG_IO ioctl on /dev/sg0. By sending a specially-crafted argument, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144557> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2017-13695](<https://vulners.com/cve/CVE-2017-13695>) \n**DESCRIPTION:** Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c. By using a specially-rafted ACPI table, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/131022> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2017-18257](<https://vulners.com/cve/CVE-2017-18257>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an integer overflow in the __get_data_block function in fs/f2fs/data.c. By using specially-crafted open and fallocate system calls with an FS_IOC_FIEMAP ioctl, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141431> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM API Connect version 5.0.8.0-5.0.8.4\n\n## Remediation/Fixes\n\nAffected Product | Addressed in VRMF | APAR | Remediation/First Fix \n---|---|---|--- \nIBM API Connect 5.0.8.0-5.0.8.4 | 5.0.8.5 fix pack | LI80564 | \n\nAddressed in IBM API Connect V5.0.8.5 fix pack.\n\nFollow this link and find the APIConnect-Portal package.\n\n[http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&amp;product=ibm/WebSphere/IBM+API+Connect&amp;release=5.0.8.4&amp;platform=All&amp;function=all&amp;source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=5.0.8.4&platform=All&function=all&source=fc>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-01-28T17:05:01", "type": "ibm", "title": "Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal's dependencies - Cumulative list from June 28, 2018 to December 13, 2018", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10087", "CVE-2016-7942", "CVE-2016-7943", "CVE-2016-9318", "CVE-2017-13168", "CVE-2017-13695", "CVE-2017-15896", "CVE-2017-18216", "CVE-2017-18255", "CVE-2017-18257", "CVE-2017-18258", "CVE-2017-5715", "CVE-2017-7526", "CVE-2018-0495", "CVE-2018-0732", "CVE-2018-0734", "CVE-2018-0737", "CVE-2018-1000168", "CVE-2018-1000204", "CVE-2018-1000222", "CVE-2018-10021", "CVE-2018-10087", "CVE-2018-10124", "CVE-2018-10853", "CVE-2018-10876", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10880", "CVE-2018-10881", "CVE-2018-10882", "CVE-2018-10902", "CVE-2018-1116", "CVE-2018-1152", "CVE-2018-12115", "CVE-2018-12116", "CVE-2018-12121", "CVE-2018-12122", "CVE-2018-12123", "CVE-2018-12233", "CVE-2018-13053", "CVE-2018-13094", "CVE-2018-13096", "CVE-2018-13405", "CVE-2018-13406", "CVE-2018-14404", "CVE-2018-14567", "CVE-2018-14598", "CVE-2018-14599", "CVE-2018-14600", "CVE-2018-14609", "CVE-2018-14617", "CVE-2018-14618", "CVE-2018-14633", "CVE-2018-14647", "CVE-2018-14679", "CVE-2018-14680", "CVE-2018-14681", "CVE-2018-14682", "CVE-2018-15572", "CVE-2018-15594", "CVE-2018-15687", "CVE-2018-16276", "CVE-2018-16428", "CVE-2018-16429", "CVE-2018-16845", "CVE-2018-17182", "CVE-2018-18311", "CVE-2018-18312", "CVE-2018-18313", "CVE-2018-18314", "CVE-2018-3062", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3640", "CVE-2018-3646", "CVE-2018-3665", "CVE-2018-5390", "CVE-2018-5391", "CVE-2018-5407", "CVE-2018-5711", "CVE-2018-5740", "CVE-2018-5814", "CVE-2018-6554", "CVE-2018-6555", "CVE-2018-7158", "CVE-2018-7159", "CVE-2018-7160", "CVE-2018-7161", "CVE-2018-7167", "CVE-2018-7183", "CVE-2018-7185", "CVE-2018-7603", "CVE-2018-7755", "CVE-2018-9516", "CVE-2018-9518"], "modified": "2019-01-28T17:05:01", "id": "1615871DB6D900C69F1E3E99183BE8581ED1CED870E2C3B0E3B990E1C56F30E0", "href": "https://www.ibm.com/support/pages/node/843434", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2021-07-28T14:46:50", "description": "Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2018-11-24T02:29:55", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: nginx-1.14.1-2.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16843", "CVE-2018-16844", "CVE-2018-16845"], "modified": "2018-11-24T02:29:55", "id": "FEDORA:618C0608DFB1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SYFTQGONGIF4DU6U3EDY5MIB7LPHMF2W/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-28T14:46:51", "description": "Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-09-04T04:07:11", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: nginx-1.16.1-1.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16843", "CVE-2018-16844", "CVE-2018-16845", "CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516"], "modified": "2019-09-04T04:07:11", "id": "FEDORA:B122E605D6AD", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "suse": [{"lastseen": "2022-04-18T12:42:13", "description": "An update that fixes three vulnerabilities is now available.\n\nDescription:\n\n This update for nginx fixes the following issues:\n\n nginx was updated to 1.14.2:\n\n - Bugfix: nginx could not be built on Fedora 28 Linux.\n - Bugfix: in handling of client addresses when using unix domain listen\n sockets to work with datagrams on Linux.\n - Change: the logging level of the \"http request\", \"https proxy request\",\n \"unsupported protocol\", \"version too low\", \"no suitable key share\", and\n \"no suitable signature algorithm\" SSL errors has been lowered from\n \"crit\" to \"info\".\n - Bugfix: when using OpenSSL 1.1.0 or newer it was not possible to switch\n off \"ssl_prefer_server_ciphers\" in a virtual server if it was switched\n on in the default server.\n - Bugfix: nginx could not be built with LibreSSL 2.8.0.\n - Bugfix: if nginx was built with OpenSSL 1.1.0 and used with OpenSSL\n 1.1.1, the TLS 1.3 protocol was always enabled.\n - Bugfix: sending a disk-buffered request body to a gRPC backend might\n fail.\n - Bugfix: connections with some gRPC backends might not be cached when\n using the \"keepalive\" directive.\n - Bugfix: a segmentation fault might occur in a worker process if the\n ngx_http_mp4_module was used on 32-bit platforms.\n\n Changes with nginx 1.14.1:\n\n - Security: when using HTTP/2 a client might cause excessive memory\n consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844).\n - Security: processing of a specially crafted mp4 file with the\n ngx_http_mp4_module might result in worker process memory disclosure\n (CVE-2018-16845).\n - Bugfix: working with gRPC backends might result in excessive memory\n consumption.\n\n Changes with nginx 1.13.12:\n\n - Bugfix: connections with gRPC backends might be closed unexpectedly when\n returning a large response.\n\n Changes with nginx 1.13.10\n\n - Feature: the \"set\" parameter of the \"include\" SSI directive now allows\n writing arbitrary responses to a variable; the\n \"subrequest_output_buffer_size\" directive defines maximum response size.\n - Feature: now nginx uses clock_gettime(CLOCK_MONOTONIC) if available, to\n avoid timeouts being incorrectly triggered on system time changes.\n - Feature: the \"escape=none\" parameter of the \"log_format\" directive.\n Thanks to Johannes Baiter and Calin Don.\n - Feature: the $ssl_preread_alpn_protocols variable in the\n ngx_stream_ssl_preread_module.\n - Feature: the ngx_http_grpc_module.\n - Bugfix: in memory allocation error handling in the \"geo\" directive.\n - Bugfix: when using variables in the \"auth_basic_user_file\" directive a\n null character might appear in logs. Thanks to Vadim Filimonov.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-195=1\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-195=1\n\n - SUSE Package Hub for SUSE Linux Enterprise 12:\n\n zypper in -t patch openSUSE-2019-195=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-02-18T00:00:00", "type": "suse", "title": "Security update for nginx (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16843", "CVE-2018-16844", "CVE-2018-16845"], "modified": "2019-02-18T00:00:00", "id": "OPENSUSE-SU-2019:0195-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BANOBXLWHZASXZTGTJCX7HNMKYECPLOA/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-11-10T08:11:25", "description": "An update that fixes 6 vulnerabilities is now available.\n\nDescription:\n\n This update for nginx fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-9511: Fixed a denial of service by manipulating the window size\n and stream prioritization (bsc#1145579).\n - CVE-2019-9513: Fixed a denial of service caused by resource loops\n (bsc#1145580).\n - CVE-2019-9516: Fixed a denial of service caused by header leaks\n (bsc#1145582).\n - CVE-2018-16845: Fixed denial of service and memory disclosure via mp4\n module (bsc#1115015).\n - CVE-2018-16843: Fixed excessive memory consumption in HTTP/2\n implementation (bsc#1115022).\n - CVE-2018-16844: Fixed excessive CPU usage via flaw in HTTP/2\n implementation (bsc#1115025).\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2019-2120=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-09-11T00:00:00", "type": "suse", "title": "Security update for nginx (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16843", "CVE-2018-16844", "CVE-2018-16845", "CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516"], "modified": "2019-09-11T00:00:00", "id": "OPENSUSE-SU-2019:2120-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BWXBLC3WM4NT33YQW6VEXFVCPFVQE7FB/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "altlinux": [{"lastseen": "2023-05-07T11:43:38", "description": "Nov. 6, 2018 Anton Farygin 1.14.1-alt1\n \n \n - 1.14.1 (fixes: CVE-2018-16845, CVE-2018-16843, CVE-2018-16844)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-11-06T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 9 package nginx version 1.14.1-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16843", "CVE-2018-16844", "CVE-2018-16845"], "modified": "2018-11-06T00:00:00", "id": "6645ACA9C19E1295FCAE7938647538D8", "href": "https://packages.altlinux.org/en/p9/srpms/nginx/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "symantec": [{"lastseen": "2022-01-11T11:31:38", "description": "**Summary**\n\nSymantec SWG products using affected versions of Nginx may be susceptible to multiple Nginx vulnerabilities. A remote attacker can use crafted requests to obtain sensitive information or cause denial of service. An attacker can also obtain sensitive information or cause denial of service by triggering Nginx to stream crafted MP4 files. \n** **\n\n**Affected Product(s)**\n\n**Content Analysis (CA)** \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2017-7529 | 2.3 | Upgrade to later release with fixes. \n2.4 | Not available at this time \n3.0 | Not vulnerable, fixed in 3.0.1.1 \n \n \n\n**SSL Visibility (SSLV)** \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2017-7529 | 3.10, 3.12 | Upgrade to later release with fixes. \n4.5 and later | Not vulnerable, fixed in 4.5.1.1 \n \n \n\n**Additional Product Information**\n\nThe following products are not vulnerable: \n**Advanced Secure Gateway (ASG) \nAuthConnector \nBCAAA \nCacheFlow (CF) \nDirector \nGeneral Auth Connector Login Application \nHSM Agent for the Luna SP \nManagement Center (MC) \n****PacketShaper (PS) S-Series \nPolicyCenter (PC) S-Series \nProxySG \nReporter \nSecurity Analytics (SA) \nSymantec Messaging Gateway (SMG) \nUnified Agent \nWeb Isolation (WI) \nWSS Agent \nWSS Mobile Agent \nX-Series XOS \n \n**\n\n**Issue Details**\n\n**CVE-2017-7529** \n--- \n**Severity / CVSS v3.0:** | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n**References:** | NVD: [CVE-2017-7529](<https://nvd.nist.gov/vuln/detail/CVE-2017-7529> \"NVD - CVE-2017-7529\" ) \n**Impact:** | Information disclosure \n**Description:** | An integer overflow in the range filter module allows a remote attacker to send crafted requests and obtain sensitive information from the target process memory. \n \n \n\n**CVE-2018-16843** \n--- \n**Severity / CVSS v3.0:** | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n**References:** | NVD: [CVE-2018-16843](<https://nvd.nist.gov/vuln/detail/CVE-2018-16843> \"NVD - CVE-2018-16843\" ) \n**Impact:** | Denial of service \n**Description:** | A flaw in the HTTP/2 implementation allows a remote attacker to send crafted requests and cause denial of service through excessive memory consumption. \n \n \n\n**CVE-2018-16844** \n--- \n**Severity / CVSS v3.0:** | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n**References:** | NVD: [CVE-2018-16844](<https://nvd.nist.gov/vuln/detail/CVE-2018-16844> \"NVD - CVE-2018-16844\" ) \n**Impact:** | Denial of service \n**Description:** | A flaw in the HTTP/2 implementation allows a remote attacker to send crafted requests and cause denial of service through excessive CPU consumption. \n \n \n\n**CVE-2018-16845** \n--- \n**Severity / CVSS v3.0:** | Medium / 6.1 (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H) \n**References:** | NVD: [CVE-2018-16845](<https://nvd.nist.gov/vuln/detail/CVE-2018-16845> \"NVD - CVE-2018-16845\" ) \n**Impact:** | Information disclosure, denial of service \n**Description:** | A flaw in the ngx_http_mp4_module allows an attacker to use a crafted MP4 file to obtain sensitive information from the target process memory. The attacker can also cause denial of service through an infinite loop. The attacker needs to trigger nginx to process/stream the crafted MP4 file. \n \n \n\n**CVE-2019-9511** \n--- \n**Severity / CVSS v3.0:** | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n**References:** | NVD: [CVE-2019-9511](<https://nvd.nist.gov/vuln/detail/CVE-2019-9511> \"NVD - CVE-2019-9511\" ) \n**Impact:** | Denial of service \n**Description:** | A flaw in the HTTP/2 implementation allows a remote attacker to send crafted requests and cause denial of service through excessive CPU or memory consumption. \n \n \n\n**CVE-2019-9513** \n--- \n**Severity / CVSS v3.0:** | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n**References:** | NVD: [CVE-2019-9513](<https://nvd.nist.gov/vuln/detail/CVE-2019-9513> \"NVD - CVE-2019-9513\" ) \n**Impact:** | Denial of service \n**Description:** | A flaw in the HTTP/2 implementation allows a remote attacker to send crafted requests and cause denial of service through excessive CPU consumption. \n \n \n\n**CVE-2019-9516** \n--- \n**Severity / CVSS v3.0:** | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n**References:** | NVD: [CVE-2019-9516](<https://nvd.nist.gov/vuln/detail/CVE-2019-9516> \"NVD - CVE-2019-9516\" ) \n**Impact:** | Denial of service \n**Description:** | A flaw in the HTTP/2 implementation allows a remote attacker to send crafted requests and cause denial of service through excessive memory consumption. \n \n** \nRevisions**\n\n2021-04-26 PacketShaper (PS) S-Series and PolicyCenter (PC) S-Series are not vulnerable. \n2021-02-18 A fix for CA 2.3 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2021-01-12 A fix for SSLV 3.10 and SSLV 3.12 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2020-05-06 initial public release \n \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-06T18:48:22", "type": "symantec", "title": "Nginx Vulnerabilities Jul 2017 - Oct 2019", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7529", "CVE-2018-16843", "CVE-2018-16844", "CVE-2018-16845", "CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516"], "modified": "2022-01-10T20:16:23", "id": "SMNTC-1760", "href": "", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "apple": [{"lastseen": "2023-09-23T22:47:07", "description": "# About the security content of Xcode 13\n\nThis document describes the security content of Xcode 13.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## Xcode 13\n\nReleased September 20, 2021\n\n**IDE Xcode Server**\n\nAvailable for: macOS Big Sur 11.3 and later\n\nImpact: Multiple issues in nginx\n\nDescription: Multiple issues were addressed by updating nginx to version 1.21.0.\n\nCVE-2016-0742\n\nCVE-2016-0746\n\nCVE-2016-0747\n\nCVE-2017-7529\n\nCVE-2018-16843\n\nCVE-2018-16844\n\nCVE-2018-16845\n\nCVE-2019-20372\n\n\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: September 20, 2021\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-20T00:00:00", "type": "apple", "title": "About the security content of Xcode 13", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0742", "CVE-2016-0746", "CVE-2016-0747", "CVE-2017-7529", "CVE-2018-16843", "CVE-2018-16844", "CVE-2018-16845", "CVE-2019-20372"], "modified": "2021-09-20T00:00:00", "id": "APPLE:276BA6E296271A3B66AE834C380D43C1", "href": "https://support.apple.com/kb/HT212818", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}]}