Lucene search
K

99 matches found

OSV
OSV
added 2020/07/20 12:0 a.m.33 views

DLA-2283-1 nginx - security update

Bulletin has no description...

7.5CVSS7.3AI score0.02599EPSS
Exploits0
OSV
OSV
added 2020/05/27 9:52 a.m.13 views

MGASA-2020-0231 Updated nginx packages fix security vulnerability

Nginx was updated due to the following vulnerabilities: ngxhttpspecialresponse.c: With a certain errorpage configuration, HTTP request smuggling is possible. Thus, an attacker may be able to read unauthorized web pages at times when NGINX is being fronted by a load balancer. CVE-2019-20372...

5.3CVSS5.4AI score0.14961EPSS
Exploits3References3
OSV
OSV
added 2020/02/11 5:12 p.m.12 views

OPENSUSE-SU-2020:0204-1 Security update for nginx

This update for nginx fixes the following issues: - CVE-2019-20372: Fixed an HTTP request smuggling with certain errorpage configurations which could have allowed unauthorized web page reads bsc1160682. This update was imported from the SUSE:SLE-15-SP1:Update update project...

5.3CVSS5.6AI score0.14961EPSS
Exploits3References3
OSV
OSV
added 2020/02/06 12:23 p.m.10 views

SUSE-SU-2020:0348-1 Security update for nginx

This update for nginx fixes the following issues: - CVE-2019-20372: Fixed an HTTP request smuggling with certain errorpage configurations which could have allowed unauthorized web page reads bsc1160682...

5.3CVSS5.6AI score0.14961EPSS
Exploits3References3
OSV
OSV
added 2019/10/04 11:53 a.m.5 views

SUSE-SU-2019:2559-1 Security update for nginx

This update for nginx fixes the following issues: Security issues fixed: - CVE-2019-9511: Fixed a denial of service by manipulating the window size and stream prioritization bsc1145579. - CVE-2019-9513: Fixed a denial of service caused by resource loops bsc1145580. - CVE-2019-9516: Fixed a denial...

7.8CVSS6.7AI score0.82017EPSS
Exploits0References7
OSV
OSV
added 2019/09/10 6:18 p.m.12 views

OPENSUSE-SU-2019:2120-1 Security update for nginx

This update for nginx fixes the following issues: Security issues fixed: - CVE-2019-9511: Fixed a denial of service by manipulating the window size and stream prioritization bsc1145579. - CVE-2019-9513: Fixed a denial of service caused by resource loops bsc1145580. - CVE-2019-9516: Fixed a denial...

8.2CVSS6.9AI score0.82017EPSS
Exploits1References13
OSV
OSV
added 2019/08/22 12:0 a.m.44 views

DSA-4505-1 nginx - security update

Bulletin has no description...

7.8CVSS7.2AI score0.82017EPSS
Exploits0
Cvelist
Cvelist
added 2019/06/29 11:29 p.m.30 views

CVE-2019-13067

njs through 0.3.3, used in NGINX, has a buffer over-read in nxtutf8decode in nxt/nxtutf8.c. This issue occurs after the fix for CVE-2019-12207 is in place...

9.6AI score0.01597EPSS
Exploits1References1
OSV
OSV
added 2019/02/12 12:58 p.m.15 views

SUSE-SU-2019:0334-1 Security update for nginx

This update for nginx to version 1.14.2 fixes the following issues: Security vulnerabilities addressed: - CVE-2018-16843 CVE-2018-16844: Fixed an issue whereby a client using HTTP/2 might cause excessive memory consumption and CPU usage bsc1115025 bsc1115022. - CVE-2018-16845: Fixed an issue whic...

8.2CVSS7AI score0.47057EPSS
Exploits1References7
OSV
OSV
added 2018/11/17 10:23 p.m.12 views

MGASA-2018-0459 Updated nginx package fixes security vulnerabilities

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption CVE-2018-16843. nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage...

8.2CVSS6.6AI score0.47057EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.44 views

Nginx < 1.5.7 ngx_parse_http Security Bypass

According to the self-reported version in the Server response header, the installed version of nginx is greater than 0.8.41 but prior to 1.4.4 / 1.5.7. It is, therefore, affected by a security bypass vulnerability in 'ngxhttpparse.c' when a file with a space at the end of the URI is requested. No...

7.5CVSS7.3AI score0.67718EPSS
Exploits15References4
OSV
OSV
added 2018/03/26 10:15 a.m.21 views

OPENSUSE-SU-2018:0813-1 Security update for nginx

This update for nginx to version 1.13.9 fixes the following issues: - CVE-2017-7529: nginx: Integer overflow in nginx range filter module allowed memory disclosure bsc1048265 This update also contains all updates and improvements in 1.13.9 upstream release...

7.5CVSS7.5AI score0.62597EPSS
Exploits6References4
OSV
OSV
added 2017/09/07 2:38 p.m.20 views

SUSE-SU-2017:2387-1 Security update for nginx-1.0

This update for NGINX fixes the following issues: Security issue fixed: - CVE-2017-7529: Integer overflow in nginx range filter module leading to memory disclosure. bsc1048265...

7.5CVSS7.5AI score0.62597EPSS
Exploits6References3
OSV
OSV
added 2017/07/30 3:58 p.m.21 views

MGASA-2017-0231 Updated nginx packages fix security vulnerability

A security issue was identified in nginx range filter. A specially crafted request might result in an integer overflow and incorrect processing of ranges, potentially resulting in sensitive information leak CVE-2017-7529...

7.5CVSS7.6AI score0.62597EPSS
Exploits6References3
Tenable Nessus
Tenable Nessus
added 2017/07/13 12:0 a.m.67 views

Debian DSA-3908-1 : nginx - security update

An integer overflow has been found in the HTTP range module of Nginx, a high-performance web and reverse proxy server, which may result in information disclosure. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...

7.5CVSS6.5AI score0.62597EPSS
Exploits6References4
OSV
OSV
added 2017/01/17 5:4 p.m.21 views

SUSE-SU-2017:0190-1 Security update for nginx-1.0

This update for nginx-1.0 fixes the following issues: This security issues fixed: - CVE-2016-4450: NULL pointer dereference while writing client request body bsc982505. - CVE-2016-1000105: Setting HTTPPROXY environment variable via Proxy header httpoxy bnc988491...

7.5CVSS7.8AI score0.16376EPSS
Exploits0References5
OSV
OSV
added 2014/03/19 5:57 p.m.3 views

MGASA-2014-0136 Updated nginx package fixes security vulnerability

A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution CVE-2014-0133...

7.5CVSS7.5AI score0.09293EPSS
Exploits1References4
OSV
OSV
added 2013/06/06 12:24 p.m.11 views

MGASA-2013-0160 Updated nginx package fixes security vulnerability

A security problem related to CVE-2013-2028 was identified, affecting some previous nginx versions if proxypass to untrusted upstream HTTP servers is used. The problem may lead to a denial of service or a disclosure of a worker process memory on a specially crafted response from an upstream proxi...

5.8CVSS6.3AI score0.11925EPSS
Exploits3References4
NVD
NVD
added 2012/04/17 9:55 p.m.18 views

CVE-2012-2089

Buffer overflow in ngxhttpmp4module.c in the ngxhttpmp4module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service memory overwrite or possibly execute arbitrary code via a crafted MP4 file...

6.8CVSS7.8AI score0.09629EPSS
Exploits1References8
Rows per page
Query Builder