99 matches found
DLA-2283-1 nginx - security update
Bulletin has no description...
MGASA-2020-0231 Updated nginx packages fix security vulnerability
Nginx was updated due to the following vulnerabilities: ngxhttpspecialresponse.c: With a certain errorpage configuration, HTTP request smuggling is possible. Thus, an attacker may be able to read unauthorized web pages at times when NGINX is being fronted by a load balancer. CVE-2019-20372...
OPENSUSE-SU-2020:0204-1 Security update for nginx
This update for nginx fixes the following issues: - CVE-2019-20372: Fixed an HTTP request smuggling with certain errorpage configurations which could have allowed unauthorized web page reads bsc1160682. This update was imported from the SUSE:SLE-15-SP1:Update update project...
SUSE-SU-2020:0348-1 Security update for nginx
This update for nginx fixes the following issues: - CVE-2019-20372: Fixed an HTTP request smuggling with certain errorpage configurations which could have allowed unauthorized web page reads bsc1160682...
SUSE-SU-2019:2559-1 Security update for nginx
This update for nginx fixes the following issues: Security issues fixed: - CVE-2019-9511: Fixed a denial of service by manipulating the window size and stream prioritization bsc1145579. - CVE-2019-9513: Fixed a denial of service caused by resource loops bsc1145580. - CVE-2019-9516: Fixed a denial...
OPENSUSE-SU-2019:2120-1 Security update for nginx
This update for nginx fixes the following issues: Security issues fixed: - CVE-2019-9511: Fixed a denial of service by manipulating the window size and stream prioritization bsc1145579. - CVE-2019-9513: Fixed a denial of service caused by resource loops bsc1145580. - CVE-2019-9516: Fixed a denial...
DSA-4505-1 nginx - security update
Bulletin has no description...
CVE-2019-13067
njs through 0.3.3, used in NGINX, has a buffer over-read in nxtutf8decode in nxt/nxtutf8.c. This issue occurs after the fix for CVE-2019-12207 is in place...
SUSE-SU-2019:0334-1 Security update for nginx
This update for nginx to version 1.14.2 fixes the following issues: Security vulnerabilities addressed: - CVE-2018-16843 CVE-2018-16844: Fixed an issue whereby a client using HTTP/2 might cause excessive memory consumption and CPU usage bsc1115025 bsc1115022. - CVE-2018-16845: Fixed an issue whic...
MGASA-2018-0459 Updated nginx package fixes security vulnerabilities
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption CVE-2018-16843. nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage...
Nginx < 1.5.7 ngx_parse_http Security Bypass
According to the self-reported version in the Server response header, the installed version of nginx is greater than 0.8.41 but prior to 1.4.4 / 1.5.7. It is, therefore, affected by a security bypass vulnerability in 'ngxhttpparse.c' when a file with a space at the end of the URI is requested. No...
OPENSUSE-SU-2018:0813-1 Security update for nginx
This update for nginx to version 1.13.9 fixes the following issues: - CVE-2017-7529: nginx: Integer overflow in nginx range filter module allowed memory disclosure bsc1048265 This update also contains all updates and improvements in 1.13.9 upstream release...
SUSE-SU-2017:2387-1 Security update for nginx-1.0
This update for NGINX fixes the following issues: Security issue fixed: - CVE-2017-7529: Integer overflow in nginx range filter module leading to memory disclosure. bsc1048265...
MGASA-2017-0231 Updated nginx packages fix security vulnerability
A security issue was identified in nginx range filter. A specially crafted request might result in an integer overflow and incorrect processing of ranges, potentially resulting in sensitive information leak CVE-2017-7529...
Debian DSA-3908-1 : nginx - security update
An integer overflow has been found in the HTTP range module of Nginx, a high-performance web and reverse proxy server, which may result in information disclosure. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...
SUSE-SU-2017:0190-1 Security update for nginx-1.0
This update for nginx-1.0 fixes the following issues: This security issues fixed: - CVE-2016-4450: NULL pointer dereference while writing client request body bsc982505. - CVE-2016-1000105: Setting HTTPPROXY environment variable via Proxy header httpoxy bnc988491...
MGASA-2014-0136 Updated nginx package fixes security vulnerability
A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution CVE-2014-0133...
MGASA-2013-0160 Updated nginx package fixes security vulnerability
A security problem related to CVE-2013-2028 was identified, affecting some previous nginx versions if proxypass to untrusted upstream HTTP servers is used. The problem may lead to a denial of service or a disclosure of a worker process memory on a specially crafted response from an upstream proxi...
CVE-2012-2089
Buffer overflow in ngxhttpmp4module.c in the ngxhttpmp4module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service memory overwrite or possibly execute arbitrary code via a crafted MP4 file...