ALSA-2019:2799 Important: nginx:1.14 security update

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 Post Office Protocol 3 and IMAP protocols, with a focus on high concurrency, performance and low memory usage. Security Fixes: HTTP/2: large amount of data request leads to denial of service CVE-2019-9511 HTTP/2: flood using...

RLSA-2019:2799 Important: nginx:1.14 security update

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 Post Office Protocol 3 and IMAP protocols, with a focus on high concurrency, performance and low memory usage. Security Fixes: HTTP/2: large amount of data request leads to denial of service CVE-2019-9511 HTTP/2: flood using...

nginx:1.14 security update

An update is available for nginx. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 Post Offi...

Important: nginx:1.14 security update

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 Post Office Protocol 3 and IMAP protocols, with a focus on high concurrency, performance and low memory usage. Security Fixes: HTTP/2: large amount of data request leads to denial of service CVE-2019-9511 HTTP/2: flood using...

Important: Red Hat Security Advisory: rh-nginx112-nginx security update

An update for rh-nginx112-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: rh-nginx110-nginx security update

An update for rh-nginx110-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Denial Of Service (DoS)

nginx HTTP/2 is vulnerable to denial of service DoS. It does not prevent an attacker from sending a stream of headers with a 0-length header name and 0-length header value, leading to an intensive memory consumption...

Denial Of Service (DoS)

nginx HTTP/2 is vulnerable to denial of service DoS. It does not prevent the attacker from creating multiple request streams and flooding using PRIORITY frames continuously in a way that causes substantial churn to the priority tree, causing an excessive resource consumption...

Denial Of Service (DoS)

nginx HTTP/2 is vulnerable to denial of service DoS. The attack is possible because it cannot control an attacker from sending a large amount of data request by manipulating window size and stream priority to force server to queue the data in 1-byte chunks, exhausting CPU and/or memory...

openSUSE Security Update : nginx (openSUSE-2019-2120) (0-Length Headers Leak) (Data Dribble) (Resource Loop)

This update for nginx fixes the following issues : Security issues fixed : - CVE-2019-9511: Fixed a denial of service by manipulating the window size and stream prioritization bsc1145579. - CVE-2019-9513: Fixed a denial of service caused by resource loops bsc1145580. - CVE-2019-9516: Fixed a deni...

OPENSUSE-SU-2019:2120-1 Security update for nginx

This update for nginx fixes the following issues: Security issues fixed: - CVE-2019-9511: Fixed a denial of service by manipulating the window size and stream prioritization bsc1145579. - CVE-2019-9513: Fixed a denial of service caused by resource loops bsc1145580. - CVE-2019-9516: Fixed a denial...

Security update for nginx (important)

openSUSE Security Update: Security update for nginx Announcement ID: openSUSE-SU-2019:2120-1 Rating: important References: 1115015 1115022 1115025 1145579 1145580 1145582 Cross-References: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 Affected Products:...

SUSE SLES15 Security Update : nginx (SUSE-SU-2019:2309-1) (0-Length Headers Leak) (Data Dribble) (Resource Loop)

This update for nginx fixes the following issues : Security issues fixed : CVE-2019-9511: Fixed a denial of service by manipulating the window size and stream prioritization bsc1145579. CVE-2019-9513: Fixed a denial of service caused by resource loops bsc1145580. CVE-2019-9516: Fixed a denial of...

SUSE-SU-2019:2309-1 Security update for nginx

This update for nginx fixes the following issues: Security issues fixed: - CVE-2019-9511: Fixed a denial of service by manipulating the window size and stream prioritization bsc1145579. - CVE-2019-9513: Fixed a denial of service caused by resource loops bsc1145580. - CVE-2019-9516: Fixed a denial...

Fedora Update for nginx FEDORA-2019-7a0b45fdc4

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 29 Update: nginx-1.16.1-1.fc29

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

Fedora 29 : 1:nginx (2019-7a0b45fdc4) (0-Length Headers Leak) (Data Dribble) (Resource Loop)

Security fix for CVE-2019-9511, CVE-2019-9513, CVE-2019-9516 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing addition...

Roundcube Webmail <= 1.3.4 Insecure Permissions Vulnerability

Roundcube Webmail is prone to an insecure permissions vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

The vulnerability of the HTTP/2 network protocol implementation in Windows operating systems, Nginx servers, and Node.js software platforms allows a attacker to cause a service failure.

The vulnerability of the HTTP/2 network protocol implementation in Windows operating systems, Nginx servers, and Node.js software platforms is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

jc21 Nginx Proxy Manager Path Traversal Vulnerability

jc21 Nginx Proxy Manager is a graphical user interface for managing Nginx servers. A path traversal vulnerability exists in versions of jc21 Nginx Proxy Manager prior to 2.0.13, which can be exploited by an attacker to access locations outside of a restricted directory...