CVE-2016-0742

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service invalid pointer dereference and worker process crash via a crafted UDP DNS response...

CVE-2016-0746

Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service worker process crash or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing...

CVE-2016-0747

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service worker process resource consumption via vectors related to arbitrary name resolution...

CVE-2016-0746

Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service worker process crash or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing...

CVE-2016-0742

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service invalid pointer dereference and worker process crash via a crafted UDP DNS response...

CVE-2016-0747

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service worker process resource consumption via vectors related to arbitrary name resolution...

Gratipay: proxy port 7000 and shell port 514 not filtered

port 7000 on assets.gratipay.com was found to be open to the public. The port seems to be working on a proxy module of nginx and i was able to connect to ot by configuring my browser to use it as a proxy. also port 514 is also found to be open and connection to it via rlogin succeeds although no...

Gratipay: The POODLE attack (SSLv3 supported) for https://grtp.co/

Websites that support SSLv3 and CBC-mode ciphers are potentially vulnerable to an active MITM Man-in-the-middle attack. This attack, called POODLE, is similar to the BEAST attack and also allows a network attacker to extract the plaintext of targeted parts of an SSL connection, usually cookie dat...

Gratipay: nginx SPDY heap buffer overflow for https://grtp.co/

A heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request. The problem affects nginx compiled with the ngxhttpspdymodule module which is not compiled by default and without...

Debian DSA-3473-1 : nginx - security update

Several vulnerabilities were discovered in the resolver in nginx, a small, powerful, scalable web/proxy server, leading to denial of service or, potentially, to arbitrary code execution. These only affect nginx if the 'resolver' directive is used in a configuration file. %NASLMINLEVEL 70300 C...

[SECURITY] [DSA 3473-1] nginx security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3473-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 11, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3473-1] nginx security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3473-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 11, 2016 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3473-1 (nginx - security update)

Several vulnerabilities were discovered in the resolver in nginx, a small, powerful, scalable web/proxy server, leading to denial of service or, potentially, to arbitrary code execution. These only affect nginx if the resolver directive is used in a configuration file. OpenVAS Vulnerability Test...

DSA-3473-1 nginx - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3473-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-2892-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : nginx vulnerabilities (USN-2892-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2892-1 advisory. It was discovered that nginx incorrectly handled certain DNS server responses when the resolver is enabled. A remote attacker could possibly use this iss...

USN-2892-1: nginx vulnerabilities

It was discovered that nginx incorrectly handled certain DNS server responses when the resolver is enabled. A remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service. CVE-2016-0742 It was discovered that nginx incorrectly handled CNAME response...

USN-2892-1 nginx vulnerabilities

It was discovered that nginx incorrectly handled certain DNS server responses when the resolver is enabled. A remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service. CVE-2016-0742 It was discovered that nginx incorrectly handled CNAME response...

openSUSE Security Update : nginx (openSUSE-2016-161)

This update to nginx 1.8.1 fixes the following issues : - CVE-2016-0742: Invalid pointer dereference during DNS server response processing boo963781 - CVE-2016-0746: Use-after-free condition during CNAME response processing boo963778 - CVE-2016-0747: Resource exhaustion through unlimited CNAME...