Lucene search
+L

5 matches found

CVE
CVE
added 2018/11/07 2:0 p.m.5272 views

CVE-2018-16843

CVE-2018-16843 affects nginx before 1.15.6 and 1.14.1, where HTTP/2 implementation vulnerabilities in ngx_http_v2_module (if http2 is enabled) can cause excessive memory usage. Connected advisories also reference related CVEs (16844/16845) and show multiple distributions (Debian, Fedora/Red Hat, ...

7.8CVSS7.3AI score0.47057EPSS
CVE
CVE
added 2020/01/09 8:5 p.m.4504 views

CVE-2019-20372

NGINX (on Amazon Linux 2) is affected by CVE-2019-20372 when configured with certain error_page settings, enabling HTTP request smuggling. The Amazon Linux 2 ALAS advisory ALAS2NGINX1-2023-004 confirms vulnerable 1.17.x/older configurations and provides patched packages: nginx 1.18.0 and related ...

5.3CVSS5.2AI score0.14961EPSS
CVE
CVE
added 2022/03/23 12:0 a.m.3649 views

CVE-2021-3618

ALPACA (CVE-2021-3618) is an application-layer protocol content confusion attack affecting multiple assets (e.g., nginx, vsftpd, sendmail) where TLS servers configured for different protocols with compatible certificates can allow a MITM attacker to redirect subdomain traffic to another, potentia...

7.4CVSS7.5AI score0.02037EPSS
CVE
CVE
added 2021/06/06 9:4 p.m.609 views

CVE-2017-20005

CVE-2017-20005 affects NGINX before 1.13.6. It is a buffer overflow in the autoindex module triggered by modification dates with years exceeding four digits (e.g., 1969 or far-future dates), caused by integer overflow. The CVSSv3.1 vector and score indicate CRITICAL severity. Remediation per sour...

9.8CVSS9.5AI score0.03285EPSS
CVE
CVE
added 2010/12/06 9:0 p.m.162 views

CVE-2010-4180

OpenSSL vulnerability CVE-2010-4180 affects OpenSSL versions before 0.9.8q and 1.0.x before 1.0.0c when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled. The flaw allows remote attackers to modify the ciphersuite in the session cache, enabling a downgrade to an unintended cipher by sniffing net...

4.3CVSS6.6AI score0.09497EPSS