F5

Nginx

43 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.3

CVE-2025-53859

  • EPSS 0.11%
  • Published 13.08.2025 14:46:55
  • Last modified 13.08.2025 17:33:46

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a requ...

5.3

CVE-2025-1695

  • EPSS 0.06%
  • Published 04.03.2025 01:15:10
  • Last modified 10.04.2025 18:55:19

In NGINX Unit before version 1.34.2 with the Java Language Module in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. This vulnerability allows a remote attacker to cause a degradation that ca...

5.3

CVE-2025-23419

  • EPSS 0.37%
  • Published 05.02.2025 18:15:33
  • Last modified 05.02.2025 20:15:45

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets ht...

7.5

CVE-2023-44487

Warning Media report Exploit
  • EPSS 94.44%
  • Published 10.10.2023 14:15:10
  • Last modified 11.06.2025 17:29:54

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

7.1

CVE-2022-41742

  • EPSS 0.07%
  • Published 19.10.2022 22:15:12
  • Last modified 21.11.2024 07:23:46

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local atta...

7.8

CVE-2022-41741

  • EPSS 0.83%
  • Published 19.10.2022 22:15:12
  • Last modified 21.11.2024 07:23:46

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local atta...

7.4

CVE-2021-3618

  • EPSS 0.49%
  • Published 23.03.2022 20:15:09
  • Last modified 21.11.2024 06:21:59

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traf...

9.8

CVE-2017-20005

Exploit
  • EPSS 3.23%
  • Published 06.06.2021 22:15:08
  • Last modified 21.11.2024 03:22:25

NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoinde...

7.7

CVE-2021-23017

  • EPSS 76.12%
  • Published 01.06.2021 13:15:07
  • Last modified 21.11.2024 05:51:09

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

5.3

CVE-2019-20372

Exploit
  • EPSS 67.67%
  • Published 09.01.2020 21:15:12
  • Last modified 21.11.2024 04:38:19

NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.