F5

Nginx

42 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.3

CVE-2025-53859

  • EPSS 0.1%
  • Veröffentlicht 13.08.2025 14:46:55
  • Zuletzt bearbeitet 04.11.2025 22:16:27

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a requ...

5.3

CVE-2025-23419

  • EPSS 0.66%
  • Veröffentlicht 05.02.2025 18:15:33
  • Zuletzt bearbeitet 12.11.2025 14:50:08

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets ht...

7.5

CVE-2023-44487

Warnung Medienbericht Exploit
  • EPSS 94.42%
  • Veröffentlicht 10.10.2023 14:15:10
  • Zuletzt bearbeitet 07.11.2025 19:00:41

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

7.1

CVE-2022-41742

  • EPSS 0.08%
  • Veröffentlicht 19.10.2022 22:15:12
  • Zuletzt bearbeitet 21.11.2024 07:23:46

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local atta...

7.8

CVE-2022-41741

  • EPSS 0.97%
  • Veröffentlicht 19.10.2022 22:15:12
  • Zuletzt bearbeitet 21.11.2024 07:23:46

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local atta...

7.4

CVE-2021-3618

  • EPSS 0.49%
  • Veröffentlicht 23.03.2022 20:15:09
  • Zuletzt bearbeitet 21.11.2024 06:21:59

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traf...

9.8

CVE-2017-20005

Exploit
  • EPSS 3.25%
  • Veröffentlicht 06.06.2021 22:15:08
  • Zuletzt bearbeitet 05.12.2025 15:15:49

NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoinde...

7.7

CVE-2021-23017

  • EPSS 73.17%
  • Veröffentlicht 01.06.2021 13:15:07
  • Zuletzt bearbeitet 21.11.2024 05:51:09

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

5.3

CVE-2019-20372

Exploit
  • EPSS 67.67%
  • Veröffentlicht 09.01.2020 21:15:12
  • Zuletzt bearbeitet 21.11.2024 04:38:19

NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.

5.8

CVE-2011-4968

  • EPSS 0.39%
  • Veröffentlicht 19.11.2019 16:15:11
  • Zuletzt bearbeitet 21.11.2024 01:33:23

nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)