F5

Nginx

43 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2016-0747

  • EPSS 35.5%
  • Published 15.02.2016 19:59:02
  • Last modified 12.04.2025 10:46:40

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.

9.8

CVE-2016-0746

  • EPSS 11.58%
  • Published 15.02.2016 19:59:01
  • Last modified 12.04.2025 10:46:40

Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response relate...

7.5

CVE-2016-0742

  • EPSS 81.25%
  • Published 15.02.2016 19:59:00
  • Last modified 12.04.2025 10:46:40

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.

6.8

CVE-2014-3556

  • EPSS 48.17%
  • Published 29.12.2014 20:59:03
  • Last modified 12.04.2025 10:46:40

The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encr...

4.3

CVE-2014-3616

  • EPSS 2.28%
  • Published 08.12.2014 11:59:03
  • Last modified 12.04.2025 10:46:40

nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual...

7.5

CVE-2014-0088

  • EPSS 2.63%
  • Published 29.04.2014 14:38:49
  • Last modified 12.04.2025 10:46:40

The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request.

7.5

CVE-2014-0133

  • EPSS 20.91%
  • Published 28.03.2014 15:55:08
  • Last modified 12.04.2025 10:46:40

Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request.

7.5

CVE-2013-4547

  • EPSS 93.55%
  • Published 23.11.2013 18:55:04
  • Last modified 11.04.2025 00:51:21

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.

7.5

CVE-2013-0337

  • EPSS 0.55%
  • Published 27.10.2013 00:55:03
  • Last modified 11.04.2025 00:51:21

The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files.

5.8

CVE-2013-2070

  • EPSS 8.88%
  • Published 20.07.2013 03:37:25
  • Last modified 11.04.2025 00:51:21

http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker ...