CVE-2018-16844
- EPSS 12.4%
- Veröffentlicht 07.11.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:53:25
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the '...
CVE-2018-16843
- EPSS 47.06%
- Veröffentlicht 07.11.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:53:25
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option...
CVE-2017-7529
- EPSS 62.6%
- Veröffentlicht 13.07.2017 13:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
CVE-2016-1247
- EPSS 4.86%
- Veröffentlicht 29.11.2016 17:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1....
CVE-2016-4450
- EPSS 16.38%
- Veröffentlicht 07.06.2016 14:06:14
- Zuletzt bearbeitet 06.05.2026 22:30:45
os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary...
CVE-2016-0747
- EPSS 8.43%
- Veröffentlicht 15.02.2016 19:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.
CVE-2016-0746
- EPSS 8.63%
- Veröffentlicht 15.02.2016 19:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response relate...
CVE-2016-0742
- EPSS 81.96%
- Veröffentlicht 15.02.2016 19:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.
CVE-2014-3556
- EPSS 7.83%
- Veröffentlicht 29.12.2014 20:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encr...
CVE-2014-3616
- EPSS 5.65%
- Veröffentlicht 08.12.2014 11:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual...