CVE-2014-0088
- EPSS 8.66%
- Veröffentlicht 29.04.2014 14:38:49
- Zuletzt bearbeitet 06.05.2026 22:30:45
The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request.
CVE-2014-0133
- EPSS 9.29%
- Veröffentlicht 28.03.2014 15:55:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request.
CVE-2013-4547
- EPSS 67.72%
- Veröffentlicht 23.11.2013 18:55:04
- Zuletzt bearbeitet 29.04.2026 01:13:23
nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.
CVE-2013-0337
- EPSS 1.91%
- Veröffentlicht 27.10.2013 00:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files.
CVE-2013-2070
- EPSS 11.93%
- Veröffentlicht 20.07.2013 03:37:25
- Zuletzt bearbeitet 29.04.2026 01:13:23
http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker ...
CVE-2013-2028
- EPSS 87.48%
- Veröffentlicht 20.07.2013 03:37:20
- Zuletzt bearbeitet 29.04.2026 01:13:23
The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which t...
- EPSS 5.96%
- Veröffentlicht 26.07.2012 19:55:00
- Zuletzt bearbeitet 16.06.2026 23:35:44
nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
CVE-2012-2089
- EPSS 9.63%
- Veröffentlicht 17.04.2012 21:55:01
- Zuletzt bearbeitet 16.06.2026 23:40:58
Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly exe...
- EPSS 10.42%
- Veröffentlicht 17.04.2012 21:55:01
- Zuletzt bearbeitet 16.06.2026 23:39:11
Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
CVE-2011-4315
- EPSS 6.07%
- Veröffentlicht 08.12.2011 20:55:01
- Zuletzt bearbeitet 16.06.2026 23:34:45
Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.