VuXML ID | Description |
0882f019-bd60-11eb-9bdd-8c164567ca3c | NGINX -- 1-byte memory overwrite in resolver
NGINX team reports:
1-byte memory overwrite might occur during DNS server response
processing if the "resolver" directive was used, allowing an
attacker who is able to forge UDP packets from the DNS server
to cause worker process crash or, potentially, arbitrary code
execution.
Discovery 2021-05-25 Entry 2021-05-25 nginx
< 1.20.1,2
nginx-devel
< 1.21.0
CVE-2021-23017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017
|
c1202de8-4b29-11ea-9673-4c72b94353b5 | NGINX -- HTTP request smuggling
NGINX Team reports:
NGINX before 1.17.7, with certain error_page configurations, allows HTTP
request smuggling, as demonstrated by the ability of an attacker to read
unauthorized web pages in environments where NGINX is being fronted by a
load balancer.
Discovery 2019-12-10 Entry 2020-02-09 nginx
< 1.16.1_11,2
nginx-devel
< 1.17.7
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20372
CVE-2019-20372
|
87679fcb-be60-11e9-9051-4c72b94353b5 | NGINX -- Multiple vulnerabilities
NGINX Team reports:
Several security issues were identified in nginx HTTP/2
implementation which might cause excessive memory consumption
and CPU usage (CVE-2019-9511, CVE-2019-9513, CVE-2019-9516).
The issues affect nginx compiled with the ngx_http_v2_module (not
compiled by default) if the http2 option of the listen directive
is used in a configuration file.
Discovery 2019-08-13 Entry 2019-08-14 Modified 2019-08-14 nginx
< 1.16.1,2
nginx-devel
< 1.17.3
http://nginx.org/en/security_advisories.html
CVE-2019-9511
CVE-2019-9513
CVE-2019-9516
|
676d4f16-4fb3-11ed-a374-8c164567ca3c | nginx -- Two vulnerabilities
NGINX Development Team reports:
Two security issues were identified in the ngx_http_mp4_module,
which might allow an attacker to cause a worker process crash
or worker process memory disclosure by using a specially crafted
mp4 file, or might have potential other impact (CVE-2022-41741,
CVE-2022-41742).
Discovery 2022-10-19 Entry 2022-10-19 nginx
ge 1.0.7 lt 1.22.1
nginx-devel
ge 1.1.3 lt 1.23.2
CVE-2022-41741
CVE-2022-41742
https://mailman.nginx.org/archives/list/nginx@nginx.org/thread/F7TMIHDNNU3M52GYS23UWDWW2R2BLVVH/
|
84ca56be-e1de-11e8-bcfd-00e04c1ea73d | NGINX -- Multiple vulnerabilities
NGINX Team reports:
Two security issues were identified in nginx HTTP/2 implementation,
which might cause excessive memory consumption (CVE-2018-16843)
and CPU usage (CVE-2018-16844).
The issues affect nginx compiled with the ngx_http_v2_module (not
compiled by default) if the "http2" option of the "listen" directive is
used in a configuration file.
A security issue was identified in the ngx_http_mp4_module, which might
allow an attacker to cause infinite loop in a worker process, cause a
worker process crash, or might result in worker process memory
isclosure by using a specially crafted mp4 file (CVE-2018-16845).
The issue only affects nginx if it is built with the ngx_http_mp4_module
(the module is not built by default) and the "mp4" directive is used in
the configuration file. Further, the attack is only possible if an
attacker is able to trigger processing of a specially crafted mp4 file
with the ngx_http_mp4_module.
Discovery 2018-11-06 Entry 2018-11-06 nginx
< 1.14.1
nginx-devel
< 1.15.6
http://nginx.org/en/security_advisories.html
CVE-2018-16843
CVE-2018-16844
CVE-2018-16845
|