Search for packages
| purl | pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3?distro=trixie |
| Next non-vulnerable version | 1.18.0-6.1+deb11u4 |
| Latest non-vulnerable version | 1.28.3-2 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2cu7-pyw5-t3dm
Aliases: CVE-2026-28753 |
Injection in auth_http and XCLIENT |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-3czf-dtzg-8kdm
Aliases: CVE-2026-27651 |
NULL pointer dereference while using CRAM-MD5 or APOP |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-5781-s1ny-q7ey
Aliases: CVE-2023-44487 GHSA-2m7v-gc89-fjqf GHSA-qppj-fm5r-hxr3 GHSA-vx74-f528-fxqg GHSA-xpw8-rcwv-8f8p GMS-2023-3377 VSV00013 |
Affected by 0 other vulnerabilities. Affected by 6 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
|
VCID-d1c6-dt2p-9kaa
Aliases: CVE-2026-1642 |
SSL upstream injection |
Affected by 7 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 6 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-fmvd-vyt7-mkfk
Aliases: CVE-2026-27654 |
Buffer overflow in ngx_http_dav_module |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-hemy-pnpj-sfg3
Aliases: CVE-2025-53859 |
Buffer overread in the ngx_mail_smtp_module |
Affected by 7 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 6 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-kpjx-rrjs-subs
Aliases: CVE-2026-28755 |
OCSP result bypass in stream |
Affected by 0 other vulnerabilities. |
|
VCID-sxf9-qr1j-u3et
Aliases: CVE-2026-27784 |
Buffer overflow in the ngx_http_mp4_module |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-z3xb-4krg-rbae
Aliases: CVE-2026-32647 |
Buffer overflow in the ngx_http_mp4_module |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-22cq-z7km-cfdc | SSL session reuse vulnerability |
CVE-2025-23419
|
| VCID-36pf-ddpb-3khs | security update |
CVE-2020-11724
|
| VCID-3ysf-pvuu-47bs | nginx: HTTP request smuggling in configurations with URL redirect used as error_page |
CVE-2019-20372
|
| VCID-49q7-zqwm-hqgx | Vulnerabilities with Windows directory aliases |
CVE-2011-4963
|
| VCID-4mqa-bkha-kbaj | security update |
CVE-2012-4929
|
| VCID-64n7-ygvq-cfds | Excessive memory usage in HTTP/2 |
CVE-2018-16843
|
| VCID-8mzu-swrb-sqd8 | Buffer overwrite in HTTP/3 |
CVE-2024-32760
|
| VCID-9hzg-r1fj-pubf | Excessive CPU usage in HTTP/2 with priority changes |
CVE-2019-9513
|
| VCID-9kx7-1dn9-dbdt | Stack-based buffer overflow with specially crafted request |
CVE-2013-2028
|
| VCID-asr7-uwpu-a7a5 | STARTTLS command injection |
CVE-2014-3556
|
| VCID-bana-j1wy-cfdy | Excessive CPU usage in HTTP/2 |
CVE-2018-16844
|
| VCID-c4ta-jqmg-wfgf | lua-nginx-module: HTTP request smuggling via a crafted HEAD request |
CVE-2024-33452
|
| VCID-c9ym-ckeq-63dq | Memory corruption in the ngx_http_mp4_module |
CVE-2022-41741
|
| VCID-cbn4-utmp-n7ba | 1-byte memory overwrite in resolver |
CVE-2021-23017
|
| VCID-cjx4-a19z-xufq | Integer overflow in the range filter |
CVE-2017-7529
|
| VCID-dmv4-ydq9-a7eq | Excessive CPU usage in HTTP/2 with small window updates |
CVE-2019-9511
|
| VCID-e49f-y1ky-5yb4 | Insufficient limits of CNAME resolution in resolver |
CVE-2016-0747
|
| VCID-eb23-pd25-yqg3 | Buffer overread in the ngx_http_mp4_module |
CVE-2024-7347
|
| VCID-fgaf-wqmd-gqf3 | nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM) |
CVE-2011-4968
|
| VCID-g39b-k8vv-kyaq | Null pointer dereference vulnerability |
CVE-2009-3896
|
| VCID-jau7-gfz8-dkfa | The renegotiation vulnerability in SSL protocol |
CVE-2009-3555
GHSA-f7w7-6pjc-wwm6 VU#120541 |
| VCID-jtgk-h6v6-2fgs | Use-after-free during CNAME response processing in resolver |
CVE-2016-0746
|
| VCID-k9vm-jbxf-dbf8 | Stack overflow and use-after-free in HTTP/3 |
CVE-2024-31079
|
| VCID-kcsp-h1s5-wbea | Excessive memory usage in HTTP/2 with zero length headers |
CVE-2019-9516
|
| VCID-ktxc-d5t4-bkhg | Buffer overflow in resolver |
CVE-2011-4315
|
| VCID-m1y8-m8z6-kyg9 | SPDY heap buffer overflow |
CVE-2014-0133
|
| VCID-m393-anc8-dfgf | Buffer overflow in the ngx_http_mp4_module |
CVE-2012-2089
|
| VCID-mhdp-u59y-2kgw | Buffer underflow vulnerability |
CVE-2009-2629
VU#180065 |
| VCID-n3pn-h7s7-nfd4 | Use-after-free in HTTP/3 |
CVE-2024-24990
|
| VCID-nckn-qkc8-t7ge | Memory disclosure in the ngx_http_mp4_module |
CVE-2018-16845
|
| VCID-p1nx-cfx1-jqh3 | SPDY memory corruption |
CVE-2014-0088
|
| VCID-p933-hxvk-37bk | Gentoo's NGINX ebuilds are vulnerable to privilege escalation due to the way log files are handled. |
CVE-2016-1247
|
| VCID-pchd-6b6f-myds | Memory disclosure in HTTP/3 |
CVE-2024-34161
|
| VCID-pmrf-dxst-p7a7 | Request line parsing vulnerability |
CVE-2013-4547
|
| VCID-pq29-p7wp-bqe3 | NULL pointer dereference in HTTP/3 |
CVE-2024-35200
|
| VCID-qpfs-f882-gqd3 | Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors. |
CVE-2012-3380
|
| VCID-qzcz-zvv6-dyda | Invalid pointer dereference in resolver |
CVE-2016-0742
|
| VCID-r6yw-nrv5-aycy | Vulnerabilities with Windows file default stream |
CVE-2010-2263
|
| VCID-rsr7-p977-tycc | NULL pointer dereference while writing client request body |
CVE-2016-4450
|
| VCID-saph-cq2z-ubga | NULL pointer dereference in HTTP/3 |
CVE-2024-24989
|
| VCID-su8w-6wa4-u3gp | Vulnerabilities with invalid UTF-8 sequence on Windows |
CVE-2010-2266
|
| VCID-t6gs-g1cq-hqem | Directory traversal vulnerability |
CVE-2009-3898
|
| VCID-u25m-v3f6-23dk | Memory disclosure with specially crafted HTTP backend responses |
CVE-2013-2070
|
| VCID-u8aq-2qhu-gff5 | ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication |
CVE-2021-3618
|
| VCID-w6nj-1hnj-kbf6 | When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
CVE-2024-39792
|
| VCID-wc3j-5xmu-kyex | Memory disclosure in the ngx_http_mp4_module |
CVE-2022-41742
|
| VCID-wsxq-wqqr-n3ey | Memory disclosure with specially crafted backend responses |
CVE-2012-1180
|
| VCID-x8ck-rceh-ukdw | SSL session reuse vulnerability |
CVE-2014-3616
|
| VCID-y3tg-7fge-1yfy | ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header. |
CVE-2020-36309
|
| VCID-yu2j-f4q9-bbcx | nginx: buffer overflow in ngx_gmtime() triggered by 5 digit years |
CVE-2017-20005
|