Search for packages
| purl | pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u6?distro=trixie |
| Next non-vulnerable version | 1.22.1-9+deb12u7 |
| Latest non-vulnerable version | 1.30.1-3 |
| Risk |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-422n-2b44-mbh2
Aliases: CVE-2026-42946 |
nginx: ngx_http_scgi_module: ngx_http_uwsgi_module: information disclosure and denial of service |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-kvpj-4273-4khg
Aliases: CVE-2023-44487 GHSA-qppj-fm5r-hxr3 VSV00013 |
HTTP/2 Stream Cancellation Attack ## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors. |
Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-xsdq-5m4c-mqcs
Aliases: CVE-2026-9256 |
nginx: ngx_http_rewrite_module: code execution and denial of service |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1qja-a3mm-4fd2 | Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file. |
CVE-2012-2089
|
| VCID-2rxm-wpjd-dycf | HTTP/2: flood using PRIORITY frames results in excessive resource consumption |
CVE-2019-9513
|
| VCID-3912-phtr-jkhc | nginx: Memory corruption in the ngx_http_mp4_module |
CVE-2022-41741
|
| VCID-3b34-tqxp-h7h5 | nginx: NGINX ngx_mail_smtp_module vulnerability |
CVE-2025-53859
|
| VCID-4c4d-khz9-uuar | nginx: possible arbitrary code execution via SPDY implementation in 1.5.10 |
CVE-2014-0088
|
| VCID-4ya2-ngub-jyhz | nginx: undisclosed HTTP/3 requests can cause NGINX worker processes to terminate |
CVE-2024-35200
|
| VCID-5f4n-9p67-j3h2 | Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. |
CVE-2011-4315
|
| VCID-5kgu-8trw-zufv | nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections |
CVE-2026-1642
|
| VCID-6dd2-h79e-hufk | ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header. |
CVE-2020-36309
|
| VCID-6fh8-bb7y-fyar |
CVE-2018-16843
|
|
| VCID-6h5f-vdnv-tyee | nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM) |
CVE-2011-4968
|
| VCID-6qb2-p5tc-hfg3 | nginx: use-after-free during CNAME response processing in resolver |
CVE-2016-0746
|
| VCID-7g3p-v1am-nqfd | nginx: undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory |
CVE-2024-34161
|
| VCID-7rb6-bdgt-z3aj |
CVE-2017-7529
|
|
| VCID-8h8y-hxmb-qqby | Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method. |
CVE-2009-3898
|
| VCID-8znq-g5bj-kqem | nginx: undisclosed HTTP/3 requests can cause NGINX worker processes to terminate |
CVE-2024-31079
|
| VCID-ah6q-srk2-rbdp | nginx: Memory disclosure in the ngx_http_mp4_module |
CVE-2022-41742
|
| VCID-amjj-a28c-cyep | restriction bypass |
CVE-2013-4547
|
| VCID-b3hy-gnzn-f3af | nginx: NGINX: Authorization bypass via IP spoofing in HTTP/3 QUIC module |
CVE-2026-40460
|
| VCID-b7te-3dd4-8qfp | nginx: buffer overflow in ngx_gmtime() triggered by 5 digit years |
CVE-2017-20005
|
| VCID-bbhz-4dn6-a7e9 |
CVE-2013-2028
|
|
| VCID-bhch-r7x4-m3ff | nginx: NULL pointer dereference in HTTP/3 |
CVE-2024-24989
|
| VCID-cm9w-3e85-byaz | nginx: heap-based buffer overflow in SPDY implementation |
CVE-2014-0133
|
| VCID-crp5-6dhb-2uh7 | nginx: invalid pointer dereference in resolver |
CVE-2016-0742
|
| VCID-cxs8-z482-ufht | nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files |
CVE-2026-32647
|
| VCID-cz65-u8z7-mbc3 | nginx: HTTP request smuggling in configurations with URL redirect used as error_page |
CVE-2019-20372
|
| VCID-d2dq-z15z-rkha | lua-nginx-module: HTTP request smuggling via a crafted HEAD request |
CVE-2024-33452
|
| VCID-dfzv-bqb6-xkgp | nginx: ngx_http_charset_module: information disclosure and denial of service |
CVE-2026-42934
|
| VCID-dvnw-kcqg-mbda | Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. |
CVE-2012-1180
|
| VCID-eavm-twzr-ayee | nginx: Use-after-free in HTTP/3 |
CVE-2024-24990
|
| VCID-ey81-19f3-8udc | ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication |
CVE-2021-3618
|
| VCID-f58h-gnzp-ryft | nginx: undisclosed HTTP/3 encoder instructions terminate or cause or other potential impact |
CVE-2024-32760
|
| VCID-f9vr-hcz9-j7fk | nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name |
CVE-2021-23017
|
| VCID-fgkh-yy5u-8ydf | security update |
CVE-2020-11724
|
| VCID-fpta-dc5f-pkct | NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file |
CVE-2026-27784
|
| VCID-g8ws-pmea-9kbb |
CVE-2019-9511
|
|
| VCID-gjvm-84ff-3qad | NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module |
CVE-2026-27654
|
| VCID-gvf4-xvne-yffy | nginx security update |
CVE-2013-2070
|
| VCID-hedb-u8uf-yqdf | When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
CVE-2024-39792
|
| VCID-j24e-t6u4-pbdw | nginx: virtual host confusion |
CVE-2014-3616
|
| VCID-kn1z-74dk-zyed | NGINX: NGINX Plus: NGINX Open Source: NGINX Plus and NGINX Open Source: Request manipulation via header injection in SMTP upstream requests |
CVE-2026-28753
|
| VCID-mu8n-m2es-t3be |
CVE-2019-9516
|
|
| VCID-n7wg-h8ux-kbem | nginx: SMTP STARTTLS plaintext injection flaw |
CVE-2014-3556
|
| VCID-pz92-zcud-5fh2 | nginx: TLS Session Resumption Vulnerability |
CVE-2025-23419
|
| VCID-rqp9-y9tu-qbgg |
CVE-2026-42926
|
|
| VCID-ryfc-z6ww-nqfj | nginx: specially crafted MP4 file may cause denial of service |
CVE-2024-7347
|
| VCID-ttbr-yfea-47c5 | NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled |
CVE-2026-27651
|
| VCID-tx6d-uxzp-cuc4 | nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence. |
CVE-2010-2266
|
| VCID-unqm-tj1s-jugg | nginx: NULL pointer dereference while writing client request body |
CVE-2016-4450
|
| VCID-upvd-f1ab-6ycc | nginx: Local privilege escalation via log files |
CVE-2016-1247
|
| VCID-uy9d-zu9s-6yh3 | nginx: NGINX: Arbitrary Code Execution Vulnerability |
CVE-2026-42945
|
| VCID-vtdw-fz3q-rfff | Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors. |
CVE-2012-3380
|
| VCID-vyg1-32ch-qkhu | nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request. |
CVE-2011-4963
|
| VCID-w5q8-zw8t-t3he | nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI. |
CVE-2010-2263
|
| VCID-wc2b-cb7d-ekbq | nginx: ngx_http_ssl_module: data corruption and denial of service |
CVE-2026-40701
|
| VCID-x3ng-bs7w-dfb1 | nginx NULL pointer dereference |
CVE-2009-3896
|
| VCID-xg73-adr1-ybfr | NGINX: NGINX: Certificate revocation bypass when OCSP is enabled |
CVE-2026-28755
|
| VCID-xhjz-rux9-xbc1 | nginx: Insufficient limits of CNAME resolution in resolver |
CVE-2016-0747
|
| VCID-xnjs-1q7g-gqfk | nginx: ngx_http_parse_complex_uri() buffer underflow vulnerability (VU#180065) |
CVE-2009-2629
VU#180065 |
| VCID-y5b5-9z4k-u3bn |
CVE-2018-16845
|
|
| VCID-yrex-aeq8-cue8 | security update |
CVE-2012-4929
|
| VCID-znvx-aqbr-2yck | Mozilla developers added support in the Network Security Services module for preventing a type of man-in-the-middle attack against TLS using forced renegotiation.Note that to benefit from the fix, Firefox 3.6 and Firefox 3.5 users will need to set their security.ssl.require_safe_negotiation preference to true. Firefox 3 does not contain the fix for this issue. |
CVE-2009-3555
GHSA-f7w7-6pjc-wwm6 VU#120541 |
| VCID-zygf-63mp-cqaa | nginx: Excessive CPU usage via flaw in HTTP/2 implementation |
CVE-2018-16844
|