Search for packages
| purl | pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u1~bpo8%2B2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3d3j-83ap-jua7
Aliases: CVE-2021-3618 |
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer. |
Affected by 5 other vulnerabilities. |
|
VCID-66m3-refr-quf4
Aliases: CVE-2024-7347 |
Buffer overread in the ngx_http_mp4_module |
Affected by 1 other vulnerability. |
|
VCID-81pb-4hqw-g3cs
Aliases: CVE-2019-20372 |
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer. |
Affected by 5 other vulnerabilities. |
|
VCID-9nfh-cgh8-ykam
Aliases: CVE-2019-9511 |
Excessive CPU usage in HTTP/2 with small window updates |
Affected by 18 other vulnerabilities. Affected by 13 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-apkw-1xhe-rua1
Aliases: CVE-2022-41741 |
Memory corruption in the ngx_http_mp4_module |
Affected by 5 other vulnerabilities. |
|
VCID-eanb-jznh-w3f1
Aliases: CVE-2019-9516 |
Excessive memory usage in HTTP/2 with zero length headers |
Affected by 18 other vulnerabilities. Affected by 13 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-g1m9-xe6h-6qbp
Aliases: CVE-2017-7529 |
Integer overflow in the range filter |
Affected by 18 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-jpnw-4r81-93c2
Aliases: CVE-2025-23419 |
SSL session reuse vulnerability |
Affected by 1 other vulnerability. |
|
VCID-mz5w-g94t-6yg1
Aliases: CVE-2018-16845 |
Memory disclosure in the ngx_http_mp4_module |
Affected by 18 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-nkk1-gq2z-qfec
Aliases: CVE-2018-16844 |
Excessive CPU usage in HTTP/2 |
Affected by 18 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-pwx1-ppph-mkgm
Aliases: CVE-2020-11724 |
An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API. |
Affected by 13 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-qeft-42gz-2bbq
Aliases: CVE-2020-36309 |
ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header. |
Affected by 1 other vulnerability. |
|
VCID-vfxh-kpsr-1kh7
Aliases: CVE-2024-33452 |
An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request. |
Affected by 1 other vulnerability. |
|
VCID-wvtc-3qza-afgh
Aliases: CVE-2019-9513 |
Excessive CPU usage in HTTP/2 with priority changes |
Affected by 18 other vulnerabilities. Affected by 13 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-yh1c-vsk2-abej
Aliases: CVE-2017-20005 |
NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module. |
Affected by 13 other vulnerabilities. |
|
VCID-yrau-18r6-4yhw
Aliases: CVE-2018-16843 |
Excessive memory usage in HTTP/2 |
Affected by 18 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-yrdf-1ka4-d7ff
Aliases: CVE-2021-23017 |
1-byte memory overwrite in resolver |
Affected by 13 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-ysea-ax3y-8uce
Aliases: CVE-2022-41742 |
Memory disclosure in the ngx_http_mp4_module |
Affected by 5 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-46bw-8rjq-h7a2 | nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM) |
CVE-2011-4968
|
| VCID-a6gf-uc1d-9ff7 | Use-after-free during CNAME response processing in resolver |
CVE-2016-0746
|
| VCID-cjeh-2x36-ffc5 | Insufficient limits of CNAME resolution in resolver |
CVE-2016-0747
|
| VCID-etdd-rrau-fbc2 | Invalid pointer dereference in resolver |
CVE-2016-0742
|
| VCID-gxt7-8fgz-mbd8 |
CVE-2016-1247
|
|
| VCID-kzjx-fr13-3udr | NULL pointer dereference while writing client request body |
CVE-2016-4450
|