Search for packages
| purl | pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u1~bpo8%2B2 |
| Next non-vulnerable version | 1.22.1-9+deb12u4 |
| Latest non-vulnerable version | 1.28.3-2 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-22cq-z7km-cfdc
Aliases: CVE-2025-23419 |
SSL session reuse vulnerability |
Affected by 7 other vulnerabilities. |
|
VCID-36pf-ddpb-3khs
Aliases: CVE-2020-11724 |
security update |
Affected by 13 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-3ysf-pvuu-47bs
Aliases: CVE-2019-20372 |
nginx: HTTP request smuggling in configurations with URL redirect used as error_page |
Affected by 13 other vulnerabilities. |
|
VCID-64n7-ygvq-cfds
Aliases: CVE-2018-16843 |
Excessive memory usage in HTTP/2 |
Affected by 18 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-9hzg-r1fj-pubf
Aliases: CVE-2019-9513 |
Excessive CPU usage in HTTP/2 with priority changes |
Affected by 18 other vulnerabilities. Affected by 13 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-bana-j1wy-cfdy
Aliases: CVE-2018-16844 |
Excessive CPU usage in HTTP/2 |
Affected by 18 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-c4ta-jqmg-wfgf
Aliases: CVE-2024-33452 |
lua-nginx-module: HTTP request smuggling via a crafted HEAD request |
Affected by 7 other vulnerabilities. |
|
VCID-c9ym-ckeq-63dq
Aliases: CVE-2022-41741 |
Memory corruption in the ngx_http_mp4_module |
Affected by 13 other vulnerabilities. |
|
VCID-cbn4-utmp-n7ba
Aliases: CVE-2021-23017 |
1-byte memory overwrite in resolver |
Affected by 13 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-cjx4-a19z-xufq
Aliases: CVE-2017-7529 |
Integer overflow in the range filter |
Affected by 18 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-dmv4-ydq9-a7eq
Aliases: CVE-2019-9511 |
Excessive CPU usage in HTTP/2 with small window updates |
Affected by 18 other vulnerabilities. Affected by 13 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-eb23-pd25-yqg3
Aliases: CVE-2024-7347 |
Buffer overread in the ngx_http_mp4_module |
Affected by 7 other vulnerabilities. |
|
VCID-kcsp-h1s5-wbea
Aliases: CVE-2019-9516 |
Excessive memory usage in HTTP/2 with zero length headers |
Affected by 18 other vulnerabilities. Affected by 13 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-nckn-qkc8-t7ge
Aliases: CVE-2018-16845 |
Memory disclosure in the ngx_http_mp4_module |
Affected by 18 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-u8aq-2qhu-gff5
Aliases: CVE-2021-3618 |
ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication |
Affected by 13 other vulnerabilities. |
|
VCID-wc3j-5xmu-kyex
Aliases: CVE-2022-41742 |
Memory disclosure in the ngx_http_mp4_module |
Affected by 13 other vulnerabilities. |
|
VCID-y3tg-7fge-1yfy
Aliases: CVE-2020-36309 |
ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header. |
Affected by 7 other vulnerabilities. |
|
VCID-yu2j-f4q9-bbcx
Aliases: CVE-2017-20005 |
nginx: buffer overflow in ngx_gmtime() triggered by 5 digit years |
Affected by 13 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-e49f-y1ky-5yb4 | Insufficient limits of CNAME resolution in resolver |
CVE-2016-0747
|
| VCID-fgaf-wqmd-gqf3 | nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM) |
CVE-2011-4968
|
| VCID-jtgk-h6v6-2fgs | Use-after-free during CNAME response processing in resolver |
CVE-2016-0746
|
| VCID-p933-hxvk-37bk | Gentoo's NGINX ebuilds are vulnerable to privilege escalation due to the way log files are handled. |
CVE-2016-1247
|
| VCID-qzcz-zvv6-dyda | Invalid pointer dereference in resolver |
CVE-2016-0742
|
| VCID-rsr7-p977-tycc | NULL pointer dereference while writing client request body |
CVE-2016-4450
|