Search for packages
Package details: pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4
purl pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4
Next non-vulnerable version 1.26.3-3
Latest non-vulnerable version 1.26.3-3
Risk 10.0
Vulnerabilities affecting this package (18)
Vulnerability Summary Fixed by
VCID-3d3j-83ap-jua7
Aliases:
CVE-2021-3618
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
1.18.0-6.1+deb11u3
Affected by 5 other vulnerabilities.
VCID-66m3-refr-quf4
Aliases:
CVE-2024-7347
Buffer overread in the ngx_http_mp4_module
1.22.1-9+deb12u2
Affected by 1 other vulnerability.
VCID-81pb-4hqw-g3cs
Aliases:
CVE-2019-20372
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
1.18.0-6.1+deb11u3
Affected by 5 other vulnerabilities.
VCID-9nfh-cgh8-ykam
Aliases:
CVE-2019-9511
Excessive CPU usage in HTTP/2 with small window updates
1.14.2-2+deb10u4
Affected by 13 other vulnerabilities.
1.18.0-6.1+deb11u3
Affected by 5 other vulnerabilities.
VCID-apkw-1xhe-rua1
Aliases:
CVE-2022-41741
Memory corruption in the ngx_http_mp4_module
1.18.0-6.1+deb11u3
Affected by 5 other vulnerabilities.
VCID-eanb-jznh-w3f1
Aliases:
CVE-2019-9516
Excessive memory usage in HTTP/2 with zero length headers
1.14.2-2+deb10u4
Affected by 13 other vulnerabilities.
1.18.0-6.1+deb11u3
Affected by 5 other vulnerabilities.
VCID-g1m9-xe6h-6qbp
Aliases:
CVE-2017-7529
Integer overflow in the range filter
1.14.2-2+deb10u4
Affected by 13 other vulnerabilities.
VCID-jpnw-4r81-93c2
Aliases:
CVE-2025-23419
SSL session reuse vulnerability
1.22.1-9+deb12u2
Affected by 1 other vulnerability.
VCID-mz5w-g94t-6yg1
Aliases:
CVE-2018-16845
Memory disclosure in the ngx_http_mp4_module
1.14.2-2+deb10u4
Affected by 13 other vulnerabilities.
VCID-nkk1-gq2z-qfec
Aliases:
CVE-2018-16844
Excessive CPU usage in HTTP/2
1.14.2-2+deb10u4
Affected by 13 other vulnerabilities.
VCID-pwx1-ppph-mkgm
Aliases:
CVE-2020-11724
An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API.
1.14.2-2+deb10u4
Affected by 13 other vulnerabilities.
1.18.0-6.1+deb11u3
Affected by 5 other vulnerabilities.
VCID-qeft-42gz-2bbq
Aliases:
CVE-2020-36309
ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header.
1.22.1-9+deb12u2
Affected by 1 other vulnerability.
VCID-vfxh-kpsr-1kh7
Aliases:
CVE-2024-33452
An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request.
1.22.1-9+deb12u2
Affected by 1 other vulnerability.
VCID-wvtc-3qza-afgh
Aliases:
CVE-2019-9513
Excessive CPU usage in HTTP/2 with priority changes
1.14.2-2+deb10u4
Affected by 13 other vulnerabilities.
1.18.0-6.1+deb11u3
Affected by 5 other vulnerabilities.
VCID-yh1c-vsk2-abej
Aliases:
CVE-2017-20005
NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module.
1.14.2-2+deb10u4
Affected by 13 other vulnerabilities.
VCID-yrau-18r6-4yhw
Aliases:
CVE-2018-16843
Excessive memory usage in HTTP/2
1.14.2-2+deb10u4
Affected by 13 other vulnerabilities.
VCID-yrdf-1ka4-d7ff
Aliases:
CVE-2021-23017
1-byte memory overwrite in resolver
1.14.2-2+deb10u4
Affected by 13 other vulnerabilities.
1.18.0-6.1+deb11u3
Affected by 5 other vulnerabilities.
VCID-ysea-ax3y-8uce
Aliases:
CVE-2022-41742
Memory disclosure in the ngx_http_mp4_module
1.18.0-6.1+deb11u3
Affected by 5 other vulnerabilities.
Vulnerabilities fixed by this package (7)
Vulnerability Summary Aliases
VCID-9nfh-cgh8-ykam Excessive CPU usage in HTTP/2 with small window updates CVE-2019-9511
VCID-eanb-jznh-w3f1 Excessive memory usage in HTTP/2 with zero length headers CVE-2019-9516
VCID-g1m9-xe6h-6qbp Integer overflow in the range filter CVE-2017-7529
VCID-mz5w-g94t-6yg1 Memory disclosure in the ngx_http_mp4_module CVE-2018-16845
VCID-nkk1-gq2z-qfec Excessive CPU usage in HTTP/2 CVE-2018-16844
VCID-wvtc-3qza-afgh Excessive CPU usage in HTTP/2 with priority changes CVE-2019-9513
VCID-yrau-18r6-4yhw Excessive memory usage in HTTP/2 CVE-2018-16843

Date Actor Action Vulnerability Source VulnerableCode Version
2025-08-01T20:06:52.298566+00:00 Debian Oval Importer Affected by VCID-g1m9-xe6h-6qbp https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T19:58:09.455904+00:00 Debian Oval Importer Affected by VCID-9nfh-cgh8-ykam https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T19:07:57.138374+00:00 Debian Oval Importer Affected by VCID-81pb-4hqw-g3cs https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T18:16:16.486026+00:00 Debian Oval Importer Affected by VCID-pwx1-ppph-mkgm https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T16:17:44.219303+00:00 Debian Oval Importer Affected by VCID-vfxh-kpsr-1kh7 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T15:53:22.886143+00:00 Debian Oval Importer Affected by VCID-3d3j-83ap-jua7 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T15:26:09.753536+00:00 Debian Oval Importer Affected by VCID-apkw-1xhe-rua1 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T15:22:13.153782+00:00 Debian Oval Importer Affected by VCID-yrau-18r6-4yhw https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T15:21:23.941650+00:00 Debian Oval Importer Affected by VCID-nkk1-gq2z-qfec https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T15:09:21.832521+00:00 Debian Oval Importer Affected by VCID-yrdf-1ka4-d7ff https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T14:22:45.652070+00:00 Debian Oval Importer Affected by VCID-ysea-ax3y-8uce https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T14:05:39.367422+00:00 Debian Oval Importer Affected by VCID-wvtc-3qza-afgh https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T13:55:57.044745+00:00 Debian Oval Importer Affected by VCID-66m3-refr-quf4 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T13:52:46.854132+00:00 Debian Oval Importer Affected by VCID-eanb-jznh-w3f1 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T13:41:01.147998+00:00 Debian Oval Importer Affected by VCID-jpnw-4r81-93c2 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T13:27:02.492064+00:00 Debian Oval Importer Affected by VCID-mz5w-g94t-6yg1 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T13:19:54.818823+00:00 Debian Oval Importer Affected by VCID-qeft-42gz-2bbq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T12:12:11.072063+00:00 Debian Oval Importer Affected by VCID-yh1c-vsk2-abej https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T11:44:36.527173+00:00 Debian Oval Importer Affected by VCID-yrdf-1ka4-d7ff https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 37.0.0
2025-08-01T11:43:11.449920+00:00 Debian Oval Importer Affected by VCID-wvtc-3qza-afgh https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 37.0.0
2025-08-01T11:31:02.925188+00:00 Debian Oval Importer Affected by VCID-9nfh-cgh8-ykam https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 37.0.0
2025-08-01T11:19:11.477935+00:00 Debian Oval Importer Affected by VCID-eanb-jznh-w3f1 https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 37.0.0
2025-08-01T11:14:54.094565+00:00 Debian Oval Importer Affected by VCID-pwx1-ppph-mkgm https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 37.0.0
2025-08-01T10:54:12.747084+00:00 Debian Oval Importer Fixing VCID-g1m9-xe6h-6qbp https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 37.0.0
2025-08-01T10:52:14.237435+00:00 Debian Oval Importer Fixing VCID-eanb-jznh-w3f1 https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 37.0.0
2025-08-01T10:52:06.065931+00:00 Debian Oval Importer Fixing VCID-mz5w-g94t-6yg1 https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 37.0.0
2025-08-01T10:48:44.609187+00:00 Debian Oval Importer Fixing VCID-9nfh-cgh8-ykam https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 37.0.0
2025-08-01T10:43:25.691233+00:00 Debian Oval Importer Fixing VCID-yrau-18r6-4yhw https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 37.0.0
2025-08-01T10:38:11.397258+00:00 Debian Oval Importer Fixing VCID-nkk1-gq2z-qfec https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 37.0.0
2025-08-01T10:36:53.435820+00:00 Debian Oval Importer Fixing VCID-wvtc-3qza-afgh https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 37.0.0