Search for packages
Package details: pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3
purl pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3
Next non-vulnerable version 1.26.3-3
Latest non-vulnerable version 1.26.3-3
Risk 10.0
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-5m3h-b4yf-63ew
Aliases:
CVE-2024-33452
An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request.
1.22.1-9+deb12u1
Affected by 2 other vulnerabilities.
1.22.1-9+deb12u2
Affected by 1 other vulnerability.
VCID-6y3x-kyj7-aaaf
Aliases:
CVE-2023-44487
GHSA-qppj-fm5r-hxr3
VSV00013
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
1.22.1-9+deb12u1
Affected by 2 other vulnerabilities.
1.22.1-9+deb12u2
Affected by 1 other vulnerability.
1.24.0-2
Affected by 0 other vulnerabilities.
1.26.0-1
Affected by 0 other vulnerabilities.
1.26.0-2
Affected by 0 other vulnerabilities.
1.26.0-3
Affected by 0 other vulnerabilities.
1.26.3-2
Affected by 0 other vulnerabilities.
1.26.3-3
Affected by 0 other vulnerabilities.
VCID-c9xc-nm4d-aaar
Aliases:
CVE-2024-7347
Buffer overread in the ngx_http_mp4_module
1.22.1-9+deb12u1
Affected by 2 other vulnerabilities.
1.22.1-9+deb12u2
Affected by 1 other vulnerability.
1.26.3-2
Affected by 0 other vulnerabilities.
VCID-cza3-95cy-aaaj
Aliases:
CVE-2020-36309
ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header.
1.22.1-7
Affected by 0 other vulnerabilities.
1.22.1-9
Affected by 2 other vulnerabilities.
1.22.1-9+deb12u1
Affected by 2 other vulnerabilities.
1.22.1-9+deb12u2
Affected by 1 other vulnerability.
VCID-kb3m-1vss-yue8
Aliases:
CVE-2025-23419
nginx: TLS Session Resumption Vulnerability
1.22.1-9+deb12u1
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (10)
Vulnerability Summary Aliases
VCID-1m3e-krau-aaap NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer. CVE-2019-20372
VCID-2gtf-635s-aaab NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module. CVE-2022-41742
VCID-6x46-n1n2-aaad An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API. CVE-2020-11724
VCID-cza3-95cy-aaaj ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header. CVE-2020-36309
VCID-naz4-k1th-aaad ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer. CVE-2021-3618
VCID-q6hd-xazy-aaaj NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. The issue affects only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module. CVE-2022-41741
VCID-srtd-t3v1-aaag Excessive memory usage in HTTP/2 with zero length headers CVE-2019-9516
VCID-t7tm-t2rh-aaah Excessive CPU usage in HTTP/2 with priority changes CVE-2019-9513
VCID-vkg1-2urs-aaap Excessive CPU usage in HTTP/2 with small window updates CVE-2019-9511
VCID-xdng-3k7v-aaaj 1-byte memory overwrite in resolver CVE-2021-23017

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T21:14:22.118452+00:00 Debian Importer Affected by VCID-c9xc-nm4d-aaar https://security-tracker.debian.org/tracker/data/json 36.1.3
2025-06-21T16:35:31.823016+00:00 Debian Importer Fixing VCID-q6hd-xazy-aaaj None 36.1.3
2025-06-21T14:00:52.099737+00:00 Debian Oval Importer Fixing VCID-q6hd-xazy-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:37:12.661502+00:00 Debian Importer Fixing VCID-naz4-k1th-aaad None 36.1.3
2025-06-21T12:33:41.468481+00:00 Debian Importer Affected by VCID-6y3x-kyj7-aaaf None 36.1.3
2025-06-21T12:09:42.799038+00:00 Debian Oval Importer Fixing VCID-naz4-k1th-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T11:13:14.724899+00:00 Debian Oval Importer Fixing VCID-2gtf-635s-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T08:59:01.005063+00:00 Debian Importer Affected by VCID-6y3x-kyj7-aaaf https://security-tracker.debian.org/tracker/data/json 36.1.3
2025-06-21T06:42:18.304313+00:00 Debian Oval Importer Fixing VCID-q6hd-xazy-aaaj None 36.1.3
2025-06-21T06:42:16.203055+00:00 Debian Oval Importer Fixing VCID-2gtf-635s-aaab None 36.1.3
2025-06-21T06:09:11.323502+00:00 Debian Oval Importer Fixing VCID-vkg1-2urs-aaap None 36.1.3
2025-06-21T03:50:07.960896+00:00 Debian Importer Fixing VCID-cza3-95cy-aaaj None 36.1.3
2025-06-21T03:35:22.278747+00:00 Debian Oval Importer Fixing VCID-naz4-k1th-aaad None 36.1.3
2025-06-21T03:25:16.588494+00:00 Debian Oval Importer Fixing VCID-xdng-3k7v-aaaj None 36.1.3
2025-06-21T03:16:39.035939+00:00 Debian Oval Importer Fixing VCID-6x46-n1n2-aaad None 36.1.3
2025-06-21T02:59:37.877206+00:00 Debian Importer Affected by VCID-cza3-95cy-aaaj https://security-tracker.debian.org/tracker/data/json 36.1.3
2025-06-21T02:52:15.319553+00:00 Debian Oval Importer Fixing VCID-srtd-t3v1-aaag None 36.1.3
2025-06-21T02:15:38.206945+00:00 Debian Oval Importer Fixing VCID-t7tm-t2rh-aaah None 36.1.3
2025-06-21T01:48:57.426840+00:00 Debian Oval Importer Fixing VCID-1m3e-krau-aaap None 36.1.3
2025-06-20T23:35:37.709863+00:00 Debian Importer Affected by VCID-cza3-95cy-aaaj None 36.1.3
2025-06-20T20:52:26.248253+00:00 Debian Importer Affected by VCID-5m3h-b4yf-63ew https://security-tracker.debian.org/tracker/data/json 36.1.3
2025-06-08T13:14:36.622819+00:00 Debian Oval Importer Fixing VCID-q6hd-xazy-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T13:02:25.904607+00:00 Debian Oval Importer Fixing VCID-xdng-3k7v-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:28:47.007934+00:00 Debian Oval Importer Fixing VCID-2gtf-635s-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:16:38.029034+00:00 Debian Oval Importer Fixing VCID-t7tm-t2rh-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:07:18.278108+00:00 Debian Oval Importer Fixing VCID-srtd-t3v1-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T06:54:58.700136+00:00 Debian Oval Importer Fixing VCID-q6hd-xazy-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:15:59.978602+00:00 Debian Oval Importer Fixing VCID-naz4-k1th-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:39:32.901854+00:00 Debian Oval Importer Fixing VCID-2gtf-635s-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T00:21:46.733694+00:00 Debian Oval Importer Fixing VCID-q6hd-xazy-aaaj None 36.1.0
2025-06-08T00:21:44.465860+00:00 Debian Oval Importer Fixing VCID-2gtf-635s-aaab None 36.1.0
2025-06-07T23:48:02.819761+00:00 Debian Oval Importer Fixing VCID-vkg1-2urs-aaap None 36.1.0
2025-06-07T21:09:12.619986+00:00 Debian Oval Importer Fixing VCID-naz4-k1th-aaad None 36.1.0
2025-06-07T20:58:32.906410+00:00 Debian Oval Importer Fixing VCID-xdng-3k7v-aaaj None 36.1.0
2025-06-07T20:49:39.684392+00:00 Debian Oval Importer Fixing VCID-6x46-n1n2-aaad None 36.1.0
2025-06-07T20:19:36.404311+00:00 Debian Oval Importer Fixing VCID-srtd-t3v1-aaag None 36.1.0
2025-06-07T19:39:23.306031+00:00 Debian Oval Importer Fixing VCID-t7tm-t2rh-aaah None 36.1.0
2025-06-07T19:12:16.687382+00:00 Debian Oval Importer Fixing VCID-1m3e-krau-aaap None 36.1.0
2025-06-05T14:38:05.500257+00:00 Debian Importer Affected by VCID-5m3h-b4yf-63ew https://security-tracker.debian.org/tracker/data/json 36.1.0
2025-05-02T09:59:02.345103+00:00 Debian Importer Affected by VCID-5m3h-b4yf-63ew https://security-tracker.debian.org/tracker/data/json 36.0.0
2025-04-13T02:59:04.410333+00:00 Debian Oval Importer Affected by VCID-c9xc-nm4d-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-13T02:58:04.788320+00:00 Debian Oval Importer Affected by VCID-kb3m-1vss-yue8 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T22:26:21.062152+00:00 Debian Oval Importer Fixing VCID-vkg1-2urs-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T21:49:10.717393+00:00 Debian Oval Importer Fixing VCID-1m3e-krau-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T21:10:26.758587+00:00 Debian Oval Importer Fixing VCID-6x46-n1n2-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:22:54.810113+00:00 Debian Oval Importer Fixing VCID-naz4-k1th-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:02:29.121444+00:00 Debian Oval Importer Fixing VCID-q6hd-xazy-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:49:53.641248+00:00 Debian Oval Importer Fixing VCID-xdng-3k7v-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:15:04.920413+00:00 Debian Oval Importer Fixing VCID-2gtf-635s-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:02:25.054759+00:00 Debian Oval Importer Fixing VCID-t7tm-t2rh-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:52:51.186785+00:00 Debian Oval Importer Fixing VCID-srtd-t3v1-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-08T05:27:28.573897+00:00 Debian Oval Importer Fixing VCID-q6hd-xazy-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:47:03.905582+00:00 Debian Oval Importer Fixing VCID-naz4-k1th-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:10:33.218249+00:00 Debian Oval Importer Fixing VCID-2gtf-635s-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-07T22:54:01.268429+00:00 Debian Oval Importer Fixing VCID-q6hd-xazy-aaaj None 36.0.0
2025-04-07T22:53:59.034599+00:00 Debian Oval Importer Fixing VCID-2gtf-635s-aaab None 36.0.0
2025-04-07T22:20:10.980607+00:00 Debian Oval Importer Fixing VCID-vkg1-2urs-aaap None 36.0.0
2025-04-07T19:39:20.845340+00:00 Debian Oval Importer Fixing VCID-naz4-k1th-aaad None 36.0.0
2025-04-07T19:29:01.271777+00:00 Debian Oval Importer Fixing VCID-xdng-3k7v-aaaj None 36.0.0
2025-04-07T19:20:06.950132+00:00 Debian Oval Importer Fixing VCID-6x46-n1n2-aaad None 36.0.0
2025-04-07T18:54:57.320845+00:00 Debian Oval Importer Fixing VCID-srtd-t3v1-aaag None 36.0.0
2025-04-07T18:17:08.043690+00:00 Debian Oval Importer Fixing VCID-t7tm-t2rh-aaah None 36.0.0
2025-04-07T17:50:06.298810+00:00 Debian Oval Importer Fixing VCID-1m3e-krau-aaap None 36.0.0
2025-04-07T08:10:51.903162+00:00 Debian Importer Fixing VCID-2gtf-635s-aaab None 36.0.0
2025-04-05T17:15:10.696801+00:00 Debian Importer Affected by VCID-c9xc-nm4d-aaar https://security-tracker.debian.org/tracker/data/json 36.0.0
2025-04-05T13:01:03.928334+00:00 Debian Importer Affected by VCID-6y3x-kyj7-aaaf https://security-tracker.debian.org/tracker/data/json 36.0.0
2025-04-05T12:59:45.749010+00:00 Debian Importer Fixing VCID-q6hd-xazy-aaaj None 36.0.0
2025-04-05T10:09:43.224821+00:00 Debian Importer Fixing VCID-naz4-k1th-aaad None 36.0.0
2025-04-05T09:09:22.064811+00:00 Debian Importer Affected by VCID-6y3x-kyj7-aaaf None 36.0.0
2025-04-04T06:38:47.068483+00:00 Debian Importer Fixing VCID-cza3-95cy-aaaj None 36.0.0
2025-04-04T05:46:43.147337+00:00 Debian Importer Affected by VCID-cza3-95cy-aaaj https://security-tracker.debian.org/tracker/data/json 36.0.0
2025-04-04T02:16:33.822055+00:00 Debian Importer Affected by VCID-cza3-95cy-aaaj None 36.0.0
2025-02-22T06:17:43.385723+00:00 Debian Importer Affected by VCID-c9xc-nm4d-aaar https://security-tracker.debian.org/tracker/data/json 35.1.0
2025-02-21T14:04:39.507045+00:00 Debian Importer Affected by VCID-6y3x-kyj7-aaaf None 35.1.0
2025-02-21T14:04:33.025800+00:00 Debian Importer Affected by VCID-6y3x-kyj7-aaaf https://security-tracker.debian.org/tracker/data/json 35.1.0
2025-02-21T02:45:46.673165+00:00 Debian Importer Fixing VCID-2gtf-635s-aaab None 35.1.0
2025-02-21T02:45:45.707608+00:00 Debian Importer Fixing VCID-q6hd-xazy-aaaj None 35.1.0
2025-02-20T02:34:37.449628+00:00 Debian Importer Fixing VCID-naz4-k1th-aaad None 35.1.0
2025-02-19T16:44:09.348362+00:00 Debian Importer Fixing VCID-cza3-95cy-aaaj None 35.1.0
2025-02-19T16:44:07.917501+00:00 Debian Importer Affected by VCID-cza3-95cy-aaaj https://security-tracker.debian.org/tracker/data/json 35.1.0
2025-02-19T16:44:06.420806+00:00 Debian Importer Affected by VCID-cza3-95cy-aaaj None 35.1.0
2024-11-24T03:12:28.620530+00:00 Debian Importer Affected by VCID-6y3x-kyj7-aaaf https://security-tracker.debian.org/tracker/data/json 35.0.0
2024-11-23T17:42:00.317287+00:00 Debian Importer Fixing VCID-2gtf-635s-aaab None 35.0.0
2024-11-23T17:41:59.428014+00:00 Debian Importer Fixing VCID-q6hd-xazy-aaaj None 35.0.0
2024-11-22T13:37:54.900033+00:00 Debian Importer Affected by VCID-cza3-95cy-aaaj https://security-tracker.debian.org/tracker/data/json 35.0.0
2024-10-11T00:38:45.692678+00:00 Debian Importer Affected by VCID-6y3x-kyj7-aaaf https://security-tracker.debian.org/tracker/data/json 34.0.2
2024-10-10T15:09:59.535034+00:00 Debian Importer Fixing VCID-2gtf-635s-aaab None 34.0.2
2024-10-10T15:09:58.629425+00:00 Debian Importer Fixing VCID-q6hd-xazy-aaaj None 34.0.2
2024-10-09T13:01:24.465685+00:00 Debian Importer Affected by VCID-cza3-95cy-aaaj https://security-tracker.debian.org/tracker/data/json 34.0.2
2024-09-20T05:17:14.035545+00:00 Debian Importer Affected by VCID-6y3x-kyj7-aaaf https://security-tracker.debian.org/tracker/data/json 34.0.1
2024-09-19T21:23:10.078484+00:00 Debian Importer Fixing VCID-2gtf-635s-aaab None 34.0.1
2024-09-19T21:23:09.209745+00:00 Debian Importer Fixing VCID-q6hd-xazy-aaaj None 34.0.1
2024-09-18T22:22:10.061187+00:00 Debian Importer Affected by VCID-cza3-95cy-aaaj https://security-tracker.debian.org/tracker/data/json 34.0.1
2024-04-26T05:24:48.071193+00:00 Debian Importer Affected by VCID-6y3x-kyj7-aaaf https://security-tracker.debian.org/tracker/data/json 34.0.0rc4
2024-04-26T05:24:26.661078+00:00 Debian Importer Affected by VCID-6y3x-kyj7-aaaf None 34.0.0rc4
2024-04-25T20:10:01.045543+00:00 Debian Importer Fixing VCID-2gtf-635s-aaab None 34.0.0rc4
2024-04-25T20:09:59.657323+00:00 Debian Importer Fixing VCID-q6hd-xazy-aaaj None 34.0.0rc4
2024-04-25T01:48:25.741784+00:00 Debian Importer Fixing VCID-naz4-k1th-aaad None 34.0.0rc4
2024-04-24T19:55:43.257642+00:00 Debian Importer Affected by VCID-cza3-95cy-aaaj https://security-tracker.debian.org/tracker/data/json 34.0.0rc4
2024-04-24T19:55:36.316532+00:00 Debian Importer Fixing VCID-cza3-95cy-aaaj None 34.0.0rc4
2024-04-24T19:55:34.637465+00:00 Debian Importer Affected by VCID-cza3-95cy-aaaj None 34.0.0rc4
2024-01-12T03:39:14.550338+00:00 Debian Importer Fixing VCID-2gtf-635s-aaab None 34.0.0rc2
2024-01-12T03:39:12.597198+00:00 Debian Importer Fixing VCID-q6hd-xazy-aaaj None 34.0.0rc2
2024-01-11T02:46:43.250277+00:00 Debian Importer Fixing VCID-naz4-k1th-aaad None 34.0.0rc2
2024-01-10T21:20:46.292139+00:00 Debian Importer Affected by VCID-cza3-95cy-aaaj https://security-tracker.debian.org/tracker/data/json 34.0.0rc2
2024-01-10T21:20:39.214542+00:00 Debian Importer Fixing VCID-cza3-95cy-aaaj None 34.0.0rc2
2024-01-10T21:20:37.399450+00:00 Debian Importer Affected by VCID-cza3-95cy-aaaj None 34.0.0rc2
2024-01-05T09:53:32.385865+00:00 Debian Importer Affected by VCID-6y3x-kyj7-aaaf https://security-tracker.debian.org/tracker/data/json 34.0.0rc1
2024-01-05T09:53:21.046194+00:00 Debian Importer Affected by VCID-6y3x-kyj7-aaaf None 34.0.0rc1
2024-01-05T04:57:02.987726+00:00 Debian Importer Fixing VCID-2gtf-635s-aaab None 34.0.0rc1
2024-01-05T04:57:02.016693+00:00 Debian Importer Fixing VCID-q6hd-xazy-aaaj None 34.0.0rc1
2024-01-04T15:02:31.339147+00:00 Debian Importer Fixing VCID-naz4-k1th-aaad None 34.0.0rc1
2024-01-04T10:37:19.384550+00:00 Debian Importer Affected by VCID-cza3-95cy-aaaj https://security-tracker.debian.org/tracker/data/json 34.0.0rc1
2024-01-04T10:37:12.700916+00:00 Debian Importer Fixing VCID-cza3-95cy-aaaj None 34.0.0rc1
2024-01-04T10:37:10.976005+00:00 Debian Importer Affected by VCID-cza3-95cy-aaaj None 34.0.0rc1