VulnerableCode Package Details - pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u1

Search for packages

Vulnerability	Summary	Fixed by
VCID-6y3x-kyj7-aaaf Aliases: CVE-2023-44487 GHSA-qppj-fm5r-hxr3 VSV00013	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.	1.22.1-9+deb12u2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 1.24.0-2 Affected by 0 other vulnerabilities. 1.26.0-1 Affected by 0 other vulnerabilities. 1.26.0-2 Affected by 0 other vulnerabilities. 1.26.0-3 Affected by 0 other vulnerabilities. 1.26.3-2 Affected by 0 other vulnerabilities. 1.26.3-3 Affected by 0 other vulnerabilities.
VCID-c9xc-nm4d-aaar Aliases: CVE-2024-7347	Buffer overread in the ngx_http_mp4_module	1.22.1-9+deb12u2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 1.26.3-2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-6y3x-kyj7-aaaf
Aliases:
CVE-2023-44487
GHSA-qppj-fm5r-hxr3
VSV00013

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

1.22.1-9+deb12u2
Affected by 1 other vulnerability.

1.24.0-2
Affected by 0 other vulnerabilities.

1.26.0-1
Affected by 0 other vulnerabilities.

1.26.0-2
Affected by 0 other vulnerabilities.

1.26.0-3
Affected by 0 other vulnerabilities.

1.26.3-2
Affected by 0 other vulnerabilities.

1.26.3-3
Affected by 0 other vulnerabilities.

VCID-c9xc-nm4d-aaar
Aliases:
CVE-2024-7347

Buffer overread in the ngx_http_mp4_module

1.22.1-9+deb12u2
Affected by 1 other vulnerability.

1.26.3-2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-05-02T09:59:02.351588+00:00	Debian Importer	Fixing	VCID-5m3h-b4yf-63ew	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-04-13T02:59:04.417674+00:00	Debian Oval Importer	Fixing	VCID-c9xc-nm4d-aaar	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-13T02:58:04.794062+00:00	Debian Oval Importer	Fixing	VCID-kb3m-1vss-yue8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-06T14:14:45.444631+00:00	Debian Importer	Affected by	VCID-6y3x-kyj7-aaaf	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-04-05T19:28:32.341646+00:00	Debian Importer	Affected by	VCID-c9xc-nm4d-aaar	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-04-05T17:15:10.702199+00:00	Debian Importer	Fixing	VCID-c9xc-nm4d-aaar	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-04-05T13:01:03.933470+00:00	Debian Importer	Fixing	VCID-6y3x-kyj7-aaaf	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-04-05T09:09:22.070418+00:00	Debian Importer	Fixing	VCID-6y3x-kyj7-aaaf	None	36.0.0
2025-04-04T05:46:43.152265+00:00	Debian Importer	Fixing	VCID-cza3-95cy-aaaj	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-04-04T02:16:33.831110+00:00	Debian Importer	Fixing	VCID-cza3-95cy-aaaj	None	36.0.0