VulnerableCode Package Details - pkg:deb/ubuntu/nginx@1.10.0-0ubuntu0.16.04.3

Search for packages

Package details: pkg:deb/ubuntu/nginx@1.10.0-0ubuntu0.16.04.3

Essentials
History (0)

purl	pkg:deb/ubuntu/nginx@1.10.0-0ubuntu0.16.04.3

Next non-vulnerable version	1.18.0-0ubuntu1.2
Latest non-vulnerable version	1.18.0-0ubuntu1.2
Risk	10.0

Vulnerabilities affecting this package (10)

Vulnerability	Summary	Fixed by
VCID-1m3e-krau-aaap Aliases: CVE-2019-20372	NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.	1.16.1-0ubuntu2.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-2x69-4b6w-aaak Aliases: CVE-2018-16844	Excessive CPU usage in HTTP/2	1.14.0-0ubuntu1.2 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-5w8z-sn91-aaaf Aliases: CVE-2017-7529	Integer overflow in the range filter	1.10.3-0ubuntu0.16.04.2 Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-9se3-1n7v-aaad Aliases: CVE-2017-20005	NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module.	1.14.0-0ubuntu1.7 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-gzny-ttqs-aaaf Aliases: CVE-2018-16843	Excessive memory usage in HTTP/2	1.14.0-0ubuntu1.2 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-srtd-t3v1-aaag Aliases: CVE-2019-9516	Excessive memory usage in HTTP/2 with zero length headers	1.14.0-0ubuntu1.4 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-t7tm-t2rh-aaah Aliases: CVE-2019-9513	Excessive CPU usage in HTTP/2 with priority changes	1.16.1-0ubuntu1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-vhnt-d662-aaaf Aliases: CVE-2018-16845	Memory disclosure in the ngx_http_mp4_module	1.14.0-0ubuntu1.2 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-vkg1-2urs-aaap Aliases: CVE-2019-9511	Excessive CPU usage in HTTP/2 with small window updates	1.16.1-0ubuntu1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-xdng-3k7v-aaaj Aliases: CVE-2021-23017	1-byte memory overwrite in resolver	1.18.0-0ubuntu1.2 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-8xmg-7psa-aaan	The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log.	CVE-2016-1247

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version