Search for packages
| purl | pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3d3j-83ap-jua7
Aliases: CVE-2021-3618 |
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer. |
Affected by 5 other vulnerabilities. |
|
VCID-66m3-refr-quf4
Aliases: CVE-2024-7347 |
Buffer overread in the ngx_http_mp4_module |
Affected by 1 other vulnerability. |
|
VCID-81pb-4hqw-g3cs
Aliases: CVE-2019-20372 |
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer. |
Affected by 5 other vulnerabilities. |
|
VCID-9nfh-cgh8-ykam
Aliases: CVE-2019-9511 |
Excessive CPU usage in HTTP/2 with small window updates |
Affected by 5 other vulnerabilities. |
|
VCID-apkw-1xhe-rua1
Aliases: CVE-2022-41741 |
Memory corruption in the ngx_http_mp4_module |
Affected by 5 other vulnerabilities. |
|
VCID-eanb-jznh-w3f1
Aliases: CVE-2019-9516 |
Excessive memory usage in HTTP/2 with zero length headers |
Affected by 5 other vulnerabilities. |
|
VCID-jpnw-4r81-93c2
Aliases: CVE-2025-23419 |
SSL session reuse vulnerability |
Affected by 1 other vulnerability. |
|
VCID-pwx1-ppph-mkgm
Aliases: CVE-2020-11724 |
An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API. |
Affected by 5 other vulnerabilities. |
|
VCID-qeft-42gz-2bbq
Aliases: CVE-2020-36309 |
ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header. |
Affected by 1 other vulnerability. |
|
VCID-vfxh-kpsr-1kh7
Aliases: CVE-2024-33452 |
An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request. |
Affected by 1 other vulnerability. |
|
VCID-wvtc-3qza-afgh
Aliases: CVE-2019-9513 |
Excessive CPU usage in HTTP/2 with priority changes |
Affected by 5 other vulnerabilities. |
|
VCID-yrdf-1ka4-d7ff
Aliases: CVE-2021-23017 |
1-byte memory overwrite in resolver |
Affected by 5 other vulnerabilities. |
|
VCID-ysea-ax3y-8uce
Aliases: CVE-2022-41742 |
Memory disclosure in the ngx_http_mp4_module |
Affected by 5 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-9nfh-cgh8-ykam | Excessive CPU usage in HTTP/2 with small window updates |
CVE-2019-9511
|
| VCID-eanb-jznh-w3f1 | Excessive memory usage in HTTP/2 with zero length headers |
CVE-2019-9516
|
| VCID-g1m9-xe6h-6qbp | Integer overflow in the range filter |
CVE-2017-7529
|
| VCID-mz5w-g94t-6yg1 | Memory disclosure in the ngx_http_mp4_module |
CVE-2018-16845
|
| VCID-nkk1-gq2z-qfec | Excessive CPU usage in HTTP/2 |
CVE-2018-16844
|
| VCID-pwx1-ppph-mkgm | An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API. |
CVE-2020-11724
|
| VCID-wvtc-3qza-afgh | Excessive CPU usage in HTTP/2 with priority changes |
CVE-2019-9513
|
| VCID-yh1c-vsk2-abej | NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module. |
CVE-2017-20005
|
| VCID-yrau-18r6-4yhw | Excessive memory usage in HTTP/2 |
CVE-2018-16843
|
| VCID-yrdf-1ka4-d7ff | 1-byte memory overwrite in resolver |
CVE-2021-23017
|