Search for packages
| purl | pkg:deb/debian/nginx@1.2.1-2.2%2Bwheezy4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3d3j-83ap-jua7
Aliases: CVE-2021-3618 |
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer. |
Affected by 5 other vulnerabilities. |
|
VCID-46bw-8rjq-h7a2
Aliases: CVE-2011-4968 |
nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM) |
Affected by 18 other vulnerabilities. |
|
VCID-4ppq-r7dp-tfbh
Aliases: CVE-2014-0133 |
SPDY heap buffer overflow |
Affected by 25 other vulnerabilities. |
|
VCID-66m3-refr-quf4
Aliases: CVE-2024-7347 |
Buffer overread in the ngx_http_mp4_module |
Affected by 1 other vulnerability. |
|
VCID-81pb-4hqw-g3cs
Aliases: CVE-2019-20372 |
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer. |
Affected by 5 other vulnerabilities. |
|
VCID-8tep-qhty-5fbp
Aliases: CVE-2014-3556 |
STARTTLS command injection |
Affected by 25 other vulnerabilities. |
|
VCID-9nfh-cgh8-ykam
Aliases: CVE-2019-9511 |
Excessive CPU usage in HTTP/2 with small window updates |
Affected by 18 other vulnerabilities. Affected by 13 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-a6gf-uc1d-9ff7
Aliases: CVE-2016-0746 |
Use-after-free during CNAME response processing in resolver |
Affected by 25 other vulnerabilities. Affected by 18 other vulnerabilities. |
|
VCID-ac74-v1hs-27bq
Aliases: CVE-2013-2070 |
Memory disclosure with specially crafted HTTP backend responses |
Affected by 25 other vulnerabilities. |
|
VCID-apkw-1xhe-rua1
Aliases: CVE-2022-41741 |
Memory corruption in the ngx_http_mp4_module |
Affected by 5 other vulnerabilities. |
|
VCID-cjeh-2x36-ffc5
Aliases: CVE-2016-0747 |
Insufficient limits of CNAME resolution in resolver |
Affected by 25 other vulnerabilities. Affected by 18 other vulnerabilities. |
|
VCID-eanb-jznh-w3f1
Aliases: CVE-2019-9516 |
Excessive memory usage in HTTP/2 with zero length headers |
Affected by 18 other vulnerabilities. Affected by 13 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-etdd-rrau-fbc2
Aliases: CVE-2016-0742 |
Invalid pointer dereference in resolver |
Affected by 25 other vulnerabilities. Affected by 18 other vulnerabilities. |
|
VCID-g1m9-xe6h-6qbp
Aliases: CVE-2017-7529 |
Integer overflow in the range filter |
Affected by 24 other vulnerabilities. Affected by 18 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-gry7-k163-w7ej
Aliases: DSA-3701-2 nginx |
regression update |
Affected by 24 other vulnerabilities. |
|
VCID-gxt7-8fgz-mbd8
Aliases: CVE-2016-1247 |
Affected by 24 other vulnerabilities. Affected by 18 other vulnerabilities. |
|
|
VCID-jpnw-4r81-93c2
Aliases: CVE-2025-23419 |
SSL session reuse vulnerability |
Affected by 1 other vulnerability. |
|
VCID-kzjx-fr13-3udr
Aliases: CVE-2016-4450 |
NULL pointer dereference while writing client request body |
Affected by 24 other vulnerabilities. Affected by 18 other vulnerabilities. |
|
VCID-mz5w-g94t-6yg1
Aliases: CVE-2018-16845 |
Memory disclosure in the ngx_http_mp4_module |
Affected by 18 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-nkk1-gq2z-qfec
Aliases: CVE-2018-16844 |
Excessive CPU usage in HTTP/2 |
Affected by 18 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-pwx1-ppph-mkgm
Aliases: CVE-2020-11724 |
An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API. |
Affected by 13 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-qeft-42gz-2bbq
Aliases: CVE-2020-36309 |
ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header. |
Affected by 1 other vulnerability. |
|
VCID-u66f-7wzm-nbdp
Aliases: CVE-2013-4547 |
Request line parsing vulnerability |
Affected by 25 other vulnerabilities. |
|
VCID-vfxh-kpsr-1kh7
Aliases: CVE-2024-33452 |
An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request. |
Affected by 1 other vulnerability. |
|
VCID-wvtc-3qza-afgh
Aliases: CVE-2019-9513 |
Excessive CPU usage in HTTP/2 with priority changes |
Affected by 18 other vulnerabilities. Affected by 13 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-x119-ap36-fud1
Aliases: CVE-2014-3616 |
SSL session reuse vulnerability |
Affected by 25 other vulnerabilities. |
|
VCID-yh1c-vsk2-abej
Aliases: CVE-2017-20005 |
NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module. |
Affected by 13 other vulnerabilities. |
|
VCID-yrau-18r6-4yhw
Aliases: CVE-2018-16843 |
Excessive memory usage in HTTP/2 |
Affected by 18 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-yrdf-1ka4-d7ff
Aliases: CVE-2021-23017 |
1-byte memory overwrite in resolver |
Affected by 13 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-ysea-ax3y-8uce
Aliases: CVE-2022-41742 |
Memory disclosure in the ngx_http_mp4_module |
Affected by 5 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-9wxv-prk9-53he |
CVE-2012-4929
|
|
| VCID-a6gf-uc1d-9ff7 | Use-after-free during CNAME response processing in resolver |
CVE-2016-0746
|
| VCID-ac74-v1hs-27bq | Memory disclosure with specially crafted HTTP backend responses |
CVE-2013-2070
|
| VCID-bvk8-3444-5fev | Memory disclosure with specially crafted backend responses |
CVE-2012-1180
|
| VCID-cjeh-2x36-ffc5 | Insufficient limits of CNAME resolution in resolver |
CVE-2016-0747
|
| VCID-ds13-tr1a-cbh5 | Buffer overflow in the ngx_http_mp4_module |
CVE-2012-2089
|
| VCID-etdd-rrau-fbc2 | Invalid pointer dereference in resolver |
CVE-2016-0742
|
| VCID-u24x-tq9m-6ke1 |
CVE-2012-3380
|
|
| VCID-u66f-7wzm-nbdp | Request line parsing vulnerability |
CVE-2013-4547
|
| VCID-w2r6-grxr-d7dm | Buffer overflow in resolver |
CVE-2011-4315
|
| VCID-x119-ap36-fud1 | SSL session reuse vulnerability |
CVE-2014-3616
|