Search for packages
| purl | pkg:deb/ubuntu/nginx@1.6.2-4ubuntu1 |
| Next non-vulnerable version | 1.18.0-0ubuntu1.2 |
| Latest non-vulnerable version | 1.18.0-0ubuntu1.2 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1m3e-krau-aaap
Aliases: CVE-2019-20372 |
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer. |
Affected by 1 other vulnerability. |
|
VCID-2x69-4b6w-aaak
Aliases: CVE-2018-16844 |
Excessive CPU usage in HTTP/2 |
Affected by 6 other vulnerabilities. |
|
VCID-5w8z-sn91-aaaf
Aliases: CVE-2017-7529 |
Integer overflow in the range filter |
Affected by 9 other vulnerabilities. |
|
VCID-8xmg-7psa-aaan
Aliases: CVE-2016-1247 |
The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log. |
Affected by 10 other vulnerabilities. |
|
VCID-9se3-1n7v-aaad
Aliases: CVE-2017-20005 |
NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module. |
Affected by 4 other vulnerabilities. |
|
VCID-enhc-b4gu-aaab
Aliases: CVE-2016-0747 |
Insufficient limits of CNAME resolution in resolver |
Affected by 12 other vulnerabilities. |
|
VCID-f4wv-uhtz-aaaf
Aliases: CVE-2016-4450 |
NULL pointer dereference while writing client request body |
Affected by 11 other vulnerabilities. |
|
VCID-gzny-ttqs-aaaf
Aliases: CVE-2018-16843 |
Excessive memory usage in HTTP/2 |
Affected by 6 other vulnerabilities. |
|
VCID-srtd-t3v1-aaag
Aliases: CVE-2019-9516 |
Excessive memory usage in HTTP/2 with zero length headers |
Affected by 5 other vulnerabilities. |
|
VCID-t7tm-t2rh-aaah
Aliases: CVE-2019-9513 |
Excessive CPU usage in HTTP/2 with priority changes |
Affected by 2 other vulnerabilities. |
|
VCID-vhnt-d662-aaaf
Aliases: CVE-2018-16845 |
Memory disclosure in the ngx_http_mp4_module |
Affected by 6 other vulnerabilities. |
|
VCID-vkg1-2urs-aaap
Aliases: CVE-2019-9511 |
Excessive CPU usage in HTTP/2 with small window updates |
Affected by 2 other vulnerabilities. |
|
VCID-vvd2-c7ge-aaap
Aliases: CVE-2016-0742 |
Invalid pointer dereference in resolver |
Affected by 12 other vulnerabilities. |
|
VCID-wqtz-5xpp-aaan
Aliases: CVE-2016-0746 |
Use-after-free during CNAME response processing in resolver |
Affected by 12 other vulnerabilities. |
|
VCID-xdng-3k7v-aaaj
Aliases: CVE-2021-23017 |
1-byte memory overwrite in resolver |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|