Skip to main content

Nginx

375 CVEs vendor

Monthly

CVE-2016-4450 HIGH This Week

os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nginx Denial Of Service Null Pointer Dereference Ubuntu Linux Debian Linux
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2016-0747 MEDIUM PATCH This Month

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 20.0%.

Nginx Denial Of Service Ubuntu Linux Debian Linux Leap +1
NVD
CVSS 3.1
5.3
EPSS
20.0%
CVE-2016-0746 CRITICAL PATCH Act Now

Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Nginx Memory Corruption Denial Of Service Use After Free Ubuntu Linux +3
NVD
CVSS 3.1
9.8
EPSS
6.3%
CVE-2016-0742 HIGH PATCH Act Now

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 78.8%.

Nginx Denial Of Service Null Pointer Dereference Ubuntu Linux Debian Linux +3
NVD
CVSS 3.1
7.5
EPSS
78.8%
CVE-2014-3556 MEDIUM PATCH This Month

The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 48.2%.

Nginx Command Injection
NVD
CVSS 2.0
6.8
EPSS
48.2%
CVE-2014-3616 MEDIUM This Month

nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Nginx Information Disclosure Debian Linux
NVD
CVSS 2.0
4.3
EPSS
2.4%
CVE-2014-0088 HIGH PATCH This Week

The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Nginx RCE Buffer Overflow
NVD VulDB
CVSS 2.0
7.5
EPSS
2.6%
CVE-2014-0133 HIGH Act Now

Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.9% and no vendor patch available.

Nginx Memory Corruption Buffer Overflow RCE Opensuse
NVD VulDB
CVSS 2.0
7.5
EPSS
20.9%
CVE-2013-4547 HIGH POC THREAT Act Now

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 90.9%.

Nginx Authentication Bypass Lifecycle Management Server Studio Onsite Webyast +1
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
90.9%
Threat
5.7
CVE-2013-0337 HIGH This Week

The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Nginx
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2013-2070 MEDIUM PATCH This Month

http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Denial Of Service Nginx Debian Linux
NVD
CVSS 2.0
5.8
EPSS
4.6%
CVE-2013-2028 HIGH POC PATCH THREAT Act Now

The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 93.0%.

Denial Of Service Buffer Overflow Nginx Memory Corruption RCE +1
NVD GitHub Exploit-DB
CVSS 2.0
7.5
EPSS
93.0%
Threat
5.8
CVE-2012-3380 LOW PATCH Monitor

Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Nginx Path Traversal Naxsi
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2012-2089 MEDIUM PATCH This Month

Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Nginx RCE Fedora
NVD
CVSS 2.0
6.8
EPSS
5.3%
CVE-2012-1180 MEDIUM PATCH This Month

Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Nginx Memory Corruption Information Disclosure Use After Free Fedora +1
NVD
CVSS 2.0
5.0
EPSS
3.1%
EPSS 3% CVSS 7.5
HIGH This Week

os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nginx Denial Of Service Null Pointer Dereference +2
NVD
EPSS 20% CVSS 5.3
MEDIUM PATCH This Month

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 20.0%.

Nginx Denial Of Service Ubuntu Linux +3
NVD
EPSS 6% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Nginx Memory Corruption Denial Of Service +5
NVD
EPSS 79% CVSS 7.5
HIGH PATCH Act Now

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 78.8%.

Nginx Denial Of Service Null Pointer Dereference +5
NVD
EPSS 48% CVSS 6.8
MEDIUM PATCH This Month

The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 48.2%.

Nginx Command Injection
NVD
EPSS 2% CVSS 4.3
MEDIUM This Month

nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Nginx Information Disclosure Debian Linux
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Nginx RCE Buffer Overflow
NVD VulDB
EPSS 21% CVSS 7.5
HIGH Act Now

Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.9% and no vendor patch available.

Nginx Memory Corruption Buffer Overflow +2
NVD VulDB
EPSS 91% 5.7 CVSS 7.5
HIGH POC THREAT Act Now

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 90.9%.

Nginx Authentication Bypass Lifecycle Management Server +3
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH This Week

The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Nginx
NVD
EPSS 5% CVSS 5.8
MEDIUM PATCH This Month

http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Denial Of Service Nginx Debian Linux
NVD
EPSS 93% 5.8 CVSS 7.5
HIGH POC PATCH THREAT Act Now

The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 93.0%.

Denial Of Service Buffer Overflow Nginx +3
NVD GitHub Exploit-DB
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Nginx Path Traversal Naxsi
NVD
EPSS 5% CVSS 6.8
MEDIUM PATCH This Month

Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Nginx +2
NVD
EPSS 3% CVSS 5.0
MEDIUM PATCH This Month

Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Nginx Memory Corruption Information Disclosure +3
NVD
Prev Page 5 of 5

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy