pkg:Debian/nginx

All known vulnerabilities

• MEDIUM5.3CVE-2023-44487⚠ KEVnghttp2 - security update
  from 0
• CRITICAL9.8CVE-2009-3555pound - security update
  from 0, < 0.7.64-1
• CRITICAL9.8nginx - security update
  from 0, < 1.13.6-1
• CRITICAL9.8nginx - security update
  from 0, < 1.10.3-1+deb9u7
• CRITICAL9.8Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denia…
  from 0, < 1.9.10-1
• HIGH8.2NGINX ngx_http_dav_module vulnerability
  from 0, < 1.18.0-6.1+deb11u6
• HIGH7.8NGINX ngx_http_mp4_module vulnerability
  from 0, < 1.18.0-6.1+deb11u6
• HIGH7.8NGINX ngx_http_mp4_module vulnerability CVE-2022-41741
  from 0, < 1.18.0-6.1+deb11u3
• HIGH7.8NGINX ngx_http_mp4_module vulnerability CVE-2022-41741
  from 0, < 1.18.0-6.1+deb11u3
• HIGH7.8nginx - security update
  from 0, < 1.6.2-5+deb8u3
• HIGH7.8nginx - security update
  from 0, < 1.10.2-1
• HIGH7.7An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD r…
  from 0, < 1.18.0-6.1+deb11u5
• HIGH7.7nginx - security update
  from 0, < 1.10.3-1+deb9u6
• HIGH7.7nginx - security update
  from 0, < 1.18.0-6.1
• HIGH7.7nginx - security update
  from 0, < 1.14.2-2+deb10u4
• HIGH7.5NGINX ngx_mail_auth_http_module vulnerability
  from 0, < 1.18.0-6.1+deb11u6
• HIGH7.5NGINX HTTP/3 QUIC vulnerability
  from 0, < 1.26.0-1
• HIGH7.5NGINX HTTP/3 QUIC vulnerability
  from 0, < 1.26.0-1
• HIGH7.5nginx - security update
  from 0, < 1.18.0-5
• HIGH7.5nginx - security update
  from 0, < 1.14.2-2+deb10u3
• HIGH7.5nginx - security update
  from 0, < 1.10.3-1+deb9u5
• HIGH7.5Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service.
  from 0, < 1.14.2-3
• HIGH7.5nghttp2 - security update
  from 0, < 1.10.3-1+deb9u3
• HIGH7.5nghttp2 - security update
  from 0, < 1.14.2-3
• HIGH7.5nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage.
  from 0, < 1.14.1-1
• HIGH7.5nginx - security update
  from 0, < 1.14.1-1
• HIGH7.5nginx - security update
  from 0, < 1.10.3-1+deb9u2
• HIGH7.5nginx - security update
  from 0, < 1.13.3-1
• HIGH7.5nginx - security update
  from 0, < 1.2.1-2.2+wheezy4+deb7u1
• HIGH7.5nginx - security update
  from 0, < 1.6.2-5+deb8u5
• HIGH7.5nginx - security update
  from 0, < 1.6.2-5+deb8u2
• HIGH7.5nginx - security update
  from 0, < 1.10.1-1
• HIGH7.5nginx - security update
  from 0, < 0.7.67-3+squeeze4+deb6u1
• HIGH7.5nginx - security update
  from 0, < 1.2.1-2.2+wheezy4
• HIGH7.5nginx - security update
  from 0, < 1.9.10-1
• HIGH7.4nginx - security update
  from 0, < 1.18.0-6.1+deb11u2
• HIGH7.4nginx - security update
  from 0, < 1.14.2-2+deb10u5
• HIGH7.1NGINX ngx_http_mp4_module vulnerability CVE-2022-41742
  from 0, < 1.18.0-6.1+deb11u3
• MEDIUM6.5NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability
  from 0, < 1.18.0-6.1+deb11u6
• MEDIUM6.5NGINX ngx_quic_module vulnerability
  from 0, < 1.26.3-3+deb13u5
• MEDIUM6.5NGINX HTTP/3 QUIC vulnerability
  from 0, < 1.26.0-2
• MEDIUM6.5Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service.
  from 0, < 1.14.2-3
• MEDIUM6.1nginx - security update
  from 0, < 1.6.2-5+deb8u6
• MEDIUM6.1nginx - security update
  from 0, < 1.14.1-1
• MEDIUM5.8NGINX ngx_http_proxy_v2_module vulnerability
  from 0, < 1.30.0-4
• MEDIUM5.5NGINX ngx_http_mp4_module vulnerability
  from 0, < 1.18.0-6.1+deb11u6
• MEDIUM5.4NGINX ngx_stream_ssl_module vulnerability
  from 0, < 1.28.3-2
• MEDIUM5.3NGINX HTTP/3 QUIC vulnerability
  from 0, < 1.26.0-2
• MEDIUM5.3NGINX HTTP/3 QUIC vulnerability
  from 0, < 1.26.0-2
• MEDIUM5.3nginx - security update
  from 0, < 1.18.0-6.1+deb11u5
• MEDIUM5.3nginx - security update
  from 0, < 1.18.0-6.1+deb11u5
• MEDIUM5.3NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker t…
  from 0, < 1.16.1-3
• MEDIUM5.3The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause…
  from 0, < 1.9.10-1
• MEDIUM4.8NGINX ngx_http_charset_module vulnerability
  from 0, < 1.18.0-6.1+deb11u6
• MEDIUM4.8NGINX ngx_http_ssl_module vulnerability
  from 0, < 1.18.0-6.1+deb11u6
• MEDIUM4.8NGINX HTTP/3 QUIC vulnerability
  from 0, < 1.26.0-2
• MEDIUM4.8nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)
  from 0, < 1.9.1-1
• MEDIUM4.7NGINX MP4 module vulnerability
  from 0, < 1.18.0-6.1+deb11u4
• MEDIUM4.7NGINX MP4 module vulnerability
  from 0, < 1.18.0-6.1+deb11u4
• LOW3.7NGINX ngx_mail_proxy_module vulnerability
  from 0, < 1.18.0-6.1+deb11u6
• —NGINX ngx_http_rewrite_module vulnerability
  from 0
• —NGINX ngx_http_rewrite_module vulnerability
  from 0, < 1.18.0-6.1+deb11u6
• —NGINX vulnerability
  from 0, < 1.22.1-9+deb12u4
• —NGINX vulnerability
  from 0, < 1.18.0-6.1+deb11u6
• —NGINX ngx_mail_smtp_module vulnerability
  from 0, < 1.18.0-6.1+deb11u6
• —TLS Session Resumption Vulnerability
  from 0, < 1.18.0-6.1+deb11u4
• —The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4…
  from 0, < 1.6.1-1
• —nginx - security update
  from 0, < 1.2.1-2.2+wheezy3
• —nginx - security update
  from 0, < 1.6.2-1
• —nginx - security update
  from 0, < 0.7.67-3+squeeze4
• —Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execu…
  from 0, < 1.4.7-1
• —nginx - restriction bypass
  from 0, < 1.2.1-2.2+wheezy2
• —nginx - restriction bypass
  from 0, < 1.4.4-1
• —The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log f…
  from 0
• —nginx - nginx security update
  from 0, < 1.4.1-1
• —nginx - nginx security update
  from 0, < 1.2.1-2.2+wheezy1
• —nginx - information leak
  from 0, < 1.2.1-2.2
• —nginx - information leak
  from 0, < 0.7.67-3+squeeze3
• —Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrar…
  from 0, < 1.2.1-2
• —Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the…
  from 0, < 1.1.19-1
• —nginx - sensitive information leak
  from 0, < 0.7.67-3+squeeze2
• —nginx - sensitive information leak
  from 0, < 1.1.17-1
• —Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause…
  from 0, < 1.1.8-1
• —nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's…
  from 0
• —Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17,…
  from 0, < 0.7.63-1
• —nginx - denial of service
  from 0, < 0.7.62-1
• —nginx - denial of service
  from 0, < 0.4.13-2+etch3
• —nginx - arbitrary code execution
  from 0, < 0.4.13-2+etch2
• —nginx - arbitrary code execution
  from 0, < 0.7.61-3