-
Latest security vulnerabilities Nginx products
Jul 16, 2019 | 00:00 am
njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an njs_parser_lexer_error call and then an njs_parser_scope_error call. (CVSS:4.3) (Last Update:2019-07-18)
Read more...
-
Latest security vulnerabilities Nginx products
Jun 29, 2019 | 00:00 am
njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for CVE-2019-12207 is in place. (CVSS:7.5) (Last Update:2019-07-05)
Read more...
-
Latest security vulnerabilities Nginx products
May 20, 2019 | 00:00 am
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c. (CVSS:7.5) (Last Update:2019-05-20)
Read more...
-
Latest security vulnerabilities Nginx products
May 9, 2019 | 00:00 am
njs through 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative arguments, related to nxt_utf8_next in nxt/nxt_utf8.h and njs_string_offset in njs/njs_string.c. (CVSS:5.0) (Last Update:2019-05-09)
Read more...
-
Latest security vulnerabilities Nginx products
Nov 7, 2018 | 00:00 am
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen'[…]
Read more...
-
Latest security vulnerabilities Nginx products
Jul 13, 2017 | 00:00 am
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. (CVSS:5.0) (Last Update:2018-01-04)
Read more...
-
Latest security vulnerabilities Nginx products
Nov 29, 2016 | 00:00 am
The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users[…]
Read more...
-
Latest security vulnerabilities Nginx products
Jun 7, 2016 | 00:00 am
os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file. (CVSS:5.0)[…]
Read more...
-
Latest security vulnerabilities Nginx products
Feb 15, 2016 | 00:00 am
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. (CVSS:5.0) (Last Update:2018-10-30)
Read more...
-
Latest security vulnerabilities Nginx products
Dec 29, 2014 | 00:00 am
The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a[…]
Read more...