Product:

Nginx

(F5)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 40
Date Id Summary Products Score Patch Annotated
2014-03-28 CVE-2014-0133 Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request. Nginx, Opensuse N/A
2014-04-29 CVE-2014-0088 The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request. Nginx N/A
2014-12-08 CVE-2014-3616 nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks. Debian_linux, Nginx N/A
2014-12-29 CVE-2014-3556 The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. Nginx N/A
2016-06-07 CVE-2016-4450 os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file. Ubuntu_linux, Debian_linux, Nginx 7.5
2019-11-19 CVE-2011-4968 nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM) Debian_linux, Nginx 4.8