Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
f5 nginx vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-0088
The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 prior to 1.5.11, when running on a 32-bit platform, allows remote malicious users to execute arbitrary code via a crafted request.
F5 Nginx 1.5.10
NA
CVE-2014-0133
Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 prior to 1.4.7 and 1.5.x prior to 1.5.12 allows remote malicious users to execute arbitrary code via a crafted request.
F5 Nginx
Opensuse Opensuse 13.1
NA
CVE-2013-4547
nginx 0.8.41 up to and including 1.4.3 and 1.5.x prior to 1.5.7 allows remote malicious users to bypass intended restrictions via an unescaped space character in a URI.
F5 Nginx
Suse Lifecycle Management Server 1.3
Suse Studio Onsite 1.3
Suse Webyast 1.3
Opensuse Opensuse 11.4
Opensuse Opensuse 12.2
Opensuse Opensuse 12.3
Opensuse Opensuse 13.1
1 EDB exploit
1 Github repository
NA
CVE-2013-0337
The default configuration of nginx, possibly 1.3.13 and previous versions, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files.
F5 Nginx
F5 Nginx 1.2.0
F5 Nginx 1.1.9
F5 Nginx 1.1.8
F5 Nginx 1.1.7
F5 Nginx 1.1.12
F5 Nginx 1.1.11
F5 Nginx 1.1.10
F5 Nginx 1.1.1
F5 Nginx 1.0.11
F5 Nginx 1.0.10
F5 Nginx 1.0.1
F5 Nginx 1.0.0
F5 Nginx 1.3.8
F5 Nginx 1.3.7
F5 Nginx 1.3.6
F5 Nginx 1.3.5
F5 Nginx 1.1.2
F5 Nginx 1.1.19
F5 Nginx 1.1.18
F5 Nginx 1.1.17
F5 Nginx 1.0.5
NA
CVE-2013-2028
The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 up to and including 1.4.0 allows remote malicious users to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an i...
F5 Nginx
Fedoraproject Fedora 19
4 EDB exploits
7 Github repositories
NA
CVE-2013-2070
http/modules/ngx_http_proxy_module.c in nginx 1.1.4 up to and including 1.2.8 and 1.3.0 up to and including 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote malicious users to cause a denial of service (crash) and obtain sensitive information from worker ...
F5 Nginx
Debian Debian Linux 6.0
Debian Debian Linux 7.0
NA
CVE-2011-4963
nginx/Windows 1.3.x prior to 1.3.1 and 1.2.x prior to 1.2.1 allows remote malicious users to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
F5 Nginx
F5 Nginx 1.3.0
NA
CVE-2012-2089
Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 up to and including 1.0.14 and 1.1.3 up to and including 1.1.18, when the mp4 directive is used, allows remote malicious users to cause a denial of service (memory overwrite) or possibly exe...
F5 Nginx
Fedoraproject Fedora 15
Fedoraproject Fedora 16
Fedoraproject Fedora 17
NA
CVE-2012-1180
Use-after-free vulnerability in nginx prior to 1.0.14 and 1.1.x prior to 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
F5 Nginx
Fedoraproject Fedora 15
Fedoraproject Fedora 16
Fedoraproject Fedora 17
Debian Debian Linux 6.0
NA
CVE-2011-4315
Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx prior to 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
F5 Nginx
Fedoraproject Fedora 16
Suse Studio 1.2
Suse Studio Onsite 1.2
Suse Webyast 1.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »