Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nginx vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-2070
http/modules/ngx_http_proxy_module.c in nginx 1.1.4 up to and including 1.2.8 and 1.3.0 up to and including 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote malicious users to cause a denial of service (crash) and obtain sensitive information from worker ...
F5 Nginx
Debian Debian Linux 6.0
Debian Debian Linux 7.0
NA
CVE-2014-3616
nginx 0.5.6 up to and including 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusi...
F5 Nginx
Debian Debian Linux 7.0
Debian Debian Linux 8.0
NA
CVE-2012-2089
Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 up to and including 1.0.14 and 1.1.3 up to and including 1.1.18, when the mp4 directive is used, allows remote malicious users to cause a denial of service (memory overwrite) or possibly exe...
F5 Nginx
Fedoraproject Fedora 15
Fedoraproject Fedora 16
Fedoraproject Fedora 17
5.3
CVSSv3
CVE-2019-20372
NGINX prior to 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an malicious user to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
F5 Nginx
Apple Xcode
Canonical Ubuntu Linux 14.04
Opensuse Leap 15.1
Netapp Cloud Backup -
4 Github repositories
7.5
CVSSv3
CVE-2021-42717
ModSecurity 3.x up to and including 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy...
Trustwave Modsecurity
F5 Nginx Modsecurity Waf R25
F5 Nginx Modsecurity Waf R24
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Oracle Http Server 12.2.1.3.0
Oracle Http Server 12.2.1.4.0
Oracle Zfs Storage Appliance Kit 8.8
1 Github repository
NA
CVE-2011-4315
Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx prior to 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
F5 Nginx
Fedoraproject Fedora 16
Suse Studio 1.2
Suse Studio Onsite 1.2
Suse Webyast 1.2
NA
CVE-2012-1180
Use-after-free vulnerability in nginx prior to 1.0.14 and 1.1.x prior to 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
F5 Nginx
Fedoraproject Fedora 15
Fedoraproject Fedora 16
Fedoraproject Fedora 17
Debian Debian Linux 6.0
7.5
CVSSv3
CVE-2021-23050
On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x prior to 16.0.1.2 and 15.1.x prior to 15.1.3 and NGINX App Protect on all versions prior to 3.5.0, when a cross-site request forgery (CSRF)-enabled policy is configured on a virtual server, an undisclosed HTML response may caus...
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Security Manager
F5 Nginx App Protect
7.4
CVSSv3
CVE-2021-3618
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer c...
F5 Nginx
Sendmail Sendmail
Vsftpd Project Vsftpd
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 10.0
1 Github repository
NA
CVE-2009-2629
Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 up to and including 0.5.37, 0.6.x prior to 0.6.39, 0.7.x prior to 0.7.62, and 0.8.x prior to 0.8.15 allows remote malicious users to execute arbitrary code via crafted HTTP requests.
F5 Nginx
Debian Debian Linux 4.0
Debian Debian Linux 5.0
Debian Debian Linux 6.0
Fedoraproject Fedora 10
Fedoraproject Fedora 11
Fedoraproject Fedora 12
1 EDB exploit
2 Github repositories
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »