Vulnerabilities > F5 > Nginx

DATE CVE VULNERABILITY TITLE RISK
2023-10-10 CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. 7.5
2022-10-19 CVE-2022-41741 Out-of-bounds Write vulnerability in multiple products
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file.
local
low complexity
f5 fedoraproject debian CWE-787
7.8
2022-10-19 CVE-2022-41742 Out-of-bounds Write vulnerability in multiple products
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file.
local
low complexity
f5 fedoraproject debian CWE-787
7.1
2022-03-23 CVE-2021-3618 ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates.
network
high complexity
f5 sendmail vsftpd-project fedoraproject debian
7.4
2021-06-06 CVE-2017-20005 Integer Overflow or Wraparound vulnerability in multiple products
NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module.
network
low complexity
f5 debian CWE-190
critical
9.8
2021-06-01 CVE-2021-23017 A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
network
high complexity
f5 openresty fedoraproject netapp oracle
7.7
2020-01-09 CVE-2019-20372 HTTP Request Smuggling vulnerability in multiple products
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
network
low complexity
f5 apple canonical opensuse netapp CWE-444
5.3
2019-11-19 CVE-2011-4968 Improper Input Validation vulnerability in multiple products
nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)
network
high complexity
f5 debian CWE-20
4.8
2019-08-13 CVE-2019-9516 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service.
6.5
2019-08-13 CVE-2019-9513 Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. 7.5