Vulnerabilities > F5 > Nginx > 0.5.28
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-23 | CVE-2021-3618 | ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. | 7.4 |
2021-06-06 | CVE-2017-20005 | Integer Overflow or Wraparound vulnerability in multiple products NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module. | 9.8 |
2020-01-09 | CVE-2019-20372 | HTTP Request Smuggling vulnerability in multiple products NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer. | 5.3 |
2017-07-13 | CVE-2017-7529 | Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. | 7.5 |
2016-11-29 | CVE-2016-1247 | Link Following vulnerability in multiple products The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log. | 7.8 |