1.0.14

DATE	CVE	VULNERABILITY TITLE	RISK
2014-12-08	CVE-2014-3616	Insufficient Session Expiration vulnerability in multiple products nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks. network f5 debian CWE-613	4.3
2013-11-23	CVE-2013-4547	Improper Encoding or Escaping of Output vulnerability in multiple products nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. network low complexity f5 suse opensuse CWE-116	7.5
2013-10-27	CVE-2013-0337	Permissions, Privileges, and Access Controls vulnerability in F5 Nginx The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files. network low complexity f5 CWE-264	7.5
2012-07-26	CVE-2011-4963	Unspecified vulnerability in F5 Nginx nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . network low complexity f5	5.0
2012-04-17	CVE-2012-2089	Classic Buffer Overflow vulnerability in multiple products Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file. network f5 fedoraproject CWE-120	6.8