Vulnerabilities > F5 > Nginx > 1.3.16
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-02-15 | CVE-2016-0742 | NULL Pointer Dereference vulnerability in multiple products The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. | 5.0 |
| 2014-12-08 | CVE-2014-3616 | Insufficient Session Expiration vulnerability in multiple products nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks. | 4.3 |
| 2014-03-28 | CVE-2014-0133 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request. | 7.5 |
| 2013-11-23 | CVE-2013-4547 | Improper Encoding or Escaping of Output vulnerability in multiple products nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. | 7.5 |
| 2013-07-20 | CVE-2013-2070 | http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028. | 5.8 |
| 2013-07-20 | CVE-2013-2028 | Out-of-bounds Write vulnerability in multiple products The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow. | 7.5 |