Vulnerabilities > F5 > Nginx > 1.4.6

DATE CVE VULNERABILITY TITLE RISK
2016-02-15 CVE-2016-0742 NULL Pointer Dereference vulnerability in multiple products
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.
network
low complexity
f5 canonical debian opensuse apple redhat CWE-476
5.0
5.0
2014-12-08 CVE-2014-3616 Insufficient Session Expiration vulnerability in multiple products
nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks.
network
f5 debian CWE-613
4.3
4.3
2014-03-28 CVE-2014-0133 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request.
network
low complexity
f5 opensuse CWE-787
7.5
7.5