Vulnerabilities > F5 > Nginx > 1.5.5

DATE CVE VULNERABILITY TITLE RISK
2016-02-15 CVE-2016-0742 NULL Pointer Dereference vulnerability in multiple products
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.
network
low complexity
f5 canonical debian opensuse apple redhat CWE-476
5.0
5.0
2014-12-08 CVE-2014-3616 Insufficient Session Expiration vulnerability in multiple products
nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks.
network
f5 debian CWE-613
4.3
4.3
2014-03-28 CVE-2014-0133 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request.
network
low complexity
f5 opensuse CWE-787
7.5
7.5
2013-11-23 CVE-2013-4547 Improper Encoding or Escaping of Output vulnerability in multiple products
nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.
network
low complexity
f5 suse opensuse CWE-116
7.5
7.5