Vulnerabilities > F5 > Nginx > 1.5.8

DATE CVE VULNERABILITY TITLE RISK
2022-03-23 CVE-2021-3618 ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates.
network
high complexity
f5 sendmail vsftpd-project fedoraproject debian
7.4
2021-06-06 CVE-2017-20005 Integer Overflow or Wraparound vulnerability in multiple products
NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module.
network
low complexity
f5 debian CWE-190
critical
9.8
2021-06-01 CVE-2021-23017 A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
network
high complexity
f5 openresty fedoraproject netapp oracle
7.7
2020-01-09 CVE-2019-20372 HTTP Request Smuggling vulnerability in multiple products
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
network
low complexity
f5 apple canonical opensuse netapp CWE-444
5.3
2018-11-07 CVE-2018-16845 nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file.
local
low complexity
f5 debian canonical opensuse apple
6.1
2017-07-13 CVE-2017-7529 Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
network
low complexity
f5 puppet apple
7.5
2016-11-29 CVE-2016-1247 Link Following vulnerability in multiple products
The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log.
local
low complexity
f5 fedoraproject CWE-59
7.8
2016-06-07 CVE-2016-4450 NULL Pointer Dereference vulnerability in multiple products
os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.
network
low complexity
canonical f5 debian CWE-476
7.5
2016-02-15 CVE-2016-0747 Resource Exhaustion vulnerability in multiple products
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.
network
low complexity
f5 canonical debian opensuse apple CWE-400
5.3
2016-02-15 CVE-2016-0746 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing.
network
low complexity
f5 canonical debian opensuse apple CWE-416
critical
9.8