Vulnerabilities > F5 > Nginx

DATE CVE VULNERABILITY TITLE RISK
2019-08-13 CVE-2019-9511 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service.
7.5
2018-11-07 CVE-2018-16845 nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file.
local
low complexity
f5 debian canonical opensuse apple
6.1
2018-11-07 CVE-2018-16844 nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage.
network
low complexity
f5 debian canonical apple
7.5
2018-11-07 CVE-2018-16843 nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption.
network
low complexity
f5 debian canonical opensuse apple
7.5
2017-07-13 CVE-2017-7529 Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
network
low complexity
f5 puppet apple
7.5
2016-11-29 CVE-2016-1247 Link Following vulnerability in multiple products
The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log.
local
low complexity
f5 fedoraproject CWE-59
7.8
2016-06-07 CVE-2016-4450 NULL Pointer Dereference vulnerability in multiple products
os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.
network
low complexity
canonical f5 debian CWE-476
7.5
2016-02-15 CVE-2016-0747 Resource Exhaustion vulnerability in multiple products
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.
network
low complexity
f5 canonical debian opensuse apple CWE-400
5.3
2016-02-15 CVE-2016-0746 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing.
network
low complexity
f5 canonical debian opensuse apple CWE-416
critical
9.8
2016-02-15 CVE-2016-0742 NULL Pointer Dereference vulnerability in multiple products
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.
network
low complexity
f5 canonical debian opensuse apple redhat CWE-476
7.5