Vulnerabilities > F5 > Nginx > High

DATE CVE VULNERABILITY TITLE RISK
2016-11-29 CVE-2016-1247 Link Following vulnerability in multiple products
The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log.
local
low complexity
f5 fedoraproject CWE-59
7.8
7.8
2016-06-07 CVE-2016-4450 NULL Pointer Dereference vulnerability in multiple products
os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.
network
low complexity
canonical f5 debian CWE-476
7.5
7.5
2016-02-15 CVE-2016-0742 NULL Pointer Dereference vulnerability in multiple products
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.
network
low complexity
f5 canonical debian opensuse apple redhat CWE-476
7.5
7.5