Vulnerabilities > Nginx

DATE CVE VULNERABILITY TITLE RISK
2020-08-13 CVE-2020-24349 Improper Input Validation vulnerability in Nginx NJS
njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c.
local
low complexity
nginx CWE-20
2.1
2020-08-13 CVE-2020-24348 Out-Of-Bounds Read vulnerability in Nginx NJS
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c.
local
low complexity
nginx CWE-125
2.1
2020-08-13 CVE-2020-24347 Out-Of-Bounds Read vulnerability in Nginx NJS
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c.
local
low complexity
nginx CWE-125
2.1
2020-08-13 CVE-2020-24346 USE After Free vulnerability in Nginx NJS
njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c.
network
nginx CWE-416
6.8
2020-05-14 CVE-2020-12440 Http Request Smuggling vulnerability in Nginx
** DISPUTED ** NGINX through 1.18.0 allows an HTTP request smuggling attack that can lead to cache poisoning, credential hijacking, or security bypass.
network
low complexity
nginx CWE-444
6.4
2020-01-09 CVE-2019-20372 Http Request Smuggling vulnerability in Nginx
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
network
nginx CWE-444
4.3
2019-11-19 CVE-2011-4968 Improper Input Validation vulnerability in multiple products
nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)
network
nginx debian CWE-20
5.8
2019-08-13 CVE-2019-9516 Allocation of Resources Without Limits OR Throttling vulnerability in multiple products
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service.
7.8
2019-08-13 CVE-2019-9513 Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. 7.8
2019-08-13 CVE-2019-9511 Allocation of Resources Without Limits OR Throttling vulnerability in multiple products
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service.
7.8