Vulnerabilities > Nginx
|2021-06-06||CVE-2017-20005|| Integer Overflow or Wraparound vulnerability in multiple products |
NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module.
| 7.5 |
|2020-08-13||CVE-2020-24349|| Improper Input Validation vulnerability in Nginx NJS |
njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c.
| 2.1 |
|2020-08-13||CVE-2020-24348|| Out-of-bounds Read vulnerability in Nginx NJS |
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c.
| 2.1 |
|2020-08-13||CVE-2020-24347|| Out-of-bounds Read vulnerability in Nginx NJS |
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c.
| 2.1 |
|2020-08-13||CVE-2020-24346|| Use After Free vulnerability in Nginx NJS |
njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c.
| 6.8 |
|2020-05-14||CVE-2020-12440|| HTTP Request Smuggling vulnerability in Nginx |
** DISPUTED ** NGINX through 1.18.0 allows an HTTP request smuggling attack that can lead to cache poisoning, credential hijacking, or security bypass.
| 6.4 |
|2020-01-09||CVE-2019-20372|| HTTP Request Smuggling vulnerability in Nginx |
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
| 4.3 |
|2019-11-19||CVE-2011-4968|| Improper Input Validation vulnerability in multiple products |
nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)
| 5.8 |
|2019-08-13||CVE-2019-9516|| Allocation of Resources Without Limits or Throttling vulnerability in multiple products |
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service.
| 6.8 |
|2019-08-13||CVE-2019-9513||Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service.|| 7.8 |