Vulnerabilities > Nginx

DATE CVE VULNERABILITY TITLE RISK
2021-06-06 CVE-2017-20005 Integer Overflow OR Wraparound vulnerability in multiple products
NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module.
network
low complexity
nginx debian CWE-190
7.5
2021-06-01 CVE-2021-23017 Off-By-One Error vulnerability in multiple products
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
network
low complexity
nginx openresty fedoraproject CWE-193
7.5
2020-08-13 CVE-2020-24349 Improper Input Validation vulnerability in Nginx NJS
njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c.
local
low complexity
nginx CWE-20
2.1
2020-08-13 CVE-2020-24348 Out-Of-Bounds Read vulnerability in Nginx NJS
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c.
local
low complexity
nginx CWE-125
2.1
2020-08-13 CVE-2020-24347 Out-Of-Bounds Read vulnerability in Nginx NJS
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c.
local
low complexity
nginx CWE-125
2.1
2020-08-13 CVE-2020-24346 USE After Free vulnerability in Nginx NJS
njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c.
network
nginx CWE-416
6.8
2020-05-14 CVE-2020-12440 Http Request Smuggling vulnerability in Nginx
** DISPUTED ** NGINX through 1.18.0 allows an HTTP request smuggling attack that can lead to cache poisoning, credential hijacking, or security bypass.
network
low complexity
nginx CWE-444
6.4
2020-01-09 CVE-2019-20372 Http Request Smuggling vulnerability in Nginx
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
network
nginx CWE-444
4.3
2019-11-19 CVE-2011-4968 Improper Input Validation vulnerability in multiple products
nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)
network
nginx debian CWE-20
5.8
2019-08-13 CVE-2019-9516 Allocation of Resources Without Limits OR Throttling vulnerability in multiple products
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service.
6.8