The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of nginx

2 nginx: buffer overflow via njs nxt_sprintf.c
An attacker can trigger a buffer overflow via njs nxt_sprintf.c of nginx, in order to trigger a denial of service, and possibly to run code...
174, CVE-2019-13617, VIGILANCE-VUL-29803
2 nginx: buffer overflow via njs
An attacker can trigger a buffer overflow via njs of nginx, in order to trigger a denial of service, and possibly to run code...
162, 163, 168, CVE-2019-12206, CVE-2019-12207, CVE-2019-12208, VIGILANCE-VUL-29368
2 nginx: infinite loop via ngx_http_mp4_module
An attacker can generate an infinite loop via ngx_http_mp4_module of nginx, in order to trigger a denial of service...
CERTFR-2018-AVI-535, CVE-2018-16845, DLA-1572-1, DSA-4335-1, openSUSE-SU-2019:0195-1, openSUSE-SU-2019:2120-1, RHSA-2018:3652-01, RHSA-2018:3653-01, RHSA-2018:3680-01, RHSA-2018:3681-01, SUSE-SU-2019:0334-1, SUSE-SU-2019:2309-1, USN-3812-1, VIGILANCE-VUL-27706
3 nginx: denial of service via ngx_http_v2_module
An attacker can generate a fatal error via ngx_http_v2_module of nginx, in order to trigger a denial of service...
CERTFR-2018-AVI-535, CVE-2018-16843, CVE-2018-16844, DSA-4335-1, ibm10960610, openSUSE-SU-2019:0195-1, openSUSE-SU-2019:2120-1, RHSA-2018:3653-01, RHSA-2018:3680-01, RHSA-2018:3681-01, SUSE-SU-2019:0334-1, SUSE-SU-2019:2309-1, USN-3812-1, VIGILANCE-VUL-27705
2 nginx: information disclosure via Ranges
An attacker can bypass access restrictions to data via Ranges of nginx, in order to obtain sensitive information...
CERTFR-2017-AVI-211, CVE-2017-7529, DLA-1024-1, DSA-3908-1, FEDORA-2017-aecd25b8a9, FEDORA-2017-c27a947af1, openSUSE-SU-2017:2003-1, openSUSE-SU-2018:0813-1, openSUSE-SU-2018:0823-1, RHSA-2017:2538-01, Synology-SA-17:27, USN-3352-1, VIGILANCE-VUL-23215
3 Web servers: creating client queries via the Proxy header
An attacker can send a query with a malicious Proxy header to a web service hosting a CGI script creating web client queries, so they go through attacker's proxy...
1117414, 1994719, 1994725, 1999671, APPLE-SA-2017-09-25-1, bulletinjul2017, bulletinoct2016, c05324759, CERTFR-2016-AVI-240, CERTFR-2017-AVI-012, CERTFR-2017-AVI-022, cpujan2018, CVE-2016-1000104, CVE-2016-1000105, CVE-2016-1000107, CVE-2016-1000108, CVE-2016-1000109, CVE-2016-1000110, CVE-2016-1000111, CVE-2016-1000212, CVE-2016-5385, CVE-2016-5386, CVE-2016-5387, CVE-2016-5388, DLA-1883-1, DLA-553-1, DLA-568-1, DLA-583-1, DLA-749-1, DRUPAL-SA-CORE-2016-003, DSA-2019-131, DSA-3623-1, DSA-3631-1, DSA-3642-1, EZSA-2016-001, FEDORA-2016-07e9059072, FEDORA-2016-2c324d0670, FEDORA-2016-340e361b90, FEDORA-2016-4094bd4ad6, FEDORA-2016-4e7db3d437, FEDORA-2016-604616dc33, FEDORA-2016-683d0b257b, FEDORA-2016-970edb82d4, FEDORA-2016-9c8cf5912c, FEDORA-2016-9de7253cc7, FEDORA-2016-9fd814a7f2, FEDORA-2016-9fd9bfab9e, FEDORA-2016-a29c65b00f, FEDORA-2016-aef8a45afe, FEDORA-2016-c1b01b9278, FEDORA-2016-df0726ae26, FEDORA-2016-e2c8f5f95a, FEDORA-2016-ea5e284d34, HPSBUX03665, HT207615, HT208144, HT208221, httpoxy, JSA10770, JSA10774, openSUSE-SU-2016:1824-1, openSUSE-SU-2016:2054-1, openSUSE-SU-2016:2055-1, openSUSE-SU-2016:2115-1, openSUSE-SU-2016:2120-1, openSUSE-SU-2016:2252-1, openSUSE-SU-2016:2536-1, openSUSE-SU-2016:3092-1, openSUSE-SU-2016:3157-1, openSUSE-SU-2017:0223-1, RHSA-2016:1420-01, RHSA-2016:1421-01, RHSA-2016:1422-01, RHSA-2016:1538-01, RHSA-2016:1609-01, RHSA-2016:1610-01, RHSA-2016:1611-01, RHSA-2016:1612-01, RHSA-2016:1613-01, RHSA-2016:1624-01, RHSA-2016:1626-01, RHSA-2016:1627-01, RHSA-2016:1628-01, RHSA-2016:1629-01, RHSA-2016:1630-01, RHSA-2016:1635-01, RHSA-2016:1636-01, RHSA-2016:1648-01, RHSA-2016:1649-01, RHSA-2016:1650-01, RHSA-2016:1978-01, RHSA-2016:2045-01, RHSA-2016:2046-01, SSA:2016-203-02, SSA:2016-358-01, SSA:2016-363-01, SUSE-SU-2017:1632-1, SUSE-SU-2017:1660-1, SUSE-SU-2019:0223-1, USN-3038-1, USN-3045-1, USN-3134-1, USN-3177-1, USN-3177-2, USN-3585-1, VIGILANCE-VUL-20143, VU#797896
2 nginx: denial of service via proxy_request_buffering
An attacker can request nginx with HTTP version 2, in order to trigger a denial of service...
VIGILANCE-VUL-20030
3 nginx: NULL pointer dereference via ngx_files.c
An attacker can force a NULL pointer to be dereferenced in nginx, in order to trigger a denial of service...
CERTFR-2016-AVI-185, CVE-2016-4450, DSA-3592-1, FEDORA-2016-ea323bd6cf, openSUSE-SU-2017:0361-1, RHSA-2016:1425-01, USN-2991-1, VIGILANCE-VUL-19745
2 nginx: three vulnerabilities of the DNS client
An attacker who controls a DNS server can use several vulnerabilities of nginx...
CERTFR-2016-AVI-039, CVE-2016-0742, CVE-2016-0746, CVE-2016-0747, DSA-3473-1, FEDORA-2016-bf03932bb3, FEDORA-2016-fd3428577d, openSUSE-SU-2016:0371-1, RHSA-2016:1425-01, USN-2892-1, VIGILANCE-VUL-18828
2 nginx: use after free via HTTPv2
An attacker can force the usage of a freed memory area in the HTTPv2 implementation of nginx, in order to trigger a denial of service, and possibly to run code...
VIGILANCE-VUL-18213
Our database contains other pages. You can request a free trial to read them.

Display information about nginx: