Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
---|
CVE-2024-7347 | vulnerable | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_ ... |
CVE-2020-36309 | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty ... |
CVE-2013-0337 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | vulnerable | vulnerable | The default configuration of nginx, possibly 1.3.13 and earlier, uses ... |
CVE-2011-4968 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | fixed | fixed | nginx http proxy module does not verify peer identity of https origin ... |
Bug | Description |
---|
CVE-2024-39792 | When the NGINX Plus is configured to use the MQTT pre-read module, und ... |
CVE-2022-41742 | NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source ... |
CVE-2022-41741 | NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source ... |
CVE-2021-23017 | A security issue in nginx resolver was identified, which might allow a ... |
CVE-2021-3618 | ALPACA is an application layer protocol content confusion attack, expl ... |
CVE-2020-11724 | An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_sub ... |
CVE-2019-20372 | NGINX before 1.17.7, with certain error_page configurations, allows HT ... |
CVE-2019-9516 | Some HTTP/2 implementations are vulnerable to a header leak, potential ... |
CVE-2019-9513 | Some HTTP/2 implementations are vulnerable to resource loops, potentia ... |
CVE-2019-9511 | Some HTTP/2 implementations are vulnerable to window size manipulation ... |
CVE-2018-16845 | nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_ht ... |
CVE-2018-16844 | nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the imp ... |
CVE-2018-16843 | nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the imp ... |
CVE-2017-20005 | NGINX before 1.13.6 has a buffer overflow for years that exceed four d ... |
CVE-2017-7529 | Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable t ... |
CVE-2016-4450 | os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 al ... |
CVE-2016-1247 | The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx pa ... |
CVE-2016-0747 | The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not pr ... |
CVE-2016-0746 | Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1 ... |
CVE-2016-0742 | The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remo ... |
CVE-2014-3616 | nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cach ... |
CVE-2014-3556 | The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMT ... |
CVE-2014-0133 | Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 ... |
CVE-2014-0088 | The SPDY implementation in the ngx_http_spdy_module module in nginx 1. ... |
CVE-2013-4547 | nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attack ... |
CVE-2013-2070 | http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and ... |
CVE-2013-2028 | The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx ... |
CVE-2012-4929 | The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google C ... |
CVE-2012-3380 | Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Nax ... |
CVE-2012-2089 | Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module mo ... |
CVE-2012-1180 | Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1 ... |
CVE-2011-4963 | nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote ... |
CVE-2011-4315 | Heap-based buffer overflow in compression-pointer processing in core/n ... |
CVE-2010-2266 | nginx 0.8.36 allows remote attackers to cause a denial of service (cra ... |
CVE-2010-2263 | nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows ... |
CVE-2009-3898 | Directory traversal vulnerability in src/http/modules/ngx_http_dav_mod ... |
CVE-2009-3896 | src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14 ... |
CVE-2009-3555 | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as us ... |
CVE-2009-2629 | Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0 ... |