nginx

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Lightweight HTTP server and IMAP/POP3 proxy server
Version 1.20.1-1 [extra]

Open

Group Affected Fixed Severity Status Ticket
AVG-2102 1.20.1-1 Medium Vulnerable
Issue Group Severity Remote Type Description
CVE-2021-3618 AVG-2102 Medium Yes Insufficient validation
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates,...

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1988 1.20.0-1 1.20.1-1 Medium Fixed
AVG-1023 1.16.0-1 1.16.1-1 Medium Fixed
AVG-345 1.12.0-2 1.12.1-1 High Fixed
AVG-138 1.10.2-2 1.10.2-3 High Fixed FS#52546
Issue Group Severity Remote Type Description
CVE-2021-23017 AVG-1988 Medium Yes Arbitrary code execution
A security issue in nginx resolver was identified, which might allow an attacker to cause 1-byte memory overwrite by using a specially crafted DNS response,...
CVE-2019-9516 AVG-1023 Medium Yes Denial of service
An issue has been found in several HTTP/2 implementations, where the attacker sends a stream of headers with a 0-length header name and 0-length header...
CVE-2019-9513 AVG-1023 Medium Yes Denial of service
An issue has been found in several HTTP/2 implementations, where the attacker creates multiple request streams and continually shuffles the priority of the...
CVE-2019-9511 AVG-1023 Medium Yes Denial of service
An issue has been found in several HTTP/2 implementations, where the attacker requests a large amount of data from a specified resource over multiple...
CVE-2017-7529 AVG-345 High Yes Information disclosure
A security issue was identified in the range filter module of nginx < 1.13.3. A specially crafted request might result in an integer overflow and incorrect...
CVE-2016-1247 AVG-138 High No Privilege escalation
A symlink attack vulnerability was discovered in nginx. An attacker who could already run commands under the nginx user id could use this access to append...

Advisories

Date Advisory Group Severity Type
15 Jun 2021 ASA-202106-36 AVG-1988 Medium arbitrary code execution
16 Aug 2019 ASA-201908-13 AVG-1023 Medium denial of service
12 Jul 2017 ASA-201707-11 AVG-345 High information disclosure
15 Jan 2017 ASA-201701-23 AVG-138 High privilege escalation