nginx

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	Lightweight HTTP server and IMAP/POP3 proxy server
Version	1.20.1-1 [extra]

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-1988	1.20.0-1	1.20.1-1	Medium	Fixed
AVG-1023	1.16.0-1	1.16.1-1	Medium	Fixed
AVG-345	1.12.0-2	1.12.1-1	High	Fixed
AVG-138	1.10.2-2	1.10.2-3	High	Fixed	FS#52546

Issue	Group	Severity	Remote	Type	Description
CVE-2021-23017	AVG-1988	Medium	Yes	Arbitrary code execution	A security issue in nginx resolver was identified, which might allow an attacker to cause 1-byte memory overwrite by using a specially crafted DNS response,...
CVE-2019-9516	AVG-1023	Medium	Yes	Denial of service	An issue has been found in several HTTP/2 implementations, where the attacker sends a stream of headers with a 0-length header name and 0-length header...
CVE-2019-9513	AVG-1023	Medium	Yes	Denial of service	An issue has been found in several HTTP/2 implementations, where the attacker creates multiple request streams and continually shuffles the priority of the...
CVE-2019-9511	AVG-1023	Medium	Yes	Denial of service	An issue has been found in several HTTP/2 implementations, where the attacker requests a large amount of data from a specified resource over multiple...
CVE-2017-7529	AVG-345	High	Yes	Information disclosure	A security issue was identified in the range filter module of nginx < 1.13.3. A specially crafted request might result in an integer overflow and incorrect...
CVE-2016-1247	AVG-138	High	No	Privilege escalation	A symlink attack vulnerability was discovered in nginx. An attacker who could already run commands under the nginx user id could use this access to append...

Advisories

Date	Advisory	Group	Severity	Type
15 Jun 2021	ASA-202106-36	AVG-1988	Medium	arbitrary code execution
16 Aug 2019	ASA-201908-13	AVG-1023	Medium	denial of service
12 Jul 2017	ASA-201707-11	AVG-345	High	information disclosure
15 Jan 2017	ASA-201701-23	AVG-138	High	privilege escalation