nginx
Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
Description | Lightweight HTTP server and IMAP/POP3 proxy server |
Version |
1.28.0-4 [extra-testing] 1.28.0-3 [extra] |
Open
Group | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|
AVG-2102 | 1.20.2-1 | Medium | Vulnerable |
Issue | Group | Severity | Remote | Type | Description |
---|---|---|---|---|---|
CVE-2021-3618 | AVG-2102 | Medium | Yes | Insufficient validation | ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates,... |
Resolved
Group | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|
AVG-1988 | 1.20.0-1 | 1.20.1-1 | Medium | Fixed | |
AVG-1023 | 1.16.0-1 | 1.16.1-1 | Medium | Fixed | |
AVG-345 | 1.12.0-2 | 1.12.1-1 | High | Fixed | |
AVG-138 | 1.10.2-2 | 1.10.2-3 | High | Fixed | FS#52546 |
Issue | Group | Severity | Remote | Type | Description |
---|---|---|---|---|---|
CVE-2021-23017 | AVG-1988 | Medium | Yes | Arbitrary code execution | A security issue in nginx resolver was identified, which might allow an attacker to cause 1-byte memory overwrite by using a specially crafted DNS response,... |
CVE-2019-9516 | AVG-1023 | Medium | Yes | Denial of service | An issue has been found in several HTTP/2 implementations, where the attacker sends a stream of headers with a 0-length header name and 0-length header... |
CVE-2019-9513 | AVG-1023 | Medium | Yes | Denial of service | An issue has been found in several HTTP/2 implementations, where the attacker creates multiple request streams and continually shuffles the priority of the... |
CVE-2019-9511 | AVG-1023 | Medium | Yes | Denial of service | An issue has been found in several HTTP/2 implementations, where the attacker requests a large amount of data from a specified resource over multiple... |
CVE-2017-7529 | AVG-345 | High | Yes | Information disclosure | A security issue was identified in the range filter module of nginx < 1.13.3. A specially crafted request might result in an integer overflow and incorrect... |
CVE-2016-1247 | AVG-138 | High | No | Privilege escalation | A symlink attack vulnerability was discovered in nginx. An attacker who could already run commands under the nginx user id could use this access to append... |
Advisories
Date | Advisory | Group | Severity | Type |
---|---|---|---|---|
15 Jun 2021 | ASA-202106-36 | AVG-1988 | Medium | arbitrary code execution |
16 Aug 2019 | ASA-201908-13 | AVG-1023 | Medium | denial of service |
12 Jul 2017 | ASA-201707-11 | AVG-345 | High | information disclosure |
15 Jan 2017 | ASA-201701-23 | AVG-138 | High | privilege escalation |