nginx-mainline

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Lightweight HTTP server and IMAP/POP3 proxy server, mainline release
Version 1.27.2-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2103 1.19.10-1 1.21.0-1 Medium Fixed
AVG-1987 1.19.10-1 1.21.0-1 Medium Fixed
AVG-1022 1.17.2-1 1.17.3-1 Medium Fixed
AVG-346 1.13.2-1 1.13.3-1 High Fixed
AVG-139 1.11.8-1 1.11.8-2 High Fixed FS#52547
Issue Group Severity Remote Type Description
CVE-2021-23017 AVG-1987 Medium Yes Arbitrary code execution
A security issue in nginx resolver was identified, which might allow an attacker to cause 1-byte memory overwrite by using a specially crafted DNS response,...
CVE-2021-3618 AVG-2103 Medium Yes Insufficient validation
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates,...
CVE-2019-9516 AVG-1022 Medium Yes Denial of service
An issue has been found in several HTTP/2 implementations, where the attacker sends a stream of headers with a 0-length header name and 0-length header...
CVE-2019-9513 AVG-1022 Medium Yes Denial of service
An issue has been found in several HTTP/2 implementations, where the attacker creates multiple request streams and continually shuffles the priority of the...
CVE-2019-9511 AVG-1022 Medium Yes Denial of service
An issue has been found in several HTTP/2 implementations, where the attacker requests a large amount of data from a specified resource over multiple...
CVE-2017-7529 AVG-346 High Yes Information disclosure
A security issue was identified in the range filter module of nginx < 1.13.3. A specially crafted request might result in an integer overflow and incorrect...
CVE-2016-1247 AVG-139 High No Privilege escalation
A symlink attack vulnerability was discovered in nginx. An attacker who could already run commands under the nginx user id could use this access to append...

Advisories

Date Advisory Group Severity Type
22 Jun 2021 ASA-202106-48 AVG-1987 Medium arbitrary code execution
16 Aug 2019 ASA-201908-12 AVG-1022 Medium denial of service
12 Jul 2017 ASA-201707-12 AVG-346 High information disclosure
15 Jan 2017 ASA-201701-24 AVG-139 High privilege escalation