Page 2 of 22 results (0.006 seconds)

CVSS: 7.5EPSS: 96%CPEs: 6EXPL: 8

CVE-2017-7529 – nginx: Integer overflow in nginx range filter module leading to memory disclosure

https://notcve.org/view.php?id=CVE-2017-7529

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. Las versiones desde la 0.5.6 hasta 1.13.2 incluyéndola de Nginx, son susceptibles a una vulnerabilidad de desbordamiento de enteros en el módulo filtro de rango de nginx, resultando en un filtrado de información potencialmente confidencial activada por una petición especialmente creada. A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory by sending specially crafted HTTP requests. • https://github.com/liusec/CVE-2017-7529 https://github.com/MaxSecurity/CVE-2017-7529-POC https://github.com/Shehzadcyber/CVE-2017-7529 https://github.com/SirEagIe/CVE-2017-7529 https://github.com/cyberk1w1/CVE-2017-7529 https://github.com/cyberharsh/nginx-CVE-2017-7529 https://github.com/coolman6942o/-Exploit-CVE-2017-7529 https://github.com/fu2x2000/CVE-2017-7529-Nginx---Remote-Integer-Overflow-Exploit http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html http: • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 4

CVE-2016-1247 – Nginx (Debian Based Distros + Gentoo) - 'logrotate' Local Privilege Escalation

https://notcve.org/view.php?id=CVE-2016-1247

The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log. El paquete nginx en versiones anteriores a 1.6.2-5+deb8u3 en Debian jessie, los paquetes nginx en versiones anteriores a 1.4.6-1ubuntu3.6 en Ubuntu 14.04 LTS, en versiones anteriores a 1.10.0-0ubuntu0.16.04.3 en Ubuntu 16.04 LTS y en versiones anteriores a 1.10.1-0ubuntu1.1 en Ubuntu 16.10 y la nginx ebuild en versiones anteriores a 1.10.2-r3 en Gentoo permiten a usuarios locales con acceso a la cuenta de usuario del servidor web obtener privilegios de root a través de un ataque de enlace simbólico en el registro de error. • https://www.exploit-db.com/exploits/40768 http://packetstormsecurity.com/files/139750/Nginx-Debian-Based-Distros-Root-Privilege-Escalation.html http://seclists.org/fulldisclosure/2016/Nov/78 http://seclists.org/fulldisclosure/2017/Jan/33 http://www.debian.org/security/2016/dsa-3701 http://www.securityfocus.com/archive/1/539796/100/0/threaded http://www.securityfocus.com/bid/93903 http://www.securitytracker.com/id/1037104 http://www.ubuntu.com/usn/USN-3114-1 https://legalhacke • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.5EPSS: 87%CPEs: 10EXPL: 0

CVE-2016-0742 – nginx: invalid pointer dereference in resolver

https://notcve.org/view.php?id=CVE-2016-0742

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. El traductor de direcciones en nginx en versiones anteriores a 1.8.1 y 1.9.x en versiones anteriores a 1.9.10 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero no válido y caída del proceso trabajador) a través de una respuesta UDP DNS manipulada. It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash if nginx enabled the resolver in its configuration. • http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html http://seclists.org/fulldisclosure/2021/Sep/36 http://www.debian.org/security/2016/dsa-3473 http://www.securitytracker.com/id/1034869 http://www.ubuntu.com/usn/USN-2892-1 https://access.redhat.com/errata/RHSA-2016:1425 https://bto.bluecoat.com/security-advisory/sa115 https://bugzilla.redhat.com/show_bug.cgi?id=1302587 https://security.gentoo • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •

CVSS: 9.8EPSS: 4%CPEs: 9EXPL: 0

CVE-2016-0746 – nginx: use-after-free during CNAME response processing in resolver

https://notcve.org/view.php?id=CVE-2016-0746

Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing. Vulnerabilidad de uso de memoria previamente liberada en la resolución en nginx, de la versión 0.6.18 hasta la 1.8.0 y versiones 1.9.x anteriores a la 1.9.10, permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado del proceso worker) o que tengan otro tipo de impacto sin especificar mediante una respuesta DNS relacionada con el procesamiento de respuestas CNAME. A use-after-free flaw was found in the way nginx resolved certain CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash or, possibly, execute arbitrary code if nginx enabled the resolver in its configuration. • http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html http://seclists.org/fulldisclosure/2021/Sep/36 http://www.debian.org/security/2016/dsa-3473 http://www.securitytracker.com/id/1034869 http://www.ubuntu.com/usn/USN-2892-1 https://access.redhat.com/errata/RHSA-2016:1425 https://bto.bluecoat.com/security-advisory/sa115 https://bugzilla.redhat.com/show_bug.cgi?id=1302588 https://security.gentoo • CWE-416: Use After Free •

CVSS: 5.3EPSS: 1%CPEs: 10EXPL: 0

CVE-2016-0747 – nginx: Insufficient limits of CNAME resolution in resolver

https://notcve.org/view.php?id=CVE-2016-0747

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution. El traductor de direcciones en nginx en versiones anteriores a 1.8.1 y 1.9.x en versiones anteriores a 1.9.10 no limita correctamente la resolución CNAME, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de recursos por el proceso trabajador) a través de vectores relacionados con la resolución de nombre arbitrario. It was discovered that nginx did not limit recursion when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to use an excessive amount of resources if nginx enabled the resolver in its configuration. • http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html http://seclists.org/fulldisclosure/2021/Sep/36 http://www.debian.org/security/2016/dsa-3473 http://www.securitytracker.com/id/1034869 http://www.ubuntu.com/usn/USN-2892-1 https://access.redhat.com/errata/RHSA-2016:1425 https://bto.bluecoat.com/security-advisory/sa115 https://bugzilla.redhat.com/show_bug.cgi?id=1302589 https://security.gentoo • CWE-400: Uncontrolled Resource Consumption •