Page 2 of 18 results (0.007 seconds)

CVSS: 8.1EPSS: 37%CPEs: 25EXPL: 4

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. Se identificó un problema de seguridad en el solucionador de nginx, que podría permitir a un atacante que pueda falsificar paquetes UDP desde el servidor DNS para causar una sobrescritura de memoria de 1 byte, lo que causaría un bloqueo del proceso de trabajo u otro impacto potencial A flaw was found in nginx. An off-by-one error while processing DNS responses allows a network attacker to write a dot character out of bounds in a heap allocated buffer which can allow overwriting the least significant byte of next heap chunk metadata likely leading to a remote code execution in certain circumstances. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Nginx version 1.20.0 suffers from a denial of service vulnerability. • https://www.exploit-db.com/exploits/50973 https://github.com/M507/CVE-2021-23017-PoC https://github.com/ShivamDey/CVE-2021-23017 https://github.com/lakshit1212/CVE-2021-23017-PoC http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html http://packetstormsecurity.com/files/167720/Nginx-1.20.0-Denial-Of-Service.html https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009%40%3Cnotifications.apisix.apache.org%3E https://lists.apache.org/thread.html/r4d4966221ca399 • CWE-193: Off-by-one Error •

CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 3

NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer. NGINX versiones anteriores a 1.17.7, con ciertas configuraciones de error_page, permite el trafico no autorizado de peticiones HTTP, como es demostrado por la capacidad de un atacante para leer páginas web no autorizadas en entornos donde NGINX está al frente de un equilibrador de carga. • https://github.com/0xleft/CVE-2019-20372 https://github.com/vuongnv3389-sec/CVE-2019-20372 http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00013.html http://nginx.org/en/CHANGES http://seclists.org/fulldisclosure/2021/Sep/36 https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf https://duo.com/docs/dng-notes#version-1.5.4-january-2020 https://github.com/kubernetes/ingress-nginx/pull/4859 https://github.com/nginx/nginx/commit&# • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •

CVSS: 8.2EPSS: 0%CPEs: 10EXPL: 0

nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module. nginx en versiones anteriores a la 1.15.6 y 1.14.1 tiene una vulnerabilidad en ngx_http_mp4_module, que podría permitir que un atacante provoque un bucle infinito en un proceso worker o resulte en la divulgación de la memoria del proceso mediante el uso de un archivo mp4 especialmente manipulado. El problema solo afecta a nginx si está incluido con ngx_http_mp4_module (el módulo no está incluido por defecto) y se emplea la directiva .mp4 en el archivo de configuración. Además, el atacante solo es posible si un atacante puede desencadenar el procesado de un archivo mp4 especialmente manipulado con ngx_http_mp4_module. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html http://seclists.org/fulldisclosure/2021/Sep/36 http://www.securityfocus.com/bid/105868 http://www.securitytracker.com/id/1042039 https://access.redhat.com/errata/RHSA-2018:3652 https://access.redhat.com/errata/RHSA-2018:3653 https://access.redhat.com/errata/RHSA-2018:3680 https://access.redhat.com/errata/RHSA-2018:3681 https://bugzilla.r • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 7.5EPSS: 96%CPEs: 6EXPL: 8

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. Las versiones desde la 0.5.6 hasta 1.13.2 incluyéndola de Nginx, son susceptibles a una vulnerabilidad de desbordamiento de enteros en el módulo filtro de rango de nginx, resultando en un filtrado de información potencialmente confidencial activada por una petición especialmente creada. A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory by sending specially crafted HTTP requests. • https://github.com/liusec/CVE-2017-7529 https://github.com/MaxSecurity/CVE-2017-7529-POC https://github.com/Shehzadcyber/CVE-2017-7529 https://github.com/SirEagIe/CVE-2017-7529 https://github.com/cyberk1w1/CVE-2017-7529 https://github.com/cyberharsh/nginx-CVE-2017-7529 https://github.com/coolman6942o/-Exploit-CVE-2017-7529 https://github.com/fu2x2000/CVE-2017-7529-Nginx---Remote-Integer-Overflow-Exploit http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html http: • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 4

The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log. El paquete nginx en versiones anteriores a 1.6.2-5+deb8u3 en Debian jessie, los paquetes nginx en versiones anteriores a 1.4.6-1ubuntu3.6 en Ubuntu 14.04 LTS, en versiones anteriores a 1.10.0-0ubuntu0.16.04.3 en Ubuntu 16.04 LTS y en versiones anteriores a 1.10.1-0ubuntu1.1 en Ubuntu 16.10 y la nginx ebuild en versiones anteriores a 1.10.2-r3 en Gentoo permiten a usuarios locales con acceso a la cuenta de usuario del servidor web obtener privilegios de root a través de un ataque de enlace simbólico en el registro de error. • https://www.exploit-db.com/exploits/40768 http://packetstormsecurity.com/files/139750/Nginx-Debian-Based-Distros-Root-Privilege-Escalation.html http://seclists.org/fulldisclosure/2016/Nov/78 http://seclists.org/fulldisclosure/2017/Jan/33 http://www.debian.org/security/2016/dsa-3701 http://www.securityfocus.com/archive/1/539796/100/0/threaded http://www.securityfocus.com/bid/93903 http://www.securitytracker.com/id/1037104 http://www.ubuntu.com/usn/USN-3114-1 https://legalhacke • CWE-59: Improper Link Resolution Before File Access ('Link Following') •