Page 3 of 17 results (0.007 seconds)

CVSS: 7.5EPSS: 87%CPEs: 10EXPL: 0

CVE-2016-0742 – nginx: invalid pointer dereference in resolver

https://notcve.org/view.php?id=CVE-2016-0742

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. El traductor de direcciones en nginx en versiones anteriores a 1.8.1 y 1.9.x en versiones anteriores a 1.9.10 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero no válido y caída del proceso trabajador) a través de una respuesta UDP DNS manipulada. It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash if nginx enabled the resolver in its configuration. • http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html http://seclists.org/fulldisclosure/2021/Sep/36 http://www.debian.org/security/2016/dsa-3473 http://www.securitytracker.com/id/1034869 http://www.ubuntu.com/usn/USN-2892-1 https://access.redhat.com/errata/RHSA-2016:1425 https://bto.bluecoat.com/security-advisory/sa115 https://bugzilla.redhat.com/show_bug.cgi?id=1302587 https://security.gentoo • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •

CVSS: 9.8EPSS: 4%CPEs: 9EXPL: 0

CVE-2016-0746 – nginx: use-after-free during CNAME response processing in resolver

https://notcve.org/view.php?id=CVE-2016-0746

Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing. Vulnerabilidad de uso de memoria previamente liberada en la resolución en nginx, de la versión 0.6.18 hasta la 1.8.0 y versiones 1.9.x anteriores a la 1.9.10, permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado del proceso worker) o que tengan otro tipo de impacto sin especificar mediante una respuesta DNS relacionada con el procesamiento de respuestas CNAME. A use-after-free flaw was found in the way nginx resolved certain CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash or, possibly, execute arbitrary code if nginx enabled the resolver in its configuration. • http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html http://seclists.org/fulldisclosure/2021/Sep/36 http://www.debian.org/security/2016/dsa-3473 http://www.securitytracker.com/id/1034869 http://www.ubuntu.com/usn/USN-2892-1 https://access.redhat.com/errata/RHSA-2016:1425 https://bto.bluecoat.com/security-advisory/sa115 https://bugzilla.redhat.com/show_bug.cgi?id=1302588 https://security.gentoo • CWE-416: Use After Free •

CVSS: 5.3EPSS: 1%CPEs: 10EXPL: 0

CVE-2016-0747 – nginx: Insufficient limits of CNAME resolution in resolver

https://notcve.org/view.php?id=CVE-2016-0747

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution. El traductor de direcciones en nginx en versiones anteriores a 1.8.1 y 1.9.x en versiones anteriores a 1.9.10 no limita correctamente la resolución CNAME, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de recursos por el proceso trabajador) a través de vectores relacionados con la resolución de nombre arbitrario. It was discovered that nginx did not limit recursion when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to use an excessive amount of resources if nginx enabled the resolver in its configuration. • http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html http://seclists.org/fulldisclosure/2021/Sep/36 http://www.debian.org/security/2016/dsa-3473 http://www.securitytracker.com/id/1034869 http://www.ubuntu.com/usn/USN-2892-1 https://access.redhat.com/errata/RHSA-2016:1425 https://bto.bluecoat.com/security-advisory/sa115 https://bugzilla.redhat.com/show_bug.cgi?id=1302589 https://security.gentoo • CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2014-3556

https://notcve.org/view.php?id=CVE-2014-3556

The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. La implementación STARTTLS en mail/ngx_mail_smtp_handler.c en el proxy SMTP en nginx 1.5.x y 1.6.x anterior a 1.6.1 y 1.7.x anterior a 1.7.4 no restringe adecuadamente el buffer I/O, lo que permite ataques man-in-the-middle insertar comandos en sesiones cifradas SMTP enviando el comando cleartext que se procesa después que TLS, relacionado a un ataque 'inyección de comando de texto plano', un problema similar a CVE-2011-0411 • http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html http://marc.info/?l=bugtraq&m=142103967620673&w=2 http://nginx.org/download/patch.2014.starttls.txt https://bugzilla.redhat.com/show_bug.cgi?id=1126891 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

CVE-2014-3616

https://notcve.org/view.php?id=CVE-2014-3616

nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks. nginx 0.5.6 hasta 1.7.4, cuando utiliza el mismo ssl_session_cache o ssl_session_ticket_key compartido para múltiples servidores, puede reutilizar una sesión SSL en caché para un contexto no relacionado, lo que permite a atacantes remotos con ciertos privilegios realizar ataques de 'confusión de anfitriones virtuales'. • http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html http://www.debian.org/security/2014/dsa-3029 • CWE-613: Insufficient Session Expiration •