Page 4 of 40 results (0.012 seconds)

CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 4

The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log. El paquete nginx en versiones anteriores a 1.6.2-5+deb8u3 en Debian jessie, los paquetes nginx en versiones anteriores a 1.4.6-1ubuntu3.6 en Ubuntu 14.04 LTS, en versiones anteriores a 1.10.0-0ubuntu0.16.04.3 en Ubuntu 16.04 LTS y en versiones anteriores a 1.10.1-0ubuntu1.1 en Ubuntu 16.10 y la nginx ebuild en versiones anteriores a 1.10.2-r3 en Gentoo permiten a usuarios locales con acceso a la cuenta de usuario del servidor web obtener privilegios de root a través de un ataque de enlace simbólico en el registro de error. • https://www.exploit-db.com/exploits/40768 http://packetstormsecurity.com/files/139750/Nginx-Debian-Based-Distros-Root-Privilege-Escalation.html http://seclists.org/fulldisclosure/2016/Nov/78 http://seclists.org/fulldisclosure/2017/Jan/33 http://www.debian.org/security/2016/dsa-3701 http://www.securityfocus.com/archive/1/539796/100/0/threaded http://www.securityfocus.com/bid/93903 http://www.securitytracker.com/id/1037104 http://www.ubuntu.com/usn/USN-3114-1 https://legalhacke • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.5EPSS: 4%CPEs: 6EXPL: 0

os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file. os/unix/ngx_files.c en nginx en versiones anteriores a 1.10.1 y 1.11.x en versiones anteriores a 1.11.1 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de proceso worker) a través de una petición manipulada, implicando la escritura de una petición de cuerpo de cliente en un archivo temporal. A NULL pointer dereference flaw was found in the nginx code responsible for saving client request body to a temporary file. A remote attacker could send a specially crafted request that would cause nginx worker process to crash. • http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html http://www.debian.org/security/2016/dsa-3592 http://www.securityfocus.com/bid/90967 http://www.securitytracker.com/id/1036019 http://www.ubuntu.com/usn/USN-2991-1 https://access.redhat.com/errata/RHSA-2016:1425 https://security.gentoo.org/glsa/201606-06 https://access.redhat.com/security/cve/CVE-2016-4450 https://bugzilla.redhat.com/show_bug.cgi?id=1341462 • CWE-476: NULL Pointer Dereference •

CVSS: 5.3EPSS: 1%CPEs: 10EXPL: 0

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution. El traductor de direcciones en nginx en versiones anteriores a 1.8.1 y 1.9.x en versiones anteriores a 1.9.10 no limita correctamente la resolución CNAME, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de recursos por el proceso trabajador) a través de vectores relacionados con la resolución de nombre arbitrario. It was discovered that nginx did not limit recursion when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to use an excessive amount of resources if nginx enabled the resolver in its configuration. • http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html http://seclists.org/fulldisclosure/2021/Sep/36 http://www.debian.org/security/2016/dsa-3473 http://www.securitytracker.com/id/1034869 http://www.ubuntu.com/usn/USN-2892-1 https://access.redhat.com/errata/RHSA-2016:1425 https://bto.bluecoat.com/security-advisory/sa115 https://bugzilla.redhat.com/show_bug.cgi?id=1302589 https://security.gentoo • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.5EPSS: 87%CPEs: 10EXPL: 0

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. El traductor de direcciones en nginx en versiones anteriores a 1.8.1 y 1.9.x en versiones anteriores a 1.9.10 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero no válido y caída del proceso trabajador) a través de una respuesta UDP DNS manipulada. It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash if nginx enabled the resolver in its configuration. • http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html http://seclists.org/fulldisclosure/2021/Sep/36 http://www.debian.org/security/2016/dsa-3473 http://www.securitytracker.com/id/1034869 http://www.ubuntu.com/usn/USN-2892-1 https://access.redhat.com/errata/RHSA-2016:1425 https://bto.bluecoat.com/security-advisory/sa115 https://bugzilla.redhat.com/show_bug.cgi?id=1302587 https://security.gentoo • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •

CVSS: 9.8EPSS: 4%CPEs: 9EXPL: 0

Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing. Vulnerabilidad de uso de memoria previamente liberada en la resolución en nginx, de la versión 0.6.18 hasta la 1.8.0 y versiones 1.9.x anteriores a la 1.9.10, permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado del proceso worker) o que tengan otro tipo de impacto sin especificar mediante una respuesta DNS relacionada con el procesamiento de respuestas CNAME. A use-after-free flaw was found in the way nginx resolved certain CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash or, possibly, execute arbitrary code if nginx enabled the resolver in its configuration. • http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html http://seclists.org/fulldisclosure/2021/Sep/36 http://www.debian.org/security/2016/dsa-3473 http://www.securitytracker.com/id/1034869 http://www.ubuntu.com/usn/USN-2892-1 https://access.redhat.com/errata/RHSA-2016:1425 https://bto.bluecoat.com/security-advisory/sa115 https://bugzilla.redhat.com/show_bug.cgi?id=1302588 https://security.gentoo • CWE-416: Use After Free •