CVSS: 7.8EPSS: 3%CPEs: 42EXPL: 0CVE-2019-9513 – Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service
https://notcve.org/view.php?id=CVE-2019-9513
13 Aug 2019 — Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. Algunas implementaciones de HTTP / 2 son vulnerables a los bucles de recursos, lo que puede conducir a una denegación de servicio. El atacante crea múltiples flujos de solicitud y baraja continuamente la prioridad de ... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 2%CPEs: 39EXPL: 0CVE-2019-9516 – Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service
https://notcve.org/view.php?id=CVE-2019-9516
13 Aug 2019 — Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory. Algunas implementaciones de HTTP / 2 son vulnerables a una fuga de encabezado, lo que puede conducir a una denega... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 45%CPEs: 9EXPL: 1CVE-2018-16843 – nginx: Excessive memory consumption via flaw in HTTP/2 implementation
https://notcve.org/view.php?id=CVE-2018-16843
07 Nov 2018 — nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file. nginx en versiones anteriores a la 1.15.6 y 1.14.1 tiene una vulnerabilidad en la implementación de HTTP/2 que puede permitir el consumo excesivo de memoria. Este problema afecta a nginx compilado con n... • https://github.com/flyniu666/ingress-nginx-0.21-1.19.5 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 6%CPEs: 8EXPL: 0CVE-2018-16844 – nginx: Excessive CPU usage via flaw in HTTP/2 implementation
https://notcve.org/view.php?id=CVE-2018-16844
07 Nov 2018 — nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file. nginx en versiones anteriores a la 1.15.6 y 1.14.1 tiene una vulnerabilidad en la implementación de HTTP/2 que puede permitir el uso excesivo de CPU. Este problema afecta a nginx compilado con ngx_http_v2_module... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.2EPSS: 3%CPEs: 10EXPL: 0CVE-2018-16845 – nginx: Denial of service and memory disclosure via mp4 module
https://notcve.org/view.php?id=CVE-2018-16845
07 Nov 2018 — nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to ... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 92%CPEs: 6EXPL: 15CVE-2017-7529 – nginx: Integer overflow in nginx range filter module leading to memory disclosure
https://notcve.org/view.php?id=CVE-2017-7529
13 Jul 2017 — Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. Las versiones desde la 0.5.6 hasta 1.13.2 incluyéndola de Nginx, son susceptibles a una vulnerabilidad de desbordamiento de enteros en el módulo filtro de rango de nginx, resultando en un filtrado de información potencialmente confidencial activada por una petición especialmente cre... • https://github.com/liusec/CVE-2017-7529 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 10%CPEs: 11EXPL: 5CVE-2016-1247 – Nginx (Debian Based Distros + Gentoo) - 'logrotate' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-1247
26 Oct 2016 — The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log. El paquete nginx en versiones anteriores a 1.6.2-5+deb8u3 en Debian jessie, los paquetes nginx en versiones anteriores a... • https://packetstorm.news/files/id/139750 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 3%CPEs: 6EXPL: 0CVE-2016-4450 – nginx: NULL pointer dereference while writing client request body
https://notcve.org/view.php?id=CVE-2016-4450
01 Jun 2016 — os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file. os/unix/ngx_files.c en nginx en versiones anteriores a 1.10.1 y 1.11.x en versiones anteriores a 1.11.1 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de proceso worker) a través de una petición manipula... • http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 81%CPEs: 10EXPL: 0CVE-2016-0742 – nginx: invalid pointer dereference in resolver
https://notcve.org/view.php?id=CVE-2016-0742
10 Feb 2016 — The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. El traductor de direcciones en nginx en versiones anteriores a 1.8.1 y 1.9.x en versiones anteriores a 1.9.10 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero no válido y caída del proceso trabajador) a través de una respuesta UDP DNS manipulada. It was discovered that nginx ... • http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 11%CPEs: 9EXPL: 0CVE-2016-0746 – nginx: use-after-free during CNAME response processing in resolver
https://notcve.org/view.php?id=CVE-2016-0746
10 Feb 2016 — Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing. Vulnerabilidad de uso de memoria previamente liberada en la resolución en nginx, de la versión 0.6.18 hasta la 1.8.0 y versiones 1.9.x anteriores a la 1.9.10, permite que atacantes remotos provoquen una denegación de servicio (cie... • http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html • CWE-416: Use After Free •