rpm package
suse/nginx&distro=SUSE Enterprise Storage 6
pkg:rpm/suse/nginx&distro=SUSE%20Enterprise%20Storage%206
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-41742 | — | < 1.16.1-150100.6.19.1 | 1.16.1-150100.6.19.1 | Oct 19, 2022 | NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process | ||
| CVE-2022-41741 | — | < 1.16.1-150100.6.19.1 | 1.16.1-150100.6.19.1 | Oct 19, 2022 | NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker m | ||
| CVE-2021-3618 | — | < 1.16.1-150100.6.16.1 | 1.16.1-150100.6.16.1 | Mar 23, 2022 | ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can re | ||
| CVE-2021-23017 | — | < 1.16.1-6.13.1 | 1.16.1-6.13.1 | Jun 1, 2021 | A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. |
- CVE-2022-41742Oct 19, 2022affected < 1.16.1-150100.6.19.1fixed 1.16.1-150100.6.19.1
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process
- CVE-2022-41741Oct 19, 2022affected < 1.16.1-150100.6.19.1fixed 1.16.1-150100.6.19.1
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker m
- CVE-2021-3618Mar 23, 2022affected < 1.16.1-150100.6.16.1fixed 1.16.1-150100.6.16.1
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can re
- CVE-2021-23017Jun 1, 2021affected < 1.16.1-6.13.1fixed 1.16.1-6.13.1
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.