rpm package
suse/nginx&distro=SUSE Linux Enterprise High Performance Computing 15-LTSS
pkg:rpm/suse/nginx&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3618 | — | < 1.16.1-150000.3.18.1 | 1.16.1-150000.3.18.1 | Mar 23, 2022 | ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can re | ||
| CVE-2021-23017 | — | < 1.16.1-3.15.1 | 1.16.1-3.15.1 | Jun 1, 2021 | A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. | ||
| CVE-2019-20372 | — | < 1.16.1-3.12.7 | 1.16.1-3.12.7 | Jan 9, 2020 | NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer. |
- CVE-2021-3618Mar 23, 2022affected < 1.16.1-150000.3.18.1fixed 1.16.1-150000.3.18.1
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can re
- CVE-2021-23017Jun 1, 2021affected < 1.16.1-3.15.1fixed 1.16.1-3.15.1
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
- CVE-2019-20372Jan 9, 2020affected < 1.16.1-3.12.7fixed 1.16.1-3.12.7
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.