rpm package
suse/nginx&distro=SUSE Package Hub 12
pkg:rpm/suse/nginx&distro=SUSE%20Package%20Hub%2012
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-16845 | — | < 1.14.2-16.1 | 1.14.2-16.1 | Nov 7, 2018 | nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. | ||
| CVE-2018-16844 | — | < 1.14.2-16.1 | 1.14.2-16.1 | Nov 7, 2018 | nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a | ||
| CVE-2018-16843 | — | < 1.14.2-16.1 | 1.14.2-16.1 | Nov 7, 2018 | nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is | ||
| CVE-2017-7529 | Hig | 7.5 | < 1.13.9-12.1 | 1.13.9-12.1 | Jul 13, 2017 | Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. | |
| CVE-2016-4450 | Hig | 7.5 | < 1.8.1-9.1 | 1.8.1-9.1 | Jun 7, 2016 | os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file. |
- CVE-2018-16845Nov 7, 2018affected < 1.14.2-16.1fixed 1.14.2-16.1
nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file.
- CVE-2018-16844Nov 7, 2018affected < 1.14.2-16.1fixed 1.14.2-16.1
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a
- CVE-2018-16843Nov 7, 2018affected < 1.14.2-16.1fixed 1.14.2-16.1
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is
- affected < 1.13.9-12.1fixed 1.13.9-12.1
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
- affected < 1.8.1-9.1fixed 1.8.1-9.1
os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.