pkg:nginx/nginx

Type nginx

Name nginx

Known advisories, vulnerabilities and fixes for nginx package.

Major 12

Medium 20

Minor 1

Low 5

Type	Version	# CVEs	# Advisory ID	Title	Severity	Published
Affected	>= 0.1.0, <= 0.8.14	CVE-2009-2629	NGINX:CVE-2009-2629	Buffer underflow vulnerability	major	2009-09-15T22:30:00 (15 years ago)
Unaffected	>= 0.8.15 >= 0.7.62 >= 0.6.39 >= 0.5.38	CVE-2009-2629	NGINX:CVE-2009-2629	Buffer underflow vulnerability	major	2009-09-15T22:30:00 (15 years ago)
Affected	>= 0.1.0, <= 0.8.22	CVE-2009-3555	NGINX:CVE-2009-3555	The renegotiation vulnerability in SSL protocol	major	2009-11-09T17:30:00 (15 years ago)
Unaffected	>= 0.8.23 >= 0.7.64	CVE-2009-3555	NGINX:CVE-2009-3555	The renegotiation vulnerability in SSL protocol	major	2009-11-09T17:30:00 (15 years ago)
Affected	>= 0.1.0, <= 0.8.13	CVE-2009-3896	NGINX:CVE-2009-3896	Null pointer dereference vulnerability	major	2009-11-24T17:30:00 (15 years ago)
Unaffected	>= 0.8.14 >= 0.7.62 >= 0.6.39 >= 0.5.38	CVE-2009-3896	NGINX:CVE-2009-3896	Null pointer dereference vulnerability	major	2009-11-24T17:30:00 (15 years ago)
Affected	>= 0.1.0, <= 0.8.16	CVE-2009-3898	NGINX:CVE-2009-3898	Directory traversal vulnerability	minor	2009-11-24T17:30:00 (15 years ago)
Unaffected	>= 0.8.17 >= 0.7.63	CVE-2009-3898	NGINX:CVE-2009-3898	Directory traversal vulnerability	minor	2009-11-24T17:30:00 (15 years ago)
Affected	>= 0.7.52, <= 0.8.39	CVE-2010-2263	NGINX:CVE-2010-2263	Vulnerabilities with Windows file default stream	major	2010-06-15T14:04:24 (14 years ago)
Unaffected	>= 0.8.40 >= 0.7.66	CVE-2010-2263	NGINX:CVE-2010-2263	Vulnerabilities with Windows file default stream	major	2010-06-15T14:04:24 (14 years ago)
Affected	>= 0.7.52, <= 0.8.40	CVE-2010-2266	NGINX:CVE-2010-2266	Vulnerabilities with invalid UTF-8 sequence on Windows	major	2010-06-15T14:04:24 (14 years ago)
Unaffected	>= 0.8.41 >= 0.7.67	CVE-2010-2266	NGINX:CVE-2010-2266	Vulnerabilities with invalid UTF-8 sequence on Windows	major	2010-06-15T14:04:24 (14 years ago)
Affected	>= 0.6.18, <= 1.1.7	CVE-2011-4315	NGINX:CVE-2011-4315	Buffer overflow in resolver	medium	2011-12-08T20:55:01 (12 years ago)
Unaffected	>= 1.1.8 >= 1.0.10	CVE-2011-4315	NGINX:CVE-2011-4315	Buffer overflow in resolver	medium	2011-12-08T20:55:01 (12 years ago)
Affected	>= 0.7.52, <= 1.3.0	CVE-2011-4963	NGINX:CVE-2011-4963	Vulnerabilities with Windows directory aliases	medium	2012-07-26T19:55:00 (12 years ago)
Unaffected	>= 1.3.1 >= 1.2.1	CVE-2011-4963	NGINX:CVE-2011-4963	Vulnerabilities with Windows directory aliases	medium	2012-07-26T19:55:00 (12 years ago)
Affected	>= 0.1.0, <= 1.1.16	CVE-2012-1180	NGINX:CVE-2012-1180	Memory disclosure with specially crafted backend responses	major	2012-04-17T21:55:01 (12 years ago)
Unaffected	>= 1.1.17 >= 1.0.14	CVE-2012-1180	NGINX:CVE-2012-1180	Memory disclosure with specially crafted backend responses	major	2012-04-17T21:55:01 (12 years ago)
Affected	>= 1.1.3, <= 1.1.18 >= 1.0.7, <= 1.0.14	CVE-2012-2089	NGINX:CVE-2012-2089	Buffer overflow in the ngx_http_mp4_module	major	2012-04-17T21:55:01 (12 years ago)
Unaffected	>= 1.1.19 >= 1.0.15	CVE-2012-2089	NGINX:CVE-2012-2089	Buffer overflow in the ngx_http_mp4_module	major	2012-04-17T21:55:01 (12 years ago)
Affected	>= 1.3.9, <= 1.4.0	CVE-2013-2028	NGINX:CVE-2013-2028	Stack-based buffer overflow with specially crafted request	major	2013-07-20T03:37:20 (11 years ago)
Unaffected	>= 1.5.0 >= 1.4.1	CVE-2013-2028	NGINX:CVE-2013-2028	Stack-based buffer overflow with specially crafted request	major	2013-07-20T03:37:20 (11 years ago)
Affected	>= 1.1.4, <= 1.2.8 >= 1.3.9, <= 1.4.0	CVE-2013-2070	NGINX:CVE-2013-2070	Memory disclosure with specially crafted HTTP backend responses	medium	2013-07-20T03:37:25 (11 years ago)
Unaffected	>= 1.5.0 >= 1.4.1 >= 1.2.9	CVE-2013-2070	NGINX:CVE-2013-2070	Memory disclosure with specially crafted HTTP backend responses	medium	2013-07-20T03:37:25 (11 years ago)
Affected	>= 0.8.41, <= 1.5.6	CVE-2013-4547	NGINX:CVE-2013-4547	Request line parsing vulnerability	medium	2013-11-23T18:55:04 (10 years ago)
Unaffected	>= 1.5.7 >= 1.4.4	CVE-2013-4547	NGINX:CVE-2013-4547	Request line parsing vulnerability	medium	2013-11-23T18:55:04 (10 years ago)
Affected	>= 1.5.10	CVE-2014-0088	NGINX:CVE-2014-0088	SPDY memory corruption	major	2014-04-29T14:38:49 (10 years ago)
Unaffected	>= 1.5.11	CVE-2014-0088	NGINX:CVE-2014-0088	SPDY memory corruption	major	2014-04-29T14:38:49 (10 years ago)
Affected	>= 1.3.15, <= 1.5.11	CVE-2014-0133	NGINX:CVE-2014-0133	SPDY heap buffer overflow	major	2014-03-28T15:55:08 (10 years ago)
Unaffected	>= 1.5.12 >= 1.4.7	CVE-2014-0133	NGINX:CVE-2014-0133	SPDY heap buffer overflow	major	2014-03-28T15:55:08 (10 years ago)
Affected	>= 1.5.6, <= 1.7.3	CVE-2014-3556	NGINX:CVE-2014-3556	STARTTLS command injection	medium	2014-12-29T20:59:03 (9 years ago)
Unaffected	>= 1.7.4 >= 1.6.1	CVE-2014-3556	NGINX:CVE-2014-3556	STARTTLS command injection	medium	2014-12-29T20:59:03 (9 years ago)
Affected	>= 0.5.6, <= 1.7.4	CVE-2014-3616	NGINX:CVE-2014-3616	SSL session reuse vulnerability	medium	2014-12-08T11:59:03 (9 years ago)
Unaffected	>= 1.7.5 >= 1.6.2	CVE-2014-3616	NGINX:CVE-2014-3616	SSL session reuse vulnerability	medium	2014-12-08T11:59:03 (9 years ago)
Affected	>= 0.6.18, <= 1.9.9	CVE-2016-0742	NGINX:CVE-2016-0742	Invalid pointer dereference in resolver	medium	2016-02-15T19:59:00 (8 years ago)
Unaffected	>= 1.9.10 >= 1.8.1	CVE-2016-0742	NGINX:CVE-2016-0742	Invalid pointer dereference in resolver	medium	2016-02-15T19:59:00 (8 years ago)
Affected	>= 0.6.18, <= 1.9.9	CVE-2016-0746	NGINX:CVE-2016-0746	Use-after-free during CNAME response processing in resolver	medium	2016-02-15T19:59:01 (8 years ago)
Unaffected	>= 1.9.10 >= 1.8.1	CVE-2016-0746	NGINX:CVE-2016-0746	Use-after-free during CNAME response processing in resolver	medium	2016-02-15T19:59:01 (8 years ago)
Affected	>= 0.6.18, <= 1.9.9	CVE-2016-0747	NGINX:CVE-2016-0747	Insufficient limits of CNAME resolution in resolver	medium	2016-02-15T19:59:02 (8 years ago)
Unaffected	>= 1.9.10 >= 1.8.1	CVE-2016-0747	NGINX:CVE-2016-0747	Insufficient limits of CNAME resolution in resolver	medium	2016-02-15T19:59:02 (8 years ago)
Affected	>= 1.3.9, <= 1.11.0	CVE-2016-4450	NGINX:CVE-2016-4450	NULL pointer dereference while writing client request body	medium	2016-06-07T14:06:14 (8 years ago)
Unaffected	>= 1.11.1 >= 1.10.1	CVE-2016-4450	NGINX:CVE-2016-4450	NULL pointer dereference while writing client request body	medium	2016-06-07T14:06:14 (8 years ago)
Affected	>= 0.5.6, <= 1.13.2	CVE-2017-7529	NGINX:CVE-2017-7529	Integer overflow in the range filter	medium	2017-07-13T13:29:00 (7 years ago)
Unaffected	>= 1.13.3 >= 1.12.1	CVE-2017-7529	NGINX:CVE-2017-7529	Integer overflow in the range filter	medium	2017-07-13T13:29:00 (7 years ago)
Affected	>= 1.9.5, <= 1.15.5	CVE-2018-16843	NGINX:CVE-2018-16843	Excessive memory usage in HTTP/2	low	2018-11-07T14:29:00 (5 years ago)
Unaffected	>= 1.15.6 >= 1.14.1	CVE-2018-16843	NGINX:CVE-2018-16843	Excessive memory usage in HTTP/2	low	2018-11-07T14:29:00 (5 years ago)
Affected	>= 1.9.5, <= 1.15.5	CVE-2018-16844	NGINX:CVE-2018-16844	Excessive CPU usage in HTTP/2	low	2018-11-07T14:29:00 (5 years ago)
Unaffected	>= 1.15.6 >= 1.14.1	CVE-2018-16844	NGINX:CVE-2018-16844	Excessive CPU usage in HTTP/2	low	2018-11-07T14:29:00 (5 years ago)
Affected	>= 1.1.3, <= 1.15.5 >= 1.0.7, <= 1.0.15	CVE-2018-16845	NGINX:CVE-2018-16845	Memory disclosure in the ngx_http_mp4_module	medium	2018-11-07T14:29:00 (5 years ago)
Unaffected	>= 1.15.6 >= 1.14.1	CVE-2018-16845	NGINX:CVE-2018-16845	Memory disclosure in the ngx_http_mp4_module	medium	2018-11-07T14:29:00 (5 years ago)
Affected	>= 1.9.5, <= 1.17.2	CVE-2019-9511	NGINX:CVE-2019-9511	Excessive CPU usage in HTTP/2 with small window updates	medium	2019-08-13T21:15:12 (5 years ago)
Unaffected	>= 1.17.3 >= 1.16.1	CVE-2019-9511	NGINX:CVE-2019-9511	Excessive CPU usage in HTTP/2 with small window updates	medium	2019-08-13T21:15:12 (5 years ago)
Affected	>= 1.9.5, <= 1.17.2	CVE-2019-9513	NGINX:CVE-2019-9513	Excessive CPU usage in HTTP/2 with priority changes	low	2019-08-13T21:15:12 (5 years ago)
Unaffected	>= 1.17.3 >= 1.16.1	CVE-2019-9513	NGINX:CVE-2019-9513	Excessive CPU usage in HTTP/2 with priority changes	low	2019-08-13T21:15:12 (5 years ago)
Affected	>= 1.9.5, <= 1.17.2	CVE-2019-9516	NGINX:CVE-2019-9516	Excessive memory usage in HTTP/2 with zero length headers	low	2019-08-13T21:15:12 (5 years ago)
Unaffected	>= 1.17.3 >= 1.16.1	CVE-2019-9516	NGINX:CVE-2019-9516	Excessive memory usage in HTTP/2 with zero length headers	low	2019-08-13T21:15:12 (5 years ago)
Affected	>= 0.6.18, <= 1.20.0	CVE-2021-23017	NGINX:CVE-2021-23017	1-byte memory overwrite in resolver	medium	2021-06-01T13:15:07 (3 years ago)
Unaffected	>= 1.21.0 >= 1.20.1	CVE-2021-23017	NGINX:CVE-2021-23017	1-byte memory overwrite in resolver	medium	2021-06-01T13:15:07 (3 years ago)
Affected	>= 1.1.3, <= 1.23.1 >= 1.0.7, <= 1.0.15	CVE-2022-41741	NGINX:CVE-2022-41741	Memory corruption in the ngx_http_mp4_module	medium	2022-10-19T22:15:12 (22 months ago)
Unaffected	>= 1.23.2 >= 1.22.1	CVE-2022-41741	NGINX:CVE-2022-41741	Memory corruption in the ngx_http_mp4_module	medium	2022-10-19T22:15:12 (22 months ago)
Affected	>= 1.1.3, <= 1.23.1 >= 1.0.7, <= 1.0.15	CVE-2022-41742	NGINX:CVE-2022-41742	Memory disclosure in the ngx_http_mp4_module	medium	2022-10-19T22:15:12 (22 months ago)
Unaffected	>= 1.23.2 >= 1.22.1	CVE-2022-41742	NGINX:CVE-2022-41742	Memory disclosure in the ngx_http_mp4_module	medium	2022-10-19T22:15:12 (22 months ago)
Affected	>= 1.25.3	CVE-2024-24989	NGINX:CVE-2024-24989	NULL pointer dereference in HTTP/3	major	2024-02-14T17:15:15 (6 months ago)
Unaffected	>= 1.25.4	CVE-2024-24989	NGINX:CVE-2024-24989	NULL pointer dereference in HTTP/3	major	2024-02-14T17:15:15 (6 months ago)
Affected	>= 1.25.0, <= 1.25.3	CVE-2024-24990	NGINX:CVE-2024-24990	Use-after-free in HTTP/3	major	2024-02-14T17:15:15 (6 months ago)
Unaffected	>= 1.25.4	CVE-2024-24990	NGINX:CVE-2024-24990	Use-after-free in HTTP/3	major	2024-02-14T17:15:15 (6 months ago)
Affected	>= 1.25.0, <= 1.25.5 >= 1.26.0	CVE-2024-31079	NGINX:CVE-2024-31079	Stack overflow and use-after-free in HTTP/3	medium	2024-05-29T16:15:09 (3 months ago)
Unaffected	>= 1.27.0 >= 1.26.1	CVE-2024-31079	NGINX:CVE-2024-31079	Stack overflow and use-after-free in HTTP/3	medium	2024-05-29T16:15:09 (3 months ago)
Affected	>= 1.25.0, <= 1.25.5 >= 1.26.0	CVE-2024-32760	NGINX:CVE-2024-32760	Buffer overwrite in HTTP/3	medium	2024-05-29T16:15:10 (3 months ago)
Unaffected	>= 1.27.0 >= 1.26.1	CVE-2024-32760	NGINX:CVE-2024-32760	Buffer overwrite in HTTP/3	medium	2024-05-29T16:15:10 (3 months ago)
Affected	>= 1.25.0, <= 1.25.5 >= 1.26.0	CVE-2024-34161	NGINX:CVE-2024-34161	Memory disclosure in HTTP/3	medium	2024-05-29T16:15:10 (3 months ago)
Unaffected	>= 1.27.0 >= 1.26.1	CVE-2024-34161	NGINX:CVE-2024-34161	Memory disclosure in HTTP/3	medium	2024-05-29T16:15:10 (3 months ago)
Affected	>= 1.25.0, <= 1.25.5 >= 1.26.0	CVE-2024-35200	NGINX:CVE-2024-35200	NULL pointer dereference in HTTP/3	medium	2024-05-29T16:15:10 (3 months ago)
Unaffected	>= 1.27.0 >= 1.26.1	CVE-2024-35200	NGINX:CVE-2024-35200	NULL pointer dereference in HTTP/3	medium	2024-05-29T16:15:10 (3 months ago)
Affected	>= 1.5.13, <= 1.27.0	CVE-2024-7347	NGINX:CVE-2024-7347	Buffer overread in the ngx_http_mp4_module	low	2024-08-14T15:15:31 (3 weeks ago)
Unaffected	>= 1.27.1 >= 1.26.2	CVE-2024-7347	NGINX:CVE-2024-7347	Buffer overread in the ngx_http_mp4_module	low	2024-08-14T15:15:31 (3 weeks ago)