Latest f5 nginx Vulnerabilities

CVE-2023-44487
- Rapid Reset HTTP/2 vulnerability
Microsoft Windows 11=21H2
Microsoft Windows 11=21H2
Microsoft Windows Server 2022
Microsoft Windows Server 2022
Microsoft Windows 11=22H2
Microsoft Windows 11=22H2
and 556 more
CVE-2022-41741
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module...
debian/nginx<=1.14.2-2+deb10u4
F5 Nginx>=1.1.3<=1.22.0
F5 Nginx>=r22<=r27
F5 Nginx=1.23.0
F5 Nginx=1.23.1
F5 Nginx=r1
and 8 more
CVE-2022-41742
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module...
debian/nginx<=1.14.2-2+deb10u4
F5 Nginx>=1.1.3<=1.22.0
F5 Nginx>=r22<=r27
F5 Nginx=1.23.0
F5 Nginx=1.23.1
F5 Nginx=r1
and 8 more
CVE-2021-3618
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificat...
redhat/vsftpd<3.0.4
redhat/nginx<1.21.0
redhat/sendmail<8.17
ubuntu/nginx<1.14.0-0ubuntu1.10
ubuntu/nginx<1.18.0-0ubuntu1.3
ubuntu/nginx<1.21.0
and 23 more
CVE-2017-20005
NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date fa...
F5 Nginx<1.13.6
Debian Debian Linux=9.0
CVE-2021-23017
A flaw was found in nginx. An off-by-one error while processing DNS responses allows a network attacker to write a dot character out of bounds in a heap allocated buffer which can allow overwriting th...
F5 Nginx>=0.6.18<1.20.1
Openresty Openresty<1.19.3.2
Fedoraproject Fedora=33
Fedoraproject Fedora=34
NetApp ONTAP Select Deploy administration utility
Oracle Blockchain Platform<21.1.2
and 27 more
CVE-2019-20372
IDE Xcode Server. Multiple issues were addressed by updating nginx to version 1.21.0.
redhat/rh-nginx116-nginx<1:1.16.1-4.el7.1
ubuntu/nginx<1.14.0-0ubuntu1.7
ubuntu/nginx<1.15.9-0ubuntu1.2
ubuntu/nginx<1.16.1-0ubuntu2.1
ubuntu/nginx<1.4.6-1ubuntu3.9+
ubuntu/nginx<1.17.7
and 14 more
CVE-2011-4968
nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)
F5 Nginx=0.7.65
F5 Nginx=0.7.66
F5 Nginx=0.7.64
F5 Nginx=0.7.61
F5 Nginx=0.7.62
F5 Nginx=0.8.33
and 6 more
CVE-2019-9511
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data ...
redhat/jbcs-httpd24-httpd<0:2.4.29-41.jbcs.el6
redhat/jbcs-httpd24-nghttp2<0:1.39.2-1.jbcs.el6
redhat/jbcs-httpd24-apr<0:1.6.3-63.jbcs.el6
redhat/jbcs-httpd24-apr-util<0:1.6.1-48.jbcs.el6
redhat/jbcs-httpd24-brotli<0:1.0.6-7.jbcs.el6
redhat/jbcs-httpd24-curl<0:7.64.1-14.jbcs.el6
and 168 more
CVE-2019-9516
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, o...
redhat/jbcs-httpd24-httpd<0:2.4.29-41.jbcs.el6
redhat/jbcs-httpd24-nghttp2<0:1.39.2-1.jbcs.el6
redhat/jbcs-httpd24-apr<0:1.6.3-63.jbcs.el6
redhat/jbcs-httpd24-apr-util<0:1.6.1-48.jbcs.el6
redhat/jbcs-httpd24-brotli<0:1.0.6-7.jbcs.el6
redhat/jbcs-httpd24-curl<0:7.64.1-14.jbcs.el6
and 72 more
CVE-2019-9513
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the str...
redhat/jbcs-httpd24-httpd<0:2.4.29-41.jbcs.el6
redhat/jbcs-httpd24-nghttp2<0:1.39.2-1.jbcs.el6
redhat/jbcs-httpd24-apr<0:1.6.3-63.jbcs.el6
redhat/jbcs-httpd24-apr-util<0:1.6.1-48.jbcs.el6
redhat/jbcs-httpd24-brotli<0:1.0.6-7.jbcs.el6
redhat/jbcs-httpd24-curl<0:7.64.1-14.jbcs.el6
and 104 more
CVE-2018-16843
IDE Xcode Server. Multiple issues were addressed by updating nginx to version 1.21.0.
ubuntu/nginx<1.15.6
ubuntu/nginx<1.10.3-0ubuntu0.16.04.3
ubuntu/nginx<1.14.0-0ubuntu1.2
ubuntu/nginx<1.15.5-0ubuntu2.1
>1.9.5<1.14.1
>1.15.0<1.15.6
and 18 more
CVE-2018-16844
IDE Xcode Server. Multiple issues were addressed by updating nginx to version 1.21.0.
redhat/nginx<1.15.6
redhat/nginx<1.14.1
ubuntu/nginx<1.15.6
ubuntu/nginx<1.10.3-0ubuntu0.16.04.3
ubuntu/nginx<1.14.0-0ubuntu1.2
ubuntu/nginx<1.15.5-0ubuntu2.1
and 18 more
CVE-2018-16845
IDE Xcode Server. Multiple issues were addressed by updating nginx to version 1.21.0.
redhat/nginx<1.15.6
redhat/nginx<1.14.1
ubuntu/nginx<1.15.6
ubuntu/nginx<1.4.6-1ubuntu3.9
ubuntu/nginx<1.10.3-0ubuntu0.16.04.3
ubuntu/nginx<1.14.0-0ubuntu1.2
and 22 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203