Security
Server Security

Server Security (2)

Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache. Falls nötig, bitte die Übersetzungsfunktion verwenden.

  • CVE-2018-16843

    Latest security vulnerabilities Nginx products Nov 7, 2018 | 00:00 am

    nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen'[…]

    Read more...
  • CVE-2018-16844

    Latest security vulnerabilities Nginx products Nov 7, 2018 | 00:00 am

    nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen'[…]

    Read more...
  • CVE-2017-7529

    Latest security vulnerabilities Nginx products Jul 13, 2017 | 00:00 am

    Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. (CVSS:5.0) (Last Update:2018-01-04)

    Read more...
  • CVE-2016-1247

    Latest security vulnerabilities Nginx products Nov 29, 2016 | 00:00 am

    The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users[…]

    Read more...
  • CVE-2016-4450

    Latest security vulnerabilities Nginx products Jun 7, 2016 | 00:00 am

    os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file. (CVSS:5.0)[…]

    Read more...
  • CVE-2016-0742

    Latest security vulnerabilities Nginx products Feb 15, 2016 | 00:00 am

    The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. (CVSS:5.0) (Last Update:2018-10-30)

    Read more...
  • CVE-2016-0746

    Latest security vulnerabilities Nginx products Feb 15, 2016 | 00:00 am

    Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME[…]

    Read more...
  • CVE-2016-0747

    Latest security vulnerabilities Nginx products Feb 15, 2016 | 00:00 am

    The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution. (CVSS:5.0) (Last Update:2018-10-30)

    Read more...
  • CVE-2014-3556

    Latest security vulnerabilities Nginx products Dec 29, 2014 | 00:00 am

    The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a[…]

    Read more...
  • CVE-2014-3616

    Latest security vulnerabilities Nginx products Dec 8, 2014 | 00:00 am

    nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks. (CVSS:4.3) (Last[…]

    Read more...

Share This

Follow Us

Apotheke

Zum Seitenanfang