Security
Server Security

Server Security (2)

Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache. Falls nötig, bitte die Übersetzungsfunktion verwenden.

  • CVE-2019-11837

    Latest security vulnerabilities Nginx products May 9, 2019 | 00:00 am

    njs through 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative arguments, related to nxt_utf8_next in nxt/nxt_utf8.h and njs_string_offset in njs/njs_string.c. (CVSS:5.0) (Last Update:2019-05-09)

    Read more...
  • CVE-2019-11838

    Latest security vulnerabilities Nginx products May 9, 2019 | 00:00 am

    njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_prototype_splice in njs/njs_array.c, because of njs_array_expand size mishandling. (CVSS:7.5) (Last Update:2019-05-09)

    Read more...
  • CVE-2019-11839

    Latest security vulnerabilities Nginx products May 9, 2019 | 00:00 am

    njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njs_array_prototype_push in njs/njs_array.c, because of njs_array_expand size mishandling. (CVSS:7.5) (Last Update:2019-05-10)

    Read more...
  • CVE-2018-16843

    Latest security vulnerabilities Nginx products Nov 7, 2018 | 00:00 am

    nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen'[…]

    Read more...
  • CVE-2018-16844

    Latest security vulnerabilities Nginx products Nov 7, 2018 | 00:00 am

    nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen'[…]

    Read more...
  • CVE-2017-7529

    Latest security vulnerabilities Nginx products Jul 13, 2017 | 00:00 am

    Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. (CVSS:5.0) (Last Update:2018-01-04)

    Read more...
  • CVE-2016-1247

    Latest security vulnerabilities Nginx products Nov 29, 2016 | 00:00 am

    The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users[…]

    Read more...
  • CVE-2016-4450

    Latest security vulnerabilities Nginx products Jun 7, 2016 | 00:00 am

    os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file. (CVSS:5.0)[…]

    Read more...
  • CVE-2016-0746

    Latest security vulnerabilities Nginx products Feb 15, 2016 | 00:00 am

    Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME[…]

    Read more...
  • CVE-2016-0747

    Latest security vulnerabilities Nginx products Feb 15, 2016 | 00:00 am

    The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution. (CVSS:5.0) (Last Update:2018-10-30)

    Read more...

Share This

Follow Us

Go to top