Information on source package nginx

Available versions

ReleaseVersion
buster1.14.2-2+deb10u4
buster (security)1.14.2-2+deb10u5
bullseye1.18.0-6.1+deb11u3
bookworm1.22.1-9
trixie1.24.0-2
sid1.24.0-2

Open issues

BugbusterbullseyebookwormtrixiesidDescription
CVE-2020-36309vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty ...
CVE-2013-0337vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerablevulnerableThe default configuration of nginx, possibly 1.3.13 and earlier, uses ...

Open unimportant issues

BugbusterbullseyebookwormtrixiesidDescription
CVE-2023-44487vulnerablevulnerablevulnerablefixedfixedThe HTTP/2 protocol allows a denial of service (server resource consum ...
CVE-2009-4487vulnerablevulnerablevulnerablevulnerablevulnerablenginx 0.7.64 writes data to a log file without sanitizing non-printabl ...

Resolved issues

BugDescription
CVE-2022-41742NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source ...
CVE-2022-41741NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source ...
CVE-2021-23017A security issue in nginx resolver was identified, which might allow a ...
CVE-2021-3618ALPACA is an application layer protocol content confusion attack, expl ...
CVE-2020-11724An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_sub ...
CVE-2019-20372NGINX before 1.17.7, with certain error_page configurations, allows HT ...
CVE-2019-9516Some HTTP/2 implementations are vulnerable to a header leak, potential ...
CVE-2019-9513Some HTTP/2 implementations are vulnerable to resource loops, potentia ...
CVE-2019-9511Some HTTP/2 implementations are vulnerable to window size manipulation ...
CVE-2018-16845nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_ht ...
CVE-2018-16844nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the imp ...
CVE-2018-16843nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the imp ...
CVE-2017-20005NGINX before 1.13.6 has a buffer overflow for years that exceed four d ...
CVE-2017-7529Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable t ...
CVE-2016-4450os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 al ...
CVE-2016-1247The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx pa ...
CVE-2016-0747The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not pr ...
CVE-2016-0746Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1 ...
CVE-2016-0742The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remo ...
CVE-2014-3616nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cach ...
CVE-2014-3556The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMT ...
CVE-2014-0133Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 ...
CVE-2014-0088The SPDY implementation in the ngx_http_spdy_module module in nginx 1. ...
CVE-2013-4547nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attack ...
CVE-2013-2070http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and ...
CVE-2013-2028The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx ...
CVE-2012-4929The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google C ...
CVE-2012-3380Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Nax ...
CVE-2012-2089Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module mo ...
CVE-2012-1180Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1 ...
CVE-2011-4968nginx http proxy module does not verify peer identity of https origin ...
CVE-2011-4963nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote ...
CVE-2011-4315Heap-based buffer overflow in compression-pointer processing in core/n ...
CVE-2010-2266nginx 0.8.36 allows remote attackers to cause a denial of service (cra ...
CVE-2010-2263nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows ...
CVE-2009-3898Directory traversal vulnerability in src/http/modules/ngx_http_dav_mod ...
CVE-2009-3896src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14 ...
CVE-2009-3555The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as us ...
CVE-2009-2629Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0 ...

Security announcements

DSA / DLADescription
DLA-3203-1nginx - security update
DSA-5281-1nginx - security update
DLA-2680-1nginx - security update
DLA-2670-1nginx - security update
DSA-4921-1nginx - security update
DSA-4750-1nginx - security update
DLA-2283-1nginx - security update
DSA-4505-1nginx - security update
DSA-4335-1nginx - security update
DLA-1572-1nginx - security update
DLA-1024-1nginx - security update
DSA-3908-1nginx - security update
DSA-3701-2nginx - regression update
DSA-3701-1nginx - security update
DSA-3592-1nginx - security update
DSA-3473-1nginx - security update
DLA-404-1nginx - security update
DSA-3029-1nginx - security update
DLA-55-1nginx - security update
DSA-2802-1nginx - restriction bypass
DSA-2721-1nginx - nginx security update
DSA-2627-1nginx - information leak
DSA-2434-1nginx - sensitive information leak
DSA-1920-1nginx - denial of service
DSA-1884-1nginx - arbitrary code execution

Search for package or bug name: Reporting problems