Nginx » Nginx » 1.10.0 : Security Vulnerabilities (CVSS score >= 7)
Cpe Name:
cpe:/a:nginx:nginx:1.10.0
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-16844 |
400 |
|
|
2018-11-07 |
2019-09-10 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file. |
|
2 |
CVE-2018-16843 |
400 |
|
|
2018-11-07 |
2019-09-10 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file. |
|
3 |
CVE-2016-1247 |
59 |
|
+Priv |
2016-11-29 |
2018-10-09 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log. |
Total number of vulnerabilities :
3
Page :
1
(This Page)
