Mercurial > hg > nginx-site
annotate xml/en/security_advisories.xml @ 2988:8899986c3622
Documented Headers, Request, Response constructors in njs Reference.
author | Yaroslav Zhuravlev <yar@nginx.com> |
---|---|
date | Thu, 06 Jul 2023 12:30:11 +0100 |
parents | ef7f2666cc09 |
children | 2709ce3b9cd7 |
rev | line source |
---|---|
580
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
525
diff
changeset
|
1 <!-- |
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
525
diff
changeset
|
2 Copyright (C) Igor Sysoev |
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
525
diff
changeset
|
3 Copyright (C) Nginx, Inc. |
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
525
diff
changeset
|
4 --> |
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
525
diff
changeset
|
5 |
50 | 6 <!DOCTYPE article SYSTEM "../../dtd/article.dtd"> |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
7 |
123
7db449e89e92
Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents:
50
diff
changeset
|
8 <article name="nginx security advisories" |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
9 link="/en/security_advisories.html" |
589 | 10 lang="en" |
11 rev="1"> | |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
12 |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
13 <section> |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
14 |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
15 <para> |
457
ab9453c6b9c6
A contact email for the security issues added.
Maxim Konovalov <maxim@nginx.com>
parents:
447
diff
changeset
|
16 All nginx security issues should be reported to |
ab9453c6b9c6
A contact email for the security issues added.
Maxim Konovalov <maxim@nginx.com>
parents:
447
diff
changeset
|
17 <link url="mailto:security-alert@nginx.org">security-alert@nginx.org</link>. |
ab9453c6b9c6
A contact email for the security issues added.
Maxim Konovalov <maxim@nginx.com>
parents:
447
diff
changeset
|
18 </para> |
ab9453c6b9c6
A contact email for the security issues added.
Maxim Konovalov <maxim@nginx.com>
parents:
447
diff
changeset
|
19 |
ab9453c6b9c6
A contact email for the security issues added.
Maxim Konovalov <maxim@nginx.com>
parents:
447
diff
changeset
|
20 <para> |
458
cdf45fe0d9de
Made the link to PGP public keys read as a full sentence.
Ruslan Ermilov <ru@nginx.com>
parents:
457
diff
changeset
|
21 Patches are signed using one of the |
cdf45fe0d9de
Made the link to PGP public keys read as a full sentence.
Ruslan Ermilov <ru@nginx.com>
parents:
457
diff
changeset
|
22 <link doc="pgp_keys.xml">PGP public keys</link>. |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
23 </para> |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
24 |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
25 <security> |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
26 |
2898
0b7e004b5061
nginx-1.23.2, nginx-1.22.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2727
diff
changeset
|
27 <item name="Memory corruption in the ngx_http_mp4_module" |
0b7e004b5061
nginx-1.23.2, nginx-1.22.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2727
diff
changeset
|
28 severity="medium" |
2923 | 29 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2022/RBRRON6PYBJJM2XIAPQBFBVLR4Q6IHRA.html" |
2898
0b7e004b5061
nginx-1.23.2, nginx-1.22.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2727
diff
changeset
|
30 cve="2022-41741" |
0b7e004b5061
nginx-1.23.2, nginx-1.22.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2727
diff
changeset
|
31 good="1.23.2+, 1.22.1+" |
0b7e004b5061
nginx-1.23.2, nginx-1.22.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2727
diff
changeset
|
32 vulnerable="1.1.3-1.23.1, 1.0.7-1.0.15"> |
0b7e004b5061
nginx-1.23.2, nginx-1.22.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2727
diff
changeset
|
33 <patch name="patch.2022.mp4.txt" /> |
0b7e004b5061
nginx-1.23.2, nginx-1.22.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2727
diff
changeset
|
34 </item> |
0b7e004b5061
nginx-1.23.2, nginx-1.22.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2727
diff
changeset
|
35 |
0b7e004b5061
nginx-1.23.2, nginx-1.22.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2727
diff
changeset
|
36 <item name="Memory disclosure in the ngx_http_mp4_module" |
0b7e004b5061
nginx-1.23.2, nginx-1.22.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2727
diff
changeset
|
37 severity="medium" |
2923 | 38 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2022/RBRRON6PYBJJM2XIAPQBFBVLR4Q6IHRA.html" |
2898
0b7e004b5061
nginx-1.23.2, nginx-1.22.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2727
diff
changeset
|
39 cve="2022-41742" |
0b7e004b5061
nginx-1.23.2, nginx-1.22.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2727
diff
changeset
|
40 good="1.23.2+, 1.22.1+" |
0b7e004b5061
nginx-1.23.2, nginx-1.22.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2727
diff
changeset
|
41 vulnerable="1.1.3-1.23.1, 1.0.7-1.0.15"> |
0b7e004b5061
nginx-1.23.2, nginx-1.22.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2727
diff
changeset
|
42 <patch name="patch.2022.mp4.txt" /> |
0b7e004b5061
nginx-1.23.2, nginx-1.22.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2727
diff
changeset
|
43 </item> |
0b7e004b5061
nginx-1.23.2, nginx-1.22.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2727
diff
changeset
|
44 |
2726
a7a36efd10af
nginx-1.21.0, nginx-1.20.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2417
diff
changeset
|
45 <item name="1-byte memory overwrite in resolver" |
a7a36efd10af
nginx-1.21.0, nginx-1.20.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2417
diff
changeset
|
46 severity="medium" |
2727 | 47 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html" |
2726
a7a36efd10af
nginx-1.21.0, nginx-1.20.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2417
diff
changeset
|
48 cve="2021-23017" |
a7a36efd10af
nginx-1.21.0, nginx-1.20.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2417
diff
changeset
|
49 good="1.21.0+, 1.20.1+" |
a7a36efd10af
nginx-1.21.0, nginx-1.20.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2417
diff
changeset
|
50 vulnerable="0.6.18-1.20.0"> |
a7a36efd10af
nginx-1.21.0, nginx-1.20.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2417
diff
changeset
|
51 <patch name="patch.2021.resolver.txt" /> |
a7a36efd10af
nginx-1.21.0, nginx-1.20.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2417
diff
changeset
|
52 </item> |
a7a36efd10af
nginx-1.21.0, nginx-1.20.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2417
diff
changeset
|
53 |
2416
eecb26e2c4ab
nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2273
diff
changeset
|
54 <item name="Excessive CPU usage in HTTP/2 with small window updates" |
eecb26e2c4ab
nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2273
diff
changeset
|
55 severity="medium" |
2417 | 56 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html" |
2416
eecb26e2c4ab
nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2273
diff
changeset
|
57 cve="2019-9511" |
eecb26e2c4ab
nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2273
diff
changeset
|
58 good="1.17.3+, 1.16.1+" |
eecb26e2c4ab
nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2273
diff
changeset
|
59 vulnerable="1.9.5-1.17.2"> |
eecb26e2c4ab
nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2273
diff
changeset
|
60 </item> |
eecb26e2c4ab
nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2273
diff
changeset
|
61 |
eecb26e2c4ab
nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2273
diff
changeset
|
62 <item name="Excessive CPU usage in HTTP/2 with priority changes" |
eecb26e2c4ab
nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2273
diff
changeset
|
63 severity="low" |
2417 | 64 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html" |
2416
eecb26e2c4ab
nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2273
diff
changeset
|
65 cve="2019-9513" |
eecb26e2c4ab
nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2273
diff
changeset
|
66 good="1.17.3+, 1.16.1+" |
eecb26e2c4ab
nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2273
diff
changeset
|
67 vulnerable="1.9.5-1.17.2"> |
eecb26e2c4ab
nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2273
diff
changeset
|
68 </item> |
eecb26e2c4ab
nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2273
diff
changeset
|
69 |
eecb26e2c4ab
nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2273
diff
changeset
|
70 <item name="Excessive memory usage in HTTP/2 with zero length headers" |
eecb26e2c4ab
nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2273
diff
changeset
|
71 severity="low" |
2417 | 72 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html" |
2416
eecb26e2c4ab
nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2273
diff
changeset
|
73 cve="2019-9516" |
eecb26e2c4ab
nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2273
diff
changeset
|
74 good="1.17.3+, 1.16.1+" |
eecb26e2c4ab
nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2273
diff
changeset
|
75 vulnerable="1.9.5-1.17.2"> |
eecb26e2c4ab
nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2273
diff
changeset
|
76 </item> |
eecb26e2c4ab
nginx-1.17.3, nginx-1.16.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2273
diff
changeset
|
77 |
2272
3fa4584907b8
nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2011
diff
changeset
|
78 <item name="Excessive memory usage in HTTP/2" |
3fa4584907b8
nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2011
diff
changeset
|
79 severity="low" |
2273 | 80 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html" |
2272
3fa4584907b8
nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2011
diff
changeset
|
81 cve="2018-16843" |
3fa4584907b8
nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2011
diff
changeset
|
82 good="1.15.6+, 1.14.1+" |
3fa4584907b8
nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2011
diff
changeset
|
83 vulnerable="1.9.5-1.15.5"> |
3fa4584907b8
nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2011
diff
changeset
|
84 </item> |
3fa4584907b8
nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2011
diff
changeset
|
85 |
3fa4584907b8
nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2011
diff
changeset
|
86 <item name="Excessive CPU usage in HTTP/2" |
3fa4584907b8
nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2011
diff
changeset
|
87 severity="low" |
2273 | 88 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html" |
2272
3fa4584907b8
nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2011
diff
changeset
|
89 cve="2018-16844" |
3fa4584907b8
nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2011
diff
changeset
|
90 good="1.15.6+, 1.14.1+" |
3fa4584907b8
nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2011
diff
changeset
|
91 vulnerable="1.9.5-1.15.5"> |
3fa4584907b8
nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2011
diff
changeset
|
92 </item> |
3fa4584907b8
nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2011
diff
changeset
|
93 |
3fa4584907b8
nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2011
diff
changeset
|
94 <item name="Memory disclosure in the ngx_http_mp4_module" |
3fa4584907b8
nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2011
diff
changeset
|
95 severity="medium" |
2273 | 96 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html" |
2272
3fa4584907b8
nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2011
diff
changeset
|
97 cve="2018-16845" |
3fa4584907b8
nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2011
diff
changeset
|
98 good="1.15.6+, 1.14.1+" |
3fa4584907b8
nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2011
diff
changeset
|
99 vulnerable="1.1.3-1.15.5, 1.0.7-1.0.15"> |
3fa4584907b8
nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2011
diff
changeset
|
100 <patch name="patch.2018.mp4.txt" /> |
3fa4584907b8
nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2011
diff
changeset
|
101 </item> |
3fa4584907b8
nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
2011
diff
changeset
|
102 |
2010
18ff9016b82f
nginx-1.13.3, nginx-1.12.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1716
diff
changeset
|
103 <item name="Integer overflow in the range filter" |
18ff9016b82f
nginx-1.13.3, nginx-1.12.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1716
diff
changeset
|
104 severity="medium" |
2011
cf8d95bfcf72
Range filter advisory link added.
Maxim Dounin <mdounin@mdounin.ru>
parents:
2010
diff
changeset
|
105 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html" |
2010
18ff9016b82f
nginx-1.13.3, nginx-1.12.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1716
diff
changeset
|
106 cve="2017-7529" |
18ff9016b82f
nginx-1.13.3, nginx-1.12.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1716
diff
changeset
|
107 good="1.13.3+, 1.12.1+" |
18ff9016b82f
nginx-1.13.3, nginx-1.12.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1716
diff
changeset
|
108 vulnerable="0.5.6-1.13.2"> |
18ff9016b82f
nginx-1.13.3, nginx-1.12.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1716
diff
changeset
|
109 <patch name="patch.2017.ranges.txt" /> |
18ff9016b82f
nginx-1.13.3, nginx-1.12.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1716
diff
changeset
|
110 </item> |
18ff9016b82f
nginx-1.13.3, nginx-1.12.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1716
diff
changeset
|
111 |
1715
ce35c4764409
nginx-1.11.1, nginx-1.10.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1647
diff
changeset
|
112 <item name="NULL pointer dereference while writing client request body" |
ce35c4764409
nginx-1.11.1, nginx-1.10.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1647
diff
changeset
|
113 severity="medium" |
1716
ecea2f0d22b6
Write request body advisory link updated.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1715
diff
changeset
|
114 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html" |
1715
ce35c4764409
nginx-1.11.1, nginx-1.10.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1647
diff
changeset
|
115 cve="2016-4450" |
ce35c4764409
nginx-1.11.1, nginx-1.10.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1647
diff
changeset
|
116 good="1.11.1+, 1.10.1+" |
ce35c4764409
nginx-1.11.1, nginx-1.10.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1647
diff
changeset
|
117 vulnerable="1.3.9-1.11.0"> |
ce35c4764409
nginx-1.11.1, nginx-1.10.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1647
diff
changeset
|
118 <patch name="patch.2016.write.txt" versions="1.9.13-1.11.0" /> |
ce35c4764409
nginx-1.11.1, nginx-1.10.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1647
diff
changeset
|
119 <patch name="patch.2016.write2.txt" versions="1.3.9-1.9.12" /> |
ce35c4764409
nginx-1.11.1, nginx-1.10.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1647
diff
changeset
|
120 </item> |
ce35c4764409
nginx-1.11.1, nginx-1.10.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1647
diff
changeset
|
121 |
1645
d4b29af80036
nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1292
diff
changeset
|
122 <item name="Invalid pointer dereference in resolver" |
d4b29af80036
nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1292
diff
changeset
|
123 severity="medium" |
1647 | 124 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html" |
1645
d4b29af80036
nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1292
diff
changeset
|
125 cve="2016-0742" |
d4b29af80036
nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1292
diff
changeset
|
126 good="1.9.10+, 1.8.1+" |
d4b29af80036
nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1292
diff
changeset
|
127 vulnerable="0.6.18-1.9.9" /> |
d4b29af80036
nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1292
diff
changeset
|
128 |
d4b29af80036
nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1292
diff
changeset
|
129 <item name="Use-after-free during CNAME response processing in resolver" |
d4b29af80036
nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1292
diff
changeset
|
130 severity="medium" |
1647 | 131 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html" |
1645
d4b29af80036
nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1292
diff
changeset
|
132 cve="2016-0746" |
d4b29af80036
nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1292
diff
changeset
|
133 good="1.9.10+, 1.8.1+" |
d4b29af80036
nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1292
diff
changeset
|
134 vulnerable="0.6.18-1.9.9" /> |
d4b29af80036
nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1292
diff
changeset
|
135 |
d4b29af80036
nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1292
diff
changeset
|
136 <item name="Insufficient limits of CNAME resolution in resolver" |
d4b29af80036
nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1292
diff
changeset
|
137 severity="medium" |
1647 | 138 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html" |
1645
d4b29af80036
nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1292
diff
changeset
|
139 cve="2016-0747" |
d4b29af80036
nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1292
diff
changeset
|
140 good="1.9.10+, 1.8.1+" |
d4b29af80036
nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1292
diff
changeset
|
141 vulnerable="0.6.18-1.9.9" /> |
d4b29af80036
nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1292
diff
changeset
|
142 |
1292
bb18e3bd3fb9
nginx-1.7.5, nginx-1.6.2
Maxim Dounin <mdounin@mdounin.ru>
parents:
1265
diff
changeset
|
143 <item name="SSL session reuse vulnerability" |
bb18e3bd3fb9
nginx-1.7.5, nginx-1.6.2
Maxim Dounin <mdounin@mdounin.ru>
parents:
1265
diff
changeset
|
144 severity="medium" |
1647 | 145 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html" |
1292
bb18e3bd3fb9
nginx-1.7.5, nginx-1.6.2
Maxim Dounin <mdounin@mdounin.ru>
parents:
1265
diff
changeset
|
146 cve="2014-3616" |
bb18e3bd3fb9
nginx-1.7.5, nginx-1.6.2
Maxim Dounin <mdounin@mdounin.ru>
parents:
1265
diff
changeset
|
147 good="1.7.5+, 1.6.2+" |
bb18e3bd3fb9
nginx-1.7.5, nginx-1.6.2
Maxim Dounin <mdounin@mdounin.ru>
parents:
1265
diff
changeset
|
148 vulnerable="0.5.6-1.7.4"> |
bb18e3bd3fb9
nginx-1.7.5, nginx-1.6.2
Maxim Dounin <mdounin@mdounin.ru>
parents:
1265
diff
changeset
|
149 </item> |
bb18e3bd3fb9
nginx-1.7.5, nginx-1.6.2
Maxim Dounin <mdounin@mdounin.ru>
parents:
1265
diff
changeset
|
150 |
1264
f6d12250cda5
nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1100
diff
changeset
|
151 <item name="STARTTLS command injection" |
f6d12250cda5
nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1100
diff
changeset
|
152 severity="medium" |
1265
ba6da8f0ecd2
Added STARTTLS advisory link.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1264
diff
changeset
|
153 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html" |
1264
f6d12250cda5
nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1100
diff
changeset
|
154 cve="2014-3556" |
f6d12250cda5
nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1100
diff
changeset
|
155 good="1.7.4+, 1.6.1+" |
f6d12250cda5
nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1100
diff
changeset
|
156 vulnerable="1.5.6-1.7.3"> |
f6d12250cda5
nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1100
diff
changeset
|
157 <patch name="patch.2014.starttls.txt" /> |
f6d12250cda5
nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1100
diff
changeset
|
158 </item> |
f6d12250cda5
nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents:
1100
diff
changeset
|
159 |
1098
bc2a379c4cb6
nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents:
1094
diff
changeset
|
160 <item name="SPDY heap buffer overflow" |
bc2a379c4cb6
nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents:
1094
diff
changeset
|
161 severity="major" |
1100
287c2a9c9d63
Added spdy2 advisory link.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1098
diff
changeset
|
162 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html" |
1098
bc2a379c4cb6
nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents:
1094
diff
changeset
|
163 cve="2014-0133" |
bc2a379c4cb6
nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents:
1094
diff
changeset
|
164 good="1.5.12+, 1.4.7+" |
bc2a379c4cb6
nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents:
1094
diff
changeset
|
165 vulnerable="1.3.15-1.5.11"> |
bc2a379c4cb6
nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents:
1094
diff
changeset
|
166 <patch name="patch.2014.spdy2.txt" /> |
bc2a379c4cb6
nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents:
1094
diff
changeset
|
167 </item> |
bc2a379c4cb6
nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents:
1094
diff
changeset
|
168 |
1092
fbb81cb6b012
nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents:
1014
diff
changeset
|
169 <item name="SPDY memory corruption" |
fbb81cb6b012
nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents:
1014
diff
changeset
|
170 severity="major" |
1094
1171d273df8f
Added SPDY advisory link.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1092
diff
changeset
|
171 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html" |
1092
fbb81cb6b012
nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents:
1014
diff
changeset
|
172 cve="2014-0088" |
fbb81cb6b012
nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents:
1014
diff
changeset
|
173 good="1.5.11+" |
fbb81cb6b012
nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents:
1014
diff
changeset
|
174 vulnerable="1.5.10"> |
fbb81cb6b012
nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents:
1014
diff
changeset
|
175 <patch name="patch.2014.spdy.txt" /> |
fbb81cb6b012
nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents:
1014
diff
changeset
|
176 </item> |
fbb81cb6b012
nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents:
1014
diff
changeset
|
177 |
1012 | 178 <item name="Request line parsing vulnerability" |
179 severity="medium" | |
1013
48fe3c9534bd
Added link to request line parsing advisory.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1012
diff
changeset
|
180 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html" |
1012 | 181 cve="2013-4547" |
182 good="1.5.7+, 1.4.4+" | |
1014 | 183 vulnerable="0.8.41-1.5.6"> |
1012 | 184 <patch name="patch.2013.space.txt" /> |
185 </item> | |
186 | |
906
ec5d7bb1d40c
Added CVE-2013-2070 advisory link.
Maxim Dounin <mdounin@mdounin.ru>
parents:
904
diff
changeset
|
187 <item name="Memory disclosure with specially crafted HTTP backend responses" |
904 | 188 severity="medium" |
906
ec5d7bb1d40c
Added CVE-2013-2070 advisory link.
Maxim Dounin <mdounin@mdounin.ru>
parents:
904
diff
changeset
|
189 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html" |
904 | 190 cve="2013-2070" |
191 good="1.5.0+, 1.4.1+, 1.2.9+" | |
192 vulnerable="1.1.4-1.2.8, 1.3.9-1.4.0"> | |
193 <patch name="patch.2013.chunked.txt" versions="1.3.9-1.4.0" /> | |
194 <patch name="patch.2013.proxy.txt" versions="1.1.4-1.2.8" /> | |
195 </item> | |
196 | |
899 | 197 <item name="Stack-based buffer overflow with specially crafted request" |
198 severity="major" | |
901
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
199 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html" |
899 | 200 cve="2013-2028" |
201 good="1.5.0+, 1.4.1+" | |
901
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
202 vulnerable="1.3.9-1.4.0"> |
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
203 <patch name="patch.2013.chunked.txt" /> |
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
204 </item> |
899 | 205 |
525
1dca638da1eb
Win32 security issue added.
Maxim Dounin <mdounin@mdounin.ru>
parents:
488
diff
changeset
|
206 <item name="Vulnerabilities with Windows directory aliases" |
1dca638da1eb
Win32 security issue added.
Maxim Dounin <mdounin@mdounin.ru>
parents:
488
diff
changeset
|
207 severity="medium" |
909
ef5485fb932d
2012 security advisories added.
Maxim Konovalov <maxim@nginx.com>
parents:
906
diff
changeset
|
208 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2012/000086.html" |
525
1dca638da1eb
Win32 security issue added.
Maxim Dounin <mdounin@mdounin.ru>
parents:
488
diff
changeset
|
209 cve="2011-4963" |
1dca638da1eb
Win32 security issue added.
Maxim Dounin <mdounin@mdounin.ru>
parents:
488
diff
changeset
|
210 good="1.3.1+, 1.2.1+" |
1dca638da1eb
Win32 security issue added.
Maxim Dounin <mdounin@mdounin.ru>
parents:
488
diff
changeset
|
211 vulnerable="nginx/Windows 0.7.52-1.3.0" /> |
1dca638da1eb
Win32 security issue added.
Maxim Dounin <mdounin@mdounin.ru>
parents:
488
diff
changeset
|
212 |
487
2406529bc838
nginx-1.1.19, nginx-1.0.15
Maxim Dounin <mdounin@mdounin.ru>
parents:
472
diff
changeset
|
213 <item name="Buffer overflow in the ngx_http_mp4_module" |
2406529bc838
nginx-1.1.19, nginx-1.0.15
Maxim Dounin <mdounin@mdounin.ru>
parents:
472
diff
changeset
|
214 severity="major" |
909
ef5485fb932d
2012 security advisories added.
Maxim Konovalov <maxim@nginx.com>
parents:
906
diff
changeset
|
215 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2012/000080.html" |
487
2406529bc838
nginx-1.1.19, nginx-1.0.15
Maxim Dounin <mdounin@mdounin.ru>
parents:
472
diff
changeset
|
216 cve="2012-2089" |
2406529bc838
nginx-1.1.19, nginx-1.0.15
Maxim Dounin <mdounin@mdounin.ru>
parents:
472
diff
changeset
|
217 good="1.1.19+, 1.0.15+" |
901
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
218 vulnerable="1.1.3-1.1.18, 1.0.7-1.0.14"> |
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
219 <patch name="patch.2012.mp4.txt" /> |
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
220 </item> |
487
2406529bc838
nginx-1.1.19, nginx-1.0.15
Maxim Dounin <mdounin@mdounin.ru>
parents:
472
diff
changeset
|
221 |
445
86d441d817dd
nginx-1.1.17, nginx-1.0.14
Maxim Dounin <mdounin@mdounin.ru>
parents:
247
diff
changeset
|
222 <item name="Memory disclosure with specially crafted backend responses" |
86d441d817dd
nginx-1.1.17, nginx-1.0.14
Maxim Dounin <mdounin@mdounin.ru>
parents:
247
diff
changeset
|
223 severity="major" |
909
ef5485fb932d
2012 security advisories added.
Maxim Konovalov <maxim@nginx.com>
parents:
906
diff
changeset
|
224 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2012/000076.html" |
472
7054e1c9c9c2
Added CVE ID to the latest security advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
458
diff
changeset
|
225 cve="2012-1180" |
445
86d441d817dd
nginx-1.1.17, nginx-1.0.14
Maxim Dounin <mdounin@mdounin.ru>
parents:
247
diff
changeset
|
226 good="1.1.17+, 1.0.14+" |
901
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
227 vulnerable="0.1.0-1.1.16"> |
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
228 <patch name="patch.2012.memory.txt" /> |
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
229 </item> |
445
86d441d817dd
nginx-1.1.17, nginx-1.0.14
Maxim Dounin <mdounin@mdounin.ru>
parents:
247
diff
changeset
|
230 |
488
78ab3599e1fe
Added CVE-2011-4315 (buffer overflow in resolver).
Maxim Dounin <mdounin@mdounin.ru>
parents:
487
diff
changeset
|
231 <item name="Buffer overflow in resolver" |
78ab3599e1fe
Added CVE-2011-4315 (buffer overflow in resolver).
Maxim Dounin <mdounin@mdounin.ru>
parents:
487
diff
changeset
|
232 severity="medium" |
78ab3599e1fe
Added CVE-2011-4315 (buffer overflow in resolver).
Maxim Dounin <mdounin@mdounin.ru>
parents:
487
diff
changeset
|
233 cve="2011-4315" |
78ab3599e1fe
Added CVE-2011-4315 (buffer overflow in resolver).
Maxim Dounin <mdounin@mdounin.ru>
parents:
487
diff
changeset
|
234 good="1.1.8+, 1.0.10+" |
78ab3599e1fe
Added CVE-2011-4315 (buffer overflow in resolver).
Maxim Dounin <mdounin@mdounin.ru>
parents:
487
diff
changeset
|
235 vulnerable="0.6.18-1.1.7" /> |
78ab3599e1fe
Added CVE-2011-4315 (buffer overflow in resolver).
Maxim Dounin <mdounin@mdounin.ru>
parents:
487
diff
changeset
|
236 |
123
7db449e89e92
Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents:
50
diff
changeset
|
237 <item name="Vulnerabilities with invalid UTF-8 sequence on Windows" |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
238 severity="major" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
239 cve="2010-2266" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
240 good="0.8.41+, 0.7.67+" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
241 vulnerable="nginx/Windows 0.7.52-0.8.40" /> |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
242 |
123
7db449e89e92
Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents:
50
diff
changeset
|
243 <item name="Vulnerabilities with Windows file default stream" |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
244 severity="major" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
245 cve="2010-2263" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
246 good="0.8.40+, 0.7.66+" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
247 vulnerable="nginx/Windows 0.7.52-0.8.39" /> |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
248 |
123
7db449e89e92
Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents:
50
diff
changeset
|
249 <item name="Vulnerabilities with Windows 8.3 filename pseudonyms" |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
250 severity="major" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
251 core="CORE-2010-0121" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
252 href="http://www.coresecurity.com/content/filename-pseudonyms-vulnerabilities" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
253 good="0.8.33+, 0.7.65+" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
254 vulnerable="nginx/Windows 0.7.52-0.8.32" /> |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
255 |
123
7db449e89e92
Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents:
50
diff
changeset
|
256 <item name="An error log data are not sanitized" |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
257 severity="none" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
258 cve="2009-4487" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
259 good="none" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
260 vulnerable="all" /> |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
261 |
123
7db449e89e92
Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents:
50
diff
changeset
|
262 <item name="The renegotiation vulnerability in SSL protocol" |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
263 severity="major" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
264 cert="120541" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
265 cve="2009-3555" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
266 good="0.8.23+, 0.7.64+" |
901
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
267 vulnerable="0.1.0-0.8.22"> |
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
268 <patch name="patch.cve-2009-3555.txt" /> |
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
269 </item> |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
270 |
123
7db449e89e92
Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents:
50
diff
changeset
|
271 <item name="Directory traversal vulnerability" |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
272 severity="minor" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
273 cve="2009-3898" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
274 good="0.8.17+, 0.7.63+" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
275 vulnerable="0.1.0-0.8.16" /> |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
276 |
123
7db449e89e92
Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents:
50
diff
changeset
|
277 <item name="Buffer underflow vulnerability" |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
278 severity="major" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
279 cert="180065" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
280 cve="2009-2629" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
281 good="0.8.15+, 0.7.62+, 0.6.39+, 0.5.38+" |
901
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
282 vulnerable="0.1.0-0.8.14"> |
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
283 <patch name="patch.180065.txt" /> |
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
284 </item> |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
285 |
123
7db449e89e92
Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents:
50
diff
changeset
|
286 <item name="Null pointer dereference vulnerability" |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
287 severity="major" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
288 cve="2009-3896" |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
289 good="0.8.14+, 0.7.62+, 0.6.39+, 0.5.38+" |
901
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
290 vulnerable="0.1.0-0.8.13"> |
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
291 <patch name="patch.null.pointer.txt" /> |
8f674c48b879
Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
899
diff
changeset
|
292 </item> |
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
293 |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
294 </security> |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
295 |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
296 </section> |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
297 |
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
298 </article> |