GCVE - cpe:2.3:a:[unknown]:nginx:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:[unknown]:nginx:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	[Unknown] (`5b07108a-8f0c-5d28-ab99-c4ff62adb460`)
Product	Nginx (`55109585-a54f-59f6-810b-f5c21e2f40d1`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2018-16845`	vulnerable	2026-06-03 14:38:21.077908	Details available HIGH (8.2) nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module. Published: 2018-11-07T14:00:00.000Z Updated: 2024-08-05T10:32:54.012Z Open on db.gcve.eu Reference links https://www.debian.org/security/2018/dsa-4335 https://access.redhat.com/errata/RHSA-2018:3680 https://access.redhat.com/errata/RHSA-2018:3681 http://www.securityfocus.com/bid/105868 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16845	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-16844`	vulnerable	2026-06-03 14:38:21.077137	Details available MEDIUM (5.3) nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file. Published: 2018-11-07T14:00:00.000Z Updated: 2024-08-05T10:32:54.086Z Open on db.gcve.eu Reference links https://www.debian.org/security/2018/dsa-4335 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16844 https://access.redhat.com/errata/RHSA-2018:3680 https://access.redhat.com/errata/RHSA-2018:3681 http://www.securityfocus.com/bid/105868	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-16843`	vulnerable	2026-06-03 14:38:21.074560	Details available MEDIUM (5.3) nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file. Published: 2018-11-07T14:00:00.000Z Updated: 2024-08-05T10:32:54.156Z Open on db.gcve.eu Reference links https://www.debian.org/security/2018/dsa-4335 https://access.redhat.com/errata/RHSA-2018:3680 https://access.redhat.com/errata/RHSA-2018:3681 http://www.securityfocus.com/bid/105868 http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.