var-201811-0986
Vulnerability from variot
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file. nginx Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. nginx is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause denial-of-service conditions. Versions prior to nginx 1.15.6 and 1.14.1 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev.
For the stable distribution (stretch), these problems have been fixed in version 1.10.3-1+deb9u2.
We recommend that you upgrade your nginx packages. ========================================================================== Ubuntu Security Notice USN-3812-1 November 07, 2018
nginx vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in nginx.
Software Description: - nginx: small, powerful, scalable web/proxy server
Details:
It was discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16843)
Gal Goldshtein discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive CPU usage, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16844)
It was discovered that nginx incorrectly handled the ngx_http_mp4_module module. A remote attacker could possibly use this issue with a specially crafted mp4 file to cause nginx to crash, stop responding, or access arbitrary memory. (CVE-2018-16845)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.10: nginx-common 1.15.5-0ubuntu2.1 nginx-core 1.15.5-0ubuntu2.1 nginx-extras 1.15.5-0ubuntu2.1 nginx-full 1.15.5-0ubuntu2.1 nginx-light 1.15.5-0ubuntu2.1
Ubuntu 18.04 LTS: nginx-common 1.14.0-0ubuntu1.2 nginx-core 1.14.0-0ubuntu1.2 nginx-extras 1.14.0-0ubuntu1.2 nginx-full 1.14.0-0ubuntu1.2 nginx-light 1.14.0-0ubuntu1.2
Ubuntu 16.04 LTS: nginx-common 1.10.3-0ubuntu0.16.04.3 nginx-core 1.10.3-0ubuntu0.16.04.3 nginx-extras 1.10.3-0ubuntu0.16.04.3 nginx-full 1.10.3-0ubuntu0.16.04.3 nginx-light 1.10.3-0ubuntu0.16.04.3
Ubuntu 14.04 LTS: nginx-common 1.4.6-1ubuntu3.9 nginx-core 1.4.6-1ubuntu3.9 nginx-extras 1.4.6-1ubuntu3.9 nginx-full 1.4.6-1ubuntu3.9 nginx-light 1.4.6-1ubuntu3.9
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: rh-nginx114-nginx security update Advisory ID: RHSA-2018:3681-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2018:3681 Issue date: 2018-11-27 CVE Names: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 ==================================================================== 1. Summary:
An update for rh-nginx114-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
The following packages have been upgraded to a later upstream version: rh-nginx114-nginx (1.14.1).
Red Hat would like to thank the Nginx project for reporting these issues.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx114-nginx service must be restarted for this update to take effect.
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx114-nginx-1.14.1-1.el7.src.rpm
aarch64: rh-nginx114-nginx-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.aarch64.rpm
ppc64le: rh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm
s390x: rh-nginx114-nginx-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx114-nginx-1.14.1-1.el7.src.rpm
aarch64: rh-nginx114-nginx-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.aarch64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.aarch64.rpm
ppc64le: rh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm
s390x: rh-nginx114-nginx-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm
x86_64: rh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source: rh-nginx114-nginx-1.14.1-1.el7.src.rpm
ppc64le: rh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm
s390x: rh-nginx114-nginx-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm
x86_64: rh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: rh-nginx114-nginx-1.14.1-1.el7.src.rpm
ppc64le: rh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm
s390x: rh-nginx114-nginx-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm
x86_64: rh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-nginx114-nginx-1.14.1-1.el7.src.rpm
ppc64le: rh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm
s390x: rh-nginx114-nginx-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm
x86_64: rh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx114-nginx-1.14.1-1.el7.src.rpm
x86_64: rh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm rh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-16843 https://access.redhat.com/security/cve/CVE-2018-16844 https://access.redhat.com/security/cve/CVE-2018-16845 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBW/0L0tzjgjWX9erEAQi/dA//TeRNgNBL26V6hp7bf1NojNPyPdOdgyEb VvJJMTCvsafmFT15/SzElx34Dy6OLqqreBkNj39zMH9fK64CS3XhjEAyazyp+kMO SEXRR8+0f1ZLcHRkR0ODWKqXI9yFYAWLjrq8pXw2877P8DrR2qm8O+e6HqFXU11w nIWJB/AvnoX2bAlXXkXfN4nX712bPXp435vI5YRizho+/Ihb/mRlWMx+Bn8ma/xW J793HiOmdZrugXTvn/34A8vPY04wRcn6tPhMzob6FT/CBLhsTXUmBbQxQUnNboaJ oaaf/RD+IIpgqpxEk41p+Jtq5SiOfQ9KB9gbyzXpaarjZwYLm3BwrpnIES6Cd3BM ScqMrIthu/9ZOQLpPET6ypuBYU53xwPHlhBBNnA+MGjz4mrvzc7WTgoFsV1VFAfY 3TXlFkfv6cRV5IEoHa4GBaR+1g2lzvi8iirep09bqtv5VFJsD+RwspY1OZOVB4st fXXSzVsWuzFGFYkFBTyuKzJkhBrl3BHjK8VRuBlNTBMvLa5Q+YmOmzAQAmmKoZYn JeBulCz6hSJ8lHN8GiQxkqeOMZz3XUe0L4mAdkk+UqBxUrB16nDRxBUVpqMbulJl IyAqBeA4ekIvf376D6Jh0VDEkLfpesjoFACdVwdjKzLJI9e7ljut81rwmCtmWT7i vpRowVLRFpwoP7 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-09-20-4 Xcode 13
Xcode 13 addresses the following issues.
IDE Xcode Server Available for: macOS Big Sur 11.3 and later Impact: Multiple issues in nginx Description: Multiple issues were addressed by updating nginx to version 1.21.0. CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2017-7529 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-20372
Installation note:
Xcode 13 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "Xcode 13"
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0986", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "ubuntu linux", scope: "eq", trust: 1, vendor: "canonical", version: "14.04", }, { model: "nginx", scope: "lt", trust: 1, vendor: "f5", version: "1.14.1", }, { model: "nginx", scope: "gte", trust: 1, vendor: "f5", version: "1.15.0", }, { model: "nginx", scope: "lt", trust: 1, vendor: "f5", version: "1.15.6", }, { model: "xcode", scope: "lt", trust: 1, vendor: "apple", version: "13.0", }, { model: "ubuntu linux", scope: "eq", trust: 1, vendor: "canonical", version: "18.10", }, { model: "nginx", scope: "gte", trust: 1, vendor: "f5", version: "1.9.5", }, { model: "ubuntu linux", scope: "eq", trust: 1, vendor: "canonical", version: "18.04", }, { model: "linux", scope: "eq", trust: 1, vendor: "debian", version: "9.0", }, { model: "ubuntu linux", scope: "eq", trust: 1, vendor: "canonical", version: "16.04", }, { model: "nginx", scope: "eq", trust: 0.9, vendor: "nginx", version: "1.0.9", }, { model: "nginx", scope: "eq", trust: 0.9, vendor: "nginx", version: "1.0.8", }, { model: "nginx", scope: "eq", trust: 0.9, vendor: "nginx", version: "1.0.7", }, { model: "ubuntu", scope: null, trust: 0.8, vendor: "canonical", version: null, }, { model: "gnu/linux", scope: null, trust: 0.8, vendor: "debian", version: null, }, { model: "nginx", scope: "lt", trust: 0.8, vendor: "igor sysoev", version: "1.14.1", }, { model: "nginx", scope: "lt", trust: 0.8, vendor: "igor sysoev", version: "1.15.6", }, { model: "nginx", scope: "eq", trust: 0.6, vendor: "nginx", version: "1.0.6", }, { model: "nginx", scope: "eq", trust: 0.6, vendor: "nginx", version: "1.0.5", }, { model: "nginx", scope: "eq", trust: 0.6, vendor: "nginx", version: "1.0.4", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "18.10", }, { model: "linux lts", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "18.04", }, { model: "linux lts", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "16.04", }, { model: "linux lts", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "14.04", }, { model: "software collections for rhel", scope: "eq", trust: 0.3, vendor: "redhat", version: "0", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.15.5", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.14", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.13.3", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.12.1", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.12", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.11.12", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.11.1", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.11", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.10.3", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.10.1", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.10", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.9.15", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.9.10", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.9.9", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.9.5", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.9", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.8.1", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.8", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.7.12", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.7", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.6.3", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.5.13", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.4.7", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.3.16", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.3.15", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.3.14", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.3.11", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.2.9", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.18", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.17", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.6.1", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.6.0", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.5.9", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.5.8", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.5.7", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.5.6", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.5.5", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.5.4", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.5.3", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.5.2", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.5.12", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.5.11", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.5.10", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.5.1", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.5.0", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.4.3", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.4.2", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.4.1", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.4.0", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.3.9", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.3.8", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.3.7", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.3.6", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.3.5", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.3.4", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.3.3", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.3.2", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.3.13", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.3.12", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.3.10", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.3.1", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.3.0", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.2.0", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.9", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.8", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.7", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.6", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.5", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.4", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.3", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.2", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.19", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.16", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.15", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.14", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.13", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.12", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.11", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.10", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.1", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.1.0", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.0.15", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.0.14", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.0.13", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.0.12", }, { model: "nginx", scope: "eq", trust: 0.3, vendor: "nginx", version: "1.0.10", }, { model: "nginx", scope: "ne", trust: 0.3, vendor: "nginx", version: "1.15.6", }, { model: "nginx", scope: "ne", trust: 0.3, vendor: "nginx", version: "1.14.1", }, ], sources: [ { db: "BID", id: "105868", }, { db: "JVNDB", id: "JVNDB-2018-011776", }, { db: "CNNVD", id: "CNNVD-201811-120", }, { db: "NVD", id: "CVE-2018-16844", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:canonical:ubuntu_linux", vulnerable: true, }, { cpe22Uri: "cpe:/o:debian:debian_linux", vulnerable: true, }, { cpe22Uri: "cpe:/a:igor_sysoev:nginx", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-011776", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Gal Goldshtein from F5 Networks, and Maxim Konovalov (Nginx)", sources: [ { db: "BID", id: "105868", }, ], trust: 0.3, }, cve: "CVE-2018-16844", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "CVE-2018-16844", impactScore: 6.9, integrityImpact: "NONE", severity: "HIGH", trust: 1.9, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "VHN-127244", impactScore: 6.9, integrityImpact: "NONE", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:N/I:N/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 3.9, id: "CVE-2018-16844", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "secalert@redhat.com", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 3.9, id: "CVE-2018-16844", impactScore: 1.4, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2018-16844", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2018-16844", trust: 1, value: "HIGH", }, { author: "secalert@redhat.com", id: "CVE-2018-16844", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "CVE-2018-16844", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-201811-120", trust: 0.6, value: "HIGH", }, { author: "VULHUB", id: "VHN-127244", trust: 0.1, value: "HIGH", }, { author: "VULMON", id: "CVE-2018-16844", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-127244", }, { db: "VULMON", id: "CVE-2018-16844", }, { db: "JVNDB", id: "JVNDB-2018-011776", }, { db: "CNNVD", id: "CNNVD-201811-120", }, { db: "NVD", id: "CVE-2018-16844", }, { db: "NVD", id: "CVE-2018-16844", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file. nginx Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. nginx is prone to multiple denial-of-service vulnerabilities. \nAttackers can exploit these issues to cause denial-of-service conditions. \nVersions prior to nginx 1.15.6 and 1.14.1 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.10.3-1+deb9u2. \n\nWe recommend that you upgrade your nginx packages. ==========================================================================\nUbuntu Security Notice USN-3812-1\nNovember 07, 2018\n\nnginx vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in nginx. \n\nSoftware Description:\n- nginx: small, powerful, scalable web/proxy server\n\nDetails:\n\nIt was discovered that nginx incorrectly handled the HTTP/2 implementation. \nA remote attacker could possibly use this issue to cause excessive memory\nconsumption, leading to a denial of service. This issue only affected\nUbuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16843)\n\nGal Goldshtein discovered that nginx incorrectly handled the HTTP/2\nimplementation. A remote attacker could possibly use this issue to cause\nexcessive CPU usage, leading to a denial of service. This issue only\naffected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. \n(CVE-2018-16844)\n\nIt was discovered that nginx incorrectly handled the ngx_http_mp4_module\nmodule. A remote attacker could possibly use this issue with a specially\ncrafted mp4 file to cause nginx to crash, stop responding, or access\narbitrary memory. (CVE-2018-16845)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.10:\n nginx-common 1.15.5-0ubuntu2.1\n nginx-core 1.15.5-0ubuntu2.1\n nginx-extras 1.15.5-0ubuntu2.1\n nginx-full 1.15.5-0ubuntu2.1\n nginx-light 1.15.5-0ubuntu2.1\n\nUbuntu 18.04 LTS:\n nginx-common 1.14.0-0ubuntu1.2\n nginx-core 1.14.0-0ubuntu1.2\n nginx-extras 1.14.0-0ubuntu1.2\n nginx-full 1.14.0-0ubuntu1.2\n nginx-light 1.14.0-0ubuntu1.2\n\nUbuntu 16.04 LTS:\n nginx-common 1.10.3-0ubuntu0.16.04.3\n nginx-core 1.10.3-0ubuntu0.16.04.3\n nginx-extras 1.10.3-0ubuntu0.16.04.3\n nginx-full 1.10.3-0ubuntu0.16.04.3\n nginx-light 1.10.3-0ubuntu0.16.04.3\n\nUbuntu 14.04 LTS:\n nginx-common 1.4.6-1ubuntu3.9\n nginx-core 1.4.6-1ubuntu3.9\n nginx-extras 1.4.6-1ubuntu3.9\n nginx-full 1.4.6-1ubuntu3.9\n nginx-light 1.4.6-1ubuntu3.9\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: rh-nginx114-nginx security update\nAdvisory ID: RHSA-2018:3681-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:3681\nIssue date: 2018-11-27\nCVE Names: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845\n====================================================================\n1. Summary:\n\nAn update for rh-nginx114-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nnginx is a web and proxy server supporting HTTP and other protocols, with a\nfocus on high concurrency, performance, and low memory usage. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nginx114-nginx (1.14.1). \n\nRed Hat would like to thank the Nginx project for reporting these issues. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx114-nginx service must be restarted for this update to take\neffect. \n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.src.rpm\n\naarch64:\nrh-nginx114-nginx-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.aarch64.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.src.rpm\n\naarch64:\nrh-nginx114-nginx-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.aarch64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.aarch64.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.src.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.src.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.src.rpm\n\nppc64le:\nrh-nginx114-nginx-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.ppc64le.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.ppc64le.rpm\n\ns390x:\nrh-nginx114-nginx-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.s390x.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.s390x.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx114-nginx-1.14.1-1.el7.src.rpm\n\nx86_64:\nrh-nginx114-nginx-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-debuginfo-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-image-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-perl-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-http-xslt-filter-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-mail-1.14.1-1.el7.x86_64.rpm\nrh-nginx114-nginx-mod-stream-1.14.1-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-16843\nhttps://access.redhat.com/security/cve/CVE-2018-16844\nhttps://access.redhat.com/security/cve/CVE-2018-16845\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is <secalert@redhat.com>. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW/0L0tzjgjWX9erEAQi/dA//TeRNgNBL26V6hp7bf1NojNPyPdOdgyEb\nVvJJMTCvsafmFT15/SzElx34Dy6OLqqreBkNj39zMH9fK64CS3XhjEAyazyp+kMO\nSEXRR8+0f1ZLcHRkR0ODWKqXI9yFYAWLjrq8pXw2877P8DrR2qm8O+e6HqFXU11w\nnIWJB/AvnoX2bAlXXkXfN4nX712bPXp435vI5YRizho+/Ihb/mRlWMx+Bn8ma/xW\nJ793HiOmdZrugXTvn/34A8vPY04wRcn6tPhMzob6FT/CBLhsTXUmBbQxQUnNboaJ\noaaf/RD+IIpgqpxEk41p+Jtq5SiOfQ9KB9gbyzXpaarjZwYLm3BwrpnIES6Cd3BM\nScqMrIthu/9ZOQLpPET6ypuBYU53xwPHlhBBNnA+MGjz4mrvzc7WTgoFsV1VFAfY\n3TXlFkfv6cRV5IEoHa4GBaR+1g2lzvi8iirep09bqtv5VFJsD+RwspY1OZOVB4st\nfXXSzVsWuzFGFYkFBTyuKzJkhBrl3BHjK8VRuBlNTBMvLa5Q+YmOmzAQAmmKoZYn\nJeBulCz6hSJ8lHN8GiQxkqeOMZz3XUe0L4mAdkk+UqBxUrB16nDRxBUVpqMbulJl\nIyAqBeA4ekIvf376D6Jh0VDEkLfpesjoFACdVwdjKzLJI9e7ljut81rwmCtmWT7i\nvpRowVLRFpwoP7\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-09-20-4 Xcode 13\n\nXcode 13 addresses the following issues. \n\nIDE Xcode Server\nAvailable for: macOS Big Sur 11.3 and later\nImpact: Multiple issues in nginx\nDescription: Multiple issues were addressed by updating nginx to\nversion 1.21.0. \nCVE-2016-0742\nCVE-2016-0746\nCVE-2016-0747\nCVE-2017-7529\nCVE-2018-16843\nCVE-2018-16844\nCVE-2018-16845\nCVE-2019-20372\n\nInstallation note:\n\nXcode 13 may be obtained from:\n\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"Xcode 13\"", sources: [ { db: "NVD", id: "CVE-2018-16844", }, { db: "JVNDB", id: "JVNDB-2018-011776", }, { db: "BID", id: "105868", }, { db: "VULHUB", id: "VHN-127244", }, { db: "VULMON", id: "CVE-2018-16844", }, { db: "PACKETSTORM", id: "150253", }, { db: "PACKETSTORM", id: "150214", }, { db: "PACKETSTORM", id: "150480", }, { db: "PACKETSTORM", id: "150481", }, { db: "PACKETSTORM", id: "164240", }, ], trust: 2.52, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-16844", trust: 3.4, }, { db: "BID", id: "105868", trust: 2, }, { db: "SECTRACK", id: "1042038", trust: 1.7, }, { db: "JVNDB", id: "JVNDB-2018-011776", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201811-120", trust: 0.7, }, { db: "PACKETSTORM", id: "164240", trust: 0.7, }, { db: "AUSCERT", id: "ESB-2019.3384", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2019.0451", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2021.3157", trust: 0.6, }, { db: "CS-HELP", id: "SB2022042571", trust: 0.6, }, { db: "VULHUB", id: "VHN-127244", trust: 0.1, }, { db: "VULMON", id: "CVE-2018-16844", trust: 0.1, }, { db: "PACKETSTORM", id: "150253", trust: 0.1, }, { db: "PACKETSTORM", id: "150214", trust: 0.1, }, { db: "PACKETSTORM", id: "150480", trust: 0.1, }, { db: "PACKETSTORM", id: "150481", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-127244", }, { db: "VULMON", id: "CVE-2018-16844", }, { db: "BID", id: "105868", }, { db: "JVNDB", id: "JVNDB-2018-011776", }, { db: "PACKETSTORM", id: "150253", }, { db: "PACKETSTORM", id: "150214", }, { db: "PACKETSTORM", id: "150480", }, { db: "PACKETSTORM", id: "150481", }, { db: "PACKETSTORM", id: "164240", }, { db: "CNNVD", id: "CNNVD-201811-120", }, { db: "NVD", id: "CVE-2018-16844", }, ], }, id: "VAR-201811-0986", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-127244", }, ], trust: 0.01, }, last_update_date: "2024-11-23T19:51:22.194000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "DSA-4335", trust: 0.8, url: "https://www.debian.org/security/2018/dsa-4335", }, { title: "USN-3812-1", trust: 0.8, url: "https://usn.ubuntu.com/3812-1/", }, { title: "CVE-2018-16843, CVE-2018-16844", trust: 0.8, url: "http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html", }, { title: "Nginx Security vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=86627", }, { title: "Red Hat: Important: rh-nginx114-nginx security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20183681 - Security Advisory", }, { title: "Red Hat: Important: rh-nginx112-nginx security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20183680 - Security Advisory", }, { title: "Ubuntu Security Notice: nginx vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3812-1", }, { title: "Debian CVElist Bug Report Logs: nginx: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=f21dcb5d073b4fb671c738fa256c2347", }, { title: "Red Hat: CVE-2018-16844", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2018-16844", }, { title: "Amazon Linux AMI: ALAS-2018-1125", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2018-1125", }, { title: "anitazhaochen.github.io", trust: 0.1, url: "https://github.com/anitazhaochen/anitazhaochen.github.io ", }, ], sources: [ { db: "VULMON", id: "CVE-2018-16844", }, { db: "JVNDB", id: "JVNDB-2018-011776", }, { db: "CNNVD", id: "CNNVD-201811-120", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-400", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-127244", }, { db: "JVNDB", id: "JVNDB-2018-011776", }, { db: "NVD", id: "CVE-2018-16844", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16844", }, { trust: 2, url: "http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html", }, { trust: 2, url: "https://usn.ubuntu.com/3812-1/", }, { trust: 1.8, url: "https://access.redhat.com/errata/rhsa-2018:3680", }, { trust: 1.8, url: "https://access.redhat.com/errata/rhsa-2018:3681", }, { trust: 1.7, url: "http://www.securityfocus.com/bid/105868", }, { trust: 1.7, url: "https://support.apple.com/kb/ht212818", }, { trust: 1.7, url: "https://www.debian.org/security/2018/dsa-4335", }, { trust: 1.7, url: "http://seclists.org/fulldisclosure/2021/sep/36", }, { trust: 1.7, url: "http://www.securitytracker.com/id/1042038", }, { trust: 1.7, url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html", }, { trust: 1.3, url: "https://nvd.nist.gov/vuln/detail/cve-2018-16844", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16844", }, { trust: 0.6, url: "https://www.suse.com/support/update/announcement/2019/suse-su-20192309-1.html", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2019.3384/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/75522", }, { trust: 0.6, url: "https://www.ibm.com/support/docview.wss?uid=ibm10960610", }, { trust: 0.6, url: "https://support.apple.com/en-us/ht212818", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.3157", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022042571", }, { trust: 0.6, url: "https://packetstormsecurity.com/files/164240/apple-security-advisory-2021-09-20-4.html", }, { trust: 0.5, url: "https://access.redhat.com/security/cve/cve-2018-16843", }, { trust: 0.5, url: "https://access.redhat.com/security/cve/cve-2018-16844", }, { trust: 0.5, url: "https://access.redhat.com/security/cve/cve-2018-16845", }, { trust: 0.5, url: "https://nvd.nist.gov/vuln/detail/cve-2018-16843", }, { trust: 0.5, url: "https://nvd.nist.gov/vuln/detail/cve-2018-16845", }, { trust: 0.3, url: "http://nginx.org/", }, { trust: 0.3, url: "http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html", }, { trust: 0.3, url: "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16845", }, { trust: 0.3, url: "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16843", }, { trust: 0.2, url: "https://www.redhat.com/mailman/listinfo/rhsa-announce", }, { trust: 0.2, url: "https://access.redhat.com/security/team/contact/", }, { trust: 0.2, url: "https://bugzilla.redhat.com/):", }, { trust: 0.2, url: "https://access.redhat.com/security/team/key/", }, { trust: 0.2, url: "https://access.redhat.com/articles/11258", }, { trust: 0.2, url: "https://access.redhat.com/security/updates/classification/#important", }, { trust: 0.1, url: "https://security-tracker.debian.org/tracker/nginx", }, { trust: 0.1, url: "https://www.debian.org/security/faq", }, { trust: 0.1, url: "https://www.debian.org/security/", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/nginx/1.14.0-0ubuntu1.2", }, { trust: 0.1, url: "https://usn.ubuntu.com/usn/usn-3812-1", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.9", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/nginx/1.15.5-0ubuntu2.1", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/nginx/1.10.3-0ubuntu0.16.04.3", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-20372", }, { trust: 0.1, url: "https://support.apple.com/kb/ht201222", }, { trust: 0.1, url: "https://www.apple.com/support/security/pgp/", }, { trust: 0.1, url: "https://developer.apple.com/xcode/downloads/", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-0746", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-0747", }, { trust: 0.1, url: "https://support.apple.com/ht212818.", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-0742", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-7529", }, ], sources: [ { db: "VULHUB", id: "VHN-127244", }, { db: "BID", id: "105868", }, { db: "JVNDB", id: "JVNDB-2018-011776", }, { db: "PACKETSTORM", id: "150253", }, { db: "PACKETSTORM", id: "150214", }, { db: "PACKETSTORM", id: "150480", }, { db: "PACKETSTORM", id: "150481", }, { db: "PACKETSTORM", id: "164240", }, { db: "CNNVD", id: "CNNVD-201811-120", }, { db: "NVD", id: "CVE-2018-16844", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-127244", }, { db: "VULMON", id: "CVE-2018-16844", }, { db: "BID", id: "105868", }, { db: "JVNDB", id: "JVNDB-2018-011776", }, { db: "PACKETSTORM", id: "150253", }, { db: "PACKETSTORM", id: "150214", }, { db: "PACKETSTORM", id: "150480", }, { db: "PACKETSTORM", id: "150481", }, { db: "PACKETSTORM", id: "164240", }, { db: "CNNVD", id: "CNNVD-201811-120", }, { db: "NVD", id: "CVE-2018-16844", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-11-07T00:00:00", db: "VULHUB", id: "VHN-127244", }, { date: "2018-11-07T00:00:00", db: "VULMON", id: "CVE-2018-16844", }, { date: "2018-11-06T00:00:00", db: "BID", id: "105868", }, { date: "2019-01-23T00:00:00", db: "JVNDB", id: "JVNDB-2018-011776", }, { date: "2018-11-12T16:57:53", db: "PACKETSTORM", id: "150253", }, { date: "2018-11-07T17:35:27", db: "PACKETSTORM", id: "150214", }, { date: "2018-11-27T17:24:35", db: "PACKETSTORM", id: "150480", }, { date: "2018-11-27T17:24:48", db: "PACKETSTORM", id: "150481", }, { date: "2021-09-22T16:28:58", db: "PACKETSTORM", id: "164240", }, { date: "2018-11-07T00:00:00", db: "CNNVD", id: "CNNVD-201811-120", }, { date: "2018-11-07T14:29:00.837000", db: "NVD", id: "CVE-2018-16844", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-11-10T00:00:00", db: "VULHUB", id: "VHN-127244", }, { date: "2022-02-22T00:00:00", db: "VULMON", id: "CVE-2018-16844", }, { date: "2018-11-06T00:00:00", db: "BID", id: "105868", }, { date: "2019-01-23T00:00:00", db: "JVNDB", id: "JVNDB-2018-011776", }, { date: "2023-05-15T00:00:00", db: "CNNVD", id: "CNNVD-201811-120", }, { date: "2024-11-21T03:53:25.810000", db: "NVD", id: "CVE-2018-16844", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "PACKETSTORM", id: "150214", }, { db: "CNNVD", id: "CNNVD-201811-120", }, ], trust: 0.7, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "nginx Vulnerable to resource exhaustion", sources: [ { db: "JVNDB", id: "JVNDB-2018-011776", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-201811-120", }, ], trust: 0.6, }, }
Log in or create an account to share your comment.
This schema specifies the format of a comment related to a security advisory.
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.