Aggregates CVE and security vulnerability intelligence across all nazgul-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk path handling and vendor risk denial of service, with potential vendor impact file overwrite across vendor surface software deployment and vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-48253 | nhttpd in Nostromo before 2.1 is vulnerable to a path traversal that may allow an attacker to execute arbitrary commands on the remote server. The vulnerability occurs when the homedirs option is used. | [email protected] | 9.8 | 33.53% | 2023-01-11 | 2025-04-08 |
| CVE-2019-16279 | A memory error in the function SSL_accept in nostromo nhttpd through 1.9.6 allows an attacker to trigger a denial of service via a crafted HTTP request. | [email protected] | 7.5 | 90.22% | 2019-10-14 | 2024-11-21 |
| CVE-2019-16278 KEV | Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request. | [email protected] | 9.8 | 94.39% | 2019-10-14 | 2025-11-06 |
| CVE-2011-0751 | Directory traversal vulnerability in nhttpd (aka Nostromo webserver) before 1.9.4 allows remote attackers to execute arbitrary programs or read arbitrary files via a ..%2f (encoded dot dot slash) in a URI. | [email protected] | 7.5 | 6.92% | 2011-03-16 | 2026-04-29 |