Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
f5 njs vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-43284
Nginx NJS v0.7.2 to v0.7.4 exists to contain a segmentation violation via njs_scope_valid_value at njs_scope.h. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input.
F5 Njs
7.5
CVSSv3
CVE-2019-11837
njs up to and including 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative arguments, related to nxt_utf8_next in nxt/nxt_utf8.h and njs_string_offset in njs/njs_string.c.
F5 Njs
7.5
CVSSv3
CVE-2021-46462
njs up to and including 0.7.1, used in NGINX, exists to contain a segmentation violation via njs_object_set_prototype in /src/njs_object.c.
F5 Njs
9.8
CVSSv3
CVE-2021-46463
njs up to and including 0.7.1, used in NGINX, exists to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then().
F5 Njs
9.8
CVSSv3
CVE-2019-12206
njs up to and including 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c.
F5 Njs
9.8
CVSSv3
CVE-2019-12208
njs up to and including 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c.
F5 Njs
5.5
CVSSv3
CVE-2020-24347
njs up to and including 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c.
F5 Njs
5.5
CVSSv3
CVE-2020-24349
njs up to and including 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface.
F5 Njs
9.8
CVSSv3
CVE-2019-12207
njs up to and including 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c.
F5 Njs
6.5
CVSSv3
CVE-2019-13617
njs up to and including 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an njs_parser_lexer_error call and then an njs_parser_scope_error call.
F5 Njs
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »