Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nginx vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2022-29379
Nginx NJS v0.7.3 exists to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. NOTE: multiple third parties dispute this report, e.g., the behavior is only found in unreleased development code that was not part of the 0.7.2, 0.7.3, or ...
F5 Njs 0.7.3
445
VMScore
CVE-2022-29588
Konica Minolta bizhub MFP devices prior to 2022-04-14 use cleartext password storage for the /var/log/nginx/html/ADMINPASS and /etc/shadow files.
Konicaminolta Bizhub 226i Firmware
Konicaminolta Bizhub 227 Firmware
Konicaminolta Bizhub 246i Firmware
Konicaminolta Bizhub 287 Firmware
Konicaminolta Bizhub 306i Firmware
Konicaminolta Bizhub 308 Firmware
Konicaminolta Bizhub 308e Firmware
Konicaminolta Bizhub 367 Firmware
Konicaminolta Bizhub 368 Firmware
Konicaminolta Bizhub 368e Firmware
Konicaminolta Bizhub 4052 Firmware
Konicaminolta Bizhub 458 Firmware
Konicaminolta Bizhub 458e Firmware
Konicaminolta Bizhub 4752 Firmware
Konicaminolta Bizhub 558 Firmware
Konicaminolta Bizhub 558e Firmware
Konicaminolta Bizhub 658e Firmware
Konicaminolta Bizhub 758 Firmware
Konicaminolta Bizhub 808 Firmware
Konicaminolta Bizhub 958 Firmware
Konicaminolta Bizhub C227 Firmware
Konicaminolta Bizhub C250i Firmware
445
VMScore
CVE-2022-29369
Nginx NJS v0.7.2 exists to contain a segmentation violation via njs_lvlhsh_bucket_find at njs_lvlhsh.c.
F5 Njs 0.7.2
490
VMScore
CVE-2021-25745
A security issue exists in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In t...
Kubernetes Ingress-nginx
490
VMScore
CVE-2021-25746
A security issue exists in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configur...
Kubernetes Ingress-nginx
294
VMScore
CVE-2022-27495
On all versions 1.3.x (fixed in 1.4.0) NGINX Service Mesh control plane endpoints are exposed to the cluster overlay network. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
F5 Nginx Service Mesh 1.3.1
F5 Nginx Service Mesh 1.3.0
356
VMScore
CVE-2021-23055
On version 2.x prior to 2.0.3 and 1.x prior to 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Nginx Ingress Controller
383
VMScore
CVE-2022-28049
NGINX NJS 0.7.2 exists to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c.
F5 Njs 0.7.2
668
VMScore
CVE-2022-27007
nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save().
F5 Njs 0.7.2
445
VMScore
CVE-2022-27008
nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat() when a slow array appended element is fast array.
F5 Njs 0.7.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »