Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nginx vulnerabilities and exploits
(subscribe to this query)
3.3
CVSSv2
CVE-2022-27495
On all versions 1.3.x (fixed in 1.4.0) NGINX Service Mesh control plane endpoints are exposed to the cluster overlay network. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
F5 Nginx Service Mesh 1.3.1
F5 Nginx Service Mesh 1.3.0
4
CVSSv2
CVE-2021-23055
On version 2.x prior to 2.0.3 and 1.x prior to 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Nginx Ingress Controller
4.3
CVSSv2
CVE-2022-28049
NGINX NJS 0.7.2 exists to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c.
F5 Njs 0.7.2
7.5
CVSSv2
CVE-2022-27007
nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save().
F5 Njs 0.7.2
5
CVSSv2
CVE-2022-27008
nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat() when a slow array appended element is fast array.
F5 Njs 0.7.2
3.5
CVSSv2
CVE-2022-28379
jc21.com Nginx Proxy Manager prior to 2.9.17 allows XSS during item deletion.
Nginxproxymanager Nginx Proxy Manager
5.8
CVSSv2
CVE-2021-3618
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer c...
F5 Nginx
Sendmail Sendmail
Vsftpd Project Vsftpd
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 10.0
1 Github repository
7.5
CVSSv2
CVE-2021-45967
An issue exists in Pascom Cloud Phone System prior to 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.
Pascom Cloud Phone System
Igniterealtime Openfire
Igniterealtime Openfire 4.5.0
7.5
CVSSv2
CVE-2022-25139
njs up to and including 0.7.0, used in NGINX, exists to contain a heap use-after-free in njs_await_fulfilled.
F5 Njs
7.5
CVSSv2
CVE-2021-46461
njs up to and including 0.7.0, used in NGINX, exists to contain an out-of-bounds array access via njs_vmcode_typeof in /src/njs_vmcode.c.
Nginx Njs
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »