Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
f5 nginx vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-5863
In NGINX Controller versions before 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of t...
F5 Nginx Controller 1.0.1
F5 Nginx Controller
Netapp Cloud Backup -
7.5
CVSSv2
CVE-2019-13067
njs up to and including 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for CVE-2019-12207 is in place.
F5 Njs
7.5
CVSSv2
CVE-2019-12206
njs up to and including 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c.
F5 Njs
7.5
CVSSv2
CVE-2019-12208
njs up to and including 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c.
F5 Njs
7.5
CVSSv2
CVE-2019-12207
njs up to and including 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c.
F5 Njs
7.5
CVSSv2
CVE-2019-11838
njs up to and including 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_prototype_splice in njs/njs_array.c, because of njs_array_expand size mishandling.
F5 Njs
7.5
CVSSv2
CVE-2019-11839
njs up to and including 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njs_array_prototype_push in njs/njs_array.c, because of njs_array_expand size mishandling.
F5 Njs
7.5
CVSSv2
CVE-2014-0088
The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 prior to 1.5.11, when running on a 32-bit platform, allows remote malicious users to execute arbitrary code via a crafted request.
F5 Nginx 1.5.10
7.5
CVSSv2
CVE-2014-0133
Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 prior to 1.4.7 and 1.5.x prior to 1.5.12 allows remote malicious users to execute arbitrary code via a crafted request.
F5 Nginx
Opensuse Opensuse 13.1
7.5
CVSSv2
CVE-2013-4547
nginx 0.8.41 up to and including 1.4.3 and 1.5.x prior to 1.5.7 allows remote malicious users to bypass intended restrictions via an unescaped space character in a URI.
F5 Nginx
Suse Lifecycle Management Server 1.3
Suse Studio Onsite 1.3
Suse Webyast 1.3
Opensuse Opensuse 11.4
Opensuse Opensuse 12.2
Opensuse Opensuse 12.3
Opensuse Opensuse 13.1
1 EDB exploit
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »