Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
f5 nginx vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2021-23055
On version 2.x prior to 2.0.3 and 1.x prior to 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Nginx Ingress Controller
383
VMScore
CVE-2022-28049
NGINX NJS 0.7.2 exists to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c.
F5 Njs 0.7.2
668
VMScore
CVE-2022-27007
nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save().
F5 Njs 0.7.2
445
VMScore
CVE-2022-27008
nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat() when a slow array appended element is fast array.
F5 Njs 0.7.2
516
VMScore
CVE-2021-3618
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer c...
F5 Nginx
Sendmail Sendmail
Vsftpd Project Vsftpd
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 10.0
1 Github repository
445
VMScore
CVE-2021-46462
njs up to and including 0.7.1, used in NGINX, exists to contain a segmentation violation via njs_object_set_prototype in /src/njs_object.c.
F5 Njs
668
VMScore
CVE-2021-46463
njs up to and including 0.7.1, used in NGINX, exists to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then().
F5 Njs
668
VMScore
CVE-2022-25139
njs up to and including 0.7.0, used in NGINX, exists to contain a heap use-after-free in njs_await_fulfilled.
F5 Njs
490
VMScore
CVE-2022-23008
On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data...
F5 Nginx Controller Api Management
445
VMScore
CVE-2021-42717
ModSecurity 3.x up to and including 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy...
Trustwave Modsecurity
F5 Nginx Modsecurity Waf R25
F5 Nginx Modsecurity Waf R24
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Oracle Http Server 12.2.1.3.0
Oracle Http Server 12.2.1.4.0
Oracle Zfs Storage Appliance Kit 8.8
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »