Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nginx vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-7401
NGINX Unit prior to 1.7.1 might allow an malicious user to cause a heap-based buffer overflow in the router process with a specially crafted request. This may result in a denial of service (router process crash) or possibly have unspecified other impact.
Nginx Unit
9.8
CVSSv3
CVE-2021-46461
njs up to and including 0.7.0, used in NGINX, exists to contain an out-of-bounds array access via njs_vmcode_typeof in /src/njs_vmcode.c.
Nginx Njs
NA
CVE-2010-2263
nginx 0.8 prior to 0.8.40 and 0.7 prior to 0.7.66, when running on Windows, allows remote malicious users to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
F5 Nginx
2 EDB exploits
NA
CVE-2010-2266
nginx 0.8.36 allows remote malicious users to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
F5 Nginx
1 EDB exploit
7.5
CVSSv3
CVE-2022-35173
An issue exists in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation.
Nginx Njs 0.7.5
6.5
CVSSv3
CVE-2022-4886
Ingress-nginx `path` sanitization can be bypassed with `log_format` directive.
Kubernetes Ingress-nginx
1 Article
5.5
CVSSv3
CVE-2022-30503
Nginx NJS v0.7.2 exists to contain a segmentation violation in the function njs_set_number at src/njs_value.h.
Nginx Njs 0.7.2
NA
CVE-2014-0088
The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 prior to 1.5.11, when running on a 32-bit platform, allows remote malicious users to execute arbitrary code via a crafted request.
F5 Nginx 1.5.10
7.8
CVSSv3
CVE-2020-5895
On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault (SIGSEGV) by writ...
F5 Nginx Controller
7.8
CVSSv3
CVE-2020-5899
In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset us...
F5 Nginx Controller
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »