Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
f5 nginx vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2020-24347
njs up to and including 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c.
F5 Njs
2.1
CVSSv2
CVE-2020-24348
njs up to and including 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c.
F5 Njs
2.1
CVSSv2
CVE-2020-24349
njs up to and including 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface.
F5 Njs
2.1
CVSSv2
CVE-2020-5866
In versions of NGINX Controller before 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments.
F5 Nginx Controller 1.0.1
F5 Nginx Controller
NA
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Ietf Http 2.0
Nghttp2 Nghttp2
Netty Netty
Envoyproxy Envoy 1.27.0
Envoyproxy Envoy 1.26.4
Envoyproxy Envoy 1.25.9
Envoyproxy Envoy 1.24.10
Eclipse Jetty
Caddyserver Caddy
Golang Http2
Golang Go
Golang Networking
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Global Traffic Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
35 Github repositories
2 Articles
NA
CVE-2023-28656
NGINX Management Suite may allow an authenticated malicious user to gain access to configuration objects outside of their assigned environment. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Nginx Instance Manager
F5 Nginx Security Monitoring
F5 Nginx Api Connectivity Manager
NA
CVE-2023-28724
NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager. Note: Software versions which have reached End of Technical Support (EoTS) are not eval...
F5 Nginx Instance Manager
F5 Nginx Security Monitoring
F5 Nginx Api Connectivity Manager
NA
CVE-2023-27727
Nginx NJS v0.7.10 exists to contain a segmentation violation via the function njs_function_frame at src/njs_function.h.
F5 Njs 0.7.10
NA
CVE-2023-27728
Nginx NJS v0.7.10 exists to contain a segmentation violation via the function njs_dump_is_recursive at src/njs_vmcode.c.
F5 Njs 0.7.10
NA
CVE-2023-27729
Nginx NJS v0.7.10 exists to contain an illegal memcpy via the function njs_vmcode_return at src/njs_vmcode.c.
F5 Njs 0.7.10
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »