Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
f5 nginx vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2022-31307
Nginx NJS v0.7.2 exists to contain a segmentation violation in the function njs_string_offset at src/njs_string.c.
F5 Njs 0.7.2
7.5
CVSSv3
CVE-2023-27728
Nginx NJS v0.7.10 exists to contain a segmentation violation via the function njs_dump_is_recursive at src/njs_vmcode.c.
F5 Njs 0.7.10
7.5
CVSSv3
CVE-2023-27729
Nginx NJS v0.7.10 exists to contain an illegal memcpy via the function njs_vmcode_return at src/njs_vmcode.c.
F5 Njs 0.7.10
5.5
CVSSv3
CVE-2022-28049
NGINX NJS 0.7.2 exists to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c.
F5 Njs 0.7.2
7.5
CVSSv3
CVE-2022-43284
Nginx NJS v0.7.2 to v0.7.4 exists to contain a segmentation violation via njs_scope_valid_value at njs_scope.h. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input.
F5 Njs
7.5
CVSSv3
CVE-2022-27008
nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat() when a slow array appended element is fast array.
F5 Njs 0.7.2
6.5
CVSSv3
CVE-2019-13617
njs up to and including 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an njs_parser_lexer_error call and then an njs_parser_scope_error call.
F5 Njs
9.8
CVSSv3
CVE-2022-27007
nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save().
F5 Njs 0.7.2
9.8
CVSSv3
CVE-2022-43286
Nginx NJS v0.7.2 exists to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c.
F5 Njs 0.7.2
7.5
CVSSv3
CVE-2022-43285
Nginx NJS v0.7.4 exists to contain a segmentation violation in njs_promise_reaction_job. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input.
F5 Njs 0.7.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »