Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nginx vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-23596
jc21 NGINX Proxy Manager up to and including 2.9.19 allows OS command injection. When creating an access list, the backend builds an htpasswd file with crafted username and/or password input that is concatenated without any validation, and is directly passed to the exec command, ...
Jc21 Nginx Proxy Manager
NA
CVE-2022-3113
An issue exists in the Linux kernel up to and including 5.16-rc6. mtk_vcodec_fw_vpu_init in drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_vpu.c lacks check of the return value of devm_kzalloc() and will cause the null pointer dereference.
Linux Linux Kernel 5.16.0
Linux Linux Kernel
NA
CVE-2022-23470
Galaxy is an open-source platform for data analysis. An arbitrary file read exists in Galaxy 22.01 and Galaxy 22.05 due to the switch to Gunicorn, which can be used to read any file accessible to the operating system user under which Galaxy is running. This vulnerability affects ...
Galaxyproject Galaxy
NA
CVE-2022-43284
Nginx NJS v0.7.2 to v0.7.4 exists to contain a segmentation violation via njs_scope_valid_value at njs_scope.h. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input.
F5 Njs
NA
CVE-2022-43285
Nginx NJS v0.7.4 exists to contain a segmentation violation in njs_promise_reaction_job. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input.
F5 Njs 0.7.4
NA
CVE-2022-43286
Nginx NJS v0.7.2 exists to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c.
F5 Njs 0.7.2
NA
CVE-2022-3638
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
NA
CVE-2022-41741
NGINX Open Source prior to 1.23.2 and 1.22.1, NGINX Open Source Subscription prior to R2 P1 and R1 P1, and NGINX Plus prior to R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local malicious user to corrupt NGINX worker memory, resultin...
F5 Nginx Ingress Controller
F5 Nginx
F5 Nginx 1.23.1
F5 Nginx 1.23.0
F5 Nginx R2
F5 Nginx R1
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Debian Debian Linux 10.0
Debian Debian Linux 11.0
1 Github repository
NA
CVE-2022-41742
NGINX Open Source prior to 1.23.2 and 1.22.1, NGINX Open Source Subscription prior to R2 P1 and R1 P1, and NGINX Plus prior to R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local malicious user to cause a worker process crash, or migh...
F5 Nginx Ingress Controller
F5 Nginx
F5 Nginx 1.23.1
F5 Nginx 1.23.0
F5 Nginx R2
F5 Nginx R1
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Debian Debian Linux 10.0
Debian Debian Linux 11.0
NA
CVE-2022-41743
NGINX Plus prior to R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module that might allow a local malicious user to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. The issue affects o...
F5 Nginx Plus
F5 Nginx Ingress Controller
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »