VYPR

Vendor CVEs

Nginx

All CVEs

103 total · sorted by risk
  • CVE-2023-27727Apr 9, 2023
    risk 0.00cvss epss 0.01

    Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_function_frame at src/njs_function.h.

  • CVE-2023-27729Apr 9, 2023
    risk 0.00cvss epss 0.01

    Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the function njs_vmcode_return at src/njs_vmcode.c.

  • CVE-2023-27730Apr 9, 2023
    risk 0.00cvss epss 0.01

    Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_lvlhsh_find at src/njs_lvlhsh.c.

  • CVE-2023-27728Apr 9, 2023
    risk 0.00cvss epss 0.01

    Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_dump_is_recursive at src/njs_vmcode.c.

  • CVE-2020-19695Apr 4, 2023
    risk 0.00cvss epss 0.01

    Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c function.

  • CVE-2020-19692Apr 4, 2023
    risk 0.00cvss epss 0.01

    Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njs_module_read in the njs_module.c file.

  • CVE-2022-43284Oct 28, 2022
    risk 0.00cvss epss 0.01

    Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_value at njs_scope.h. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input.

  • CVE-2022-43286Oct 28, 2022
    risk 0.00cvss epss 0.01

    Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c.

  • CVE-2022-43285Oct 28, 2022
    risk 0.00cvss epss 0.01

    Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input.

  • CVE-2022-41742Oct 19, 2022
    risk 0.00cvss epss 0.01

    NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker…

  • CVE-2022-38890Sep 15, 2022
    risk 0.00cvss epss 0.00

    Nginx NJS v0.7.7 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h

  • CVE-2022-35173Aug 18, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation.

  • CVE-2022-34032Jul 18, 2022
    risk 0.00cvss epss 0.01

    Nginx NJS v0.7.5 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c.

  • CVE-2022-34031Jul 18, 2022
    risk 0.00cvss epss 0.01

    Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_value_to_number at src/njs_value_conversion.h.

  • CVE-2022-34030Jul 18, 2022
    risk 0.00cvss epss 0.01

    Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_djb_hash at src/njs_djb_hash.c.

  • CVE-2022-34029Jul 18, 2022
    risk 0.00cvss epss 0.01

    Nginx NJS v0.7.4 was discovered to contain an out-of-bounds read via njs_scope_value at njs_scope.h.

  • CVE-2022-34028Jul 18, 2022
    risk 0.00cvss epss 0.01

    Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h.

  • CVE-2022-34027Jul 18, 2022
    risk 0.00cvss epss 0.01

    Nginx NJS v0.7.4 was discovered to contain a segmentation violation via njs_value_property at njs_value.c.

  • CVE-2022-32414Jun 21, 2022
    risk 0.00cvss epss 0.01

    Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_vmcode_interpreter at src/njs_vmcode.c.

  • CVE-2022-31307Jun 21, 2022
    risk 0.00cvss epss 0.01

    Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_string_offset at src/njs_string.c.

  • CVE-2022-31306Jun 21, 2022
    risk 0.00cvss epss 0.01

    Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_convert_to_slow_array at src/njs_array.c.

  • CVE-2022-30503May 27, 2022
    risk 0.00cvss epss 0.00

    Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h.

  • CVE-2022-29780May 27, 2022
    risk 0.00cvss epss 0.00

    Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c.

  • CVE-2022-29779May 27, 2022
    risk 0.00cvss epss 0.00

    Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c.

  • CVE-2022-29379May 25, 2022
    risk 0.00cvss epss 0.02

    Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. NOTE: multiple third parties dispute this report, e.g., the behavior is only found in unreleased development code that was not part of the 0.7.2,…

  • CVE-2022-29369May 12, 2022
    risk 0.00cvss epss 0.01

    Nginx NJS v0.7.2 was discovered to contain a segmentation violation via njs_lvlhsh_bucket_find at njs_lvlhsh.c.

  • CVE-2022-28049Apr 15, 2022
    risk 0.00cvss epss 0.01

    NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c.

  • CVE-2022-27007Apr 14, 2022
    risk 0.00cvss epss 0.02

    nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save().

  • CVE-2022-27008Apr 14, 2022
    risk 0.00cvss epss 0.02

    nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat() when a slow array appended element is fast array.

  • CVE-2021-46463Feb 14, 2022
    risk 0.00cvss epss 0.02

    njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then().

  • CVE-2022-25139Feb 14, 2022
    risk 0.00cvss epss 0.02

    njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled.

  • CVE-2021-46462Feb 14, 2022
    risk 0.00cvss epss 0.02

    njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njs_object_set_prototype in /src/njs_object.c.

  • CVE-2021-46461Feb 14, 2022
    risk 0.00cvss epss 0.03

    njs through 0.7.0, used in NGINX, was discovered to contain an out-of-bounds array access via njs_vmcode_typeof in /src/njs_vmcode.c.

  • CVE-2017-20005Jun 6, 2021
    risk 0.00cvss epss 0.03

    NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module.

  • CVE-2020-24346Aug 13, 2020
    risk 0.00cvss epss 0.01

    njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c.

  • CVE-2020-24347Aug 13, 2020
    risk 0.00cvss epss 0.00

    njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c.

  • CVE-2020-24348Aug 13, 2020
    risk 0.00cvss epss 0.00

    njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c.

  • CVE-2020-24349Aug 13, 2020
    risk 0.00cvss epss 0.01

    njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface.

  • CVE-2019-20372Jan 9, 2020
    risk 0.00cvss epss 0.15

    NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.

  • CVE-2011-4968Nov 19, 2019
    risk 0.00cvss epss 0.04

    nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)

  • CVE-2019-13617Jul 16, 2019
    risk 0.00cvss epss 0.01

    njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an njs_parser_lexer_error call and then an njs_parser_scope_error call.

  • CVE-2019-13067Jun 29, 2019
    risk 0.00cvss epss 0.02

    njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for CVE-2019-12207 is in place.

  • CVE-2019-12207May 20, 2019
    risk 0.00cvss epss 0.02

    njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c.

  • CVE-2019-12206May 20, 2019
    risk 0.00cvss epss 0.02

    njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c.

  • CVE-2019-11839May 9, 2019
    risk 0.00cvss epss 0.02

    njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njs_array_prototype_push in njs/njs_array.c, because of njs_array_expand size mishandling.

  • CVE-2019-11838May 9, 2019
    risk 0.00cvss epss 0.02

    njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_prototype_splice in njs/njs_array.c, because of njs_array_expand size mishandling.

  • CVE-2019-11837May 9, 2019
    risk 0.00cvss epss 0.01

    njs through 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative arguments, related to nxt_utf8_next in nxt/nxt_utf8.h and njs_string_offset in njs/njs_string.c.

  • CVE-2019-7401Feb 8, 2019
    risk 0.00cvss epss 0.03

    NGINX Unit before 1.7.1 might allow an attacker to cause a heap-based buffer overflow in the router process with a specially crafted request. This may result in a denial of service (router process crash) or possibly have unspecified other impact.

  • CVE-2018-16845Nov 7, 2018
    risk 0.00cvss epss 0.10

    nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file.…

  • CVE-2014-3616Dec 8, 2014
    risk 0.00cvss epss 0.06

    nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks.