Lucene search
K

105 matches found

NVD
NVD
added 2023/04/04 3:15 p.m.26 views

CVE-2020-19695

Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njsobjectproperty parameter of the njs/njsvm.c function...

9.8CVSS9.8AI score0.01333EPSS
Exploits1References1
Prion
Prion
added 2023/04/04 3:15 p.m.20 views

Buffer overflow

Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njsmoduleread in the njsmodule.c file...

7.5CVSS9.6AI score0.01318EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/04 12:0 a.m.7 views

PT-2023-11527 · Nginx · Nginx Njs

Name of the Vulnerable Software and Affected Versions: Nginx NJS version 0feca92 Description: A Buffer Overflow issue allows a remote attacker to execute arbitrary code via the njs module read function in the njs module.c file. This enables the attacker to potentially gain control over the system...

9.8CVSS8.3AI score0.01318EPSS
Exploits1References5
CVE
CVE
added 2023/04/04 12:0 a.m.196 views

CVE-2020-19695

CVE-2020-19695 affects Nginx NJS (njs/njs_vm.c) with a buffer overflow in the njs_object_property handling, enabling a remote attacker to execute arbitrary code. Impact is high (network vector, no user interaction), with affected Nginx NJS builds prior to a patched release. Red Hat/Mariner notes ...

9.8CVSS9.7AI score0.01333EPSS
Exploits1References1Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:52 p.m.81 views

K80055530: NGINX NJS vulnerability CVE-2022-43286

Security Advisory Description Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njsjsonparseiteratorcall at njsjson.c. CVE-2022-43286 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...

9.8CVSS9.1AI score0.00898EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2022/11/03 12:0 a.m.7 views

The vulnerability of the njs_json_parse_iterator_call function (njs_json.c) in the njs interpreter of the nginx server allows a hacker to execute arbitrary code.

The vulnerability of the njsjsonparseiteratorcall function njsjson.c in the njs interpreter of the nginx server is related to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

10CVSS8.1AI score0.00898EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2022/10/28 9:15 p.m.28 views

CVE-2022-43284

Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njsscopevalidvalue at njsscope.h. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input...

7.5CVSS0.00797EPSS
Exploits1References2
OSV
OSV
added 2022/10/28 9:15 p.m.10 views

CVE-2022-43284

Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njsscopevalidvalue at njsscope.h. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input...

7.5CVSS7.3AI score
Exploits0References2
OSV
OSV
added 2022/10/28 9:15 p.m.6 views

CVE-2022-43285

Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njspromisereactionjob. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input...

7.5CVSS7.2AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/10/28 12:0 a.m.7 views

CVE-2022-43285

Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njspromisereactionjob. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input...

7.6AI score0.0074EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/10/28 12:0 a.m.7 views

CVE-2022-43286

Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njsjsonparseiteratorcall at njsjson.c...

9.5AI score0.00898EPSS
Exploits1References2
CVE
CVE
added 2022/10/28 12:0 a.m.91 views

CVE-2022-43285

CVE-2022-43285 affects Nginx NJS 0.7.4. The issue is a segmentation violation in the function njs_promise_reaction_job. The vendor disputes the significance, stating NJS does not operate on untrusted input. Practical impact is a potential crash/DoS as described by the PT-2022-5323 entry, which al...

7.5CVSS7.5AI score0.0074EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/10/28 12:0 a.m.6 views

PT-2022-5322 · Nginx · Nginx Njs

Name of the Vulnerable Software and Affected Versions: Nginx NJS version 0.7.2 Description: The issue is related to a heap-use-after-free bug caused by an illegal memory copy in the njs json parse iterator call function at njs json.c. This bug can be exploited by a remote attacker to execute...

10CVSS9.4AI score0.00898EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2022/10/28 12:0 a.m.5 views

PT-2022-5321 · Nginx · Nginx Njs

Name of the Vulnerable Software and Affected Versions: Nginx NJS versions 0.7.2 through 0.7.4 Description: The issue is related to a segmentation violation via the njs scope valid value function at njs scope.h. This could potentially allow a remote attacker to cause a denial of service. The vendo...

7.8CVSS7.2AI score0.00797EPSS
Exploits1References8
NVD
NVD
added 2022/09/15 4:15 p.m.15 views

CVE-2022-38890

Nginx NJS v0.7.7 was discovered to contain a segmentation violation via njsutf8next at src/njsutf8.h...

5.5CVSS0.00287EPSS
Exploits1References1
Prion
Prion
added 2022/09/15 4:15 p.m.18 views

Code injection

Nginx NJS v0.7.7 was discovered to contain a segmentation violation via njsutf8next at src/njsutf8.h...

1.9CVSS5.6AI score0.00287EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/15 12:0 a.m.4 views

PT-2022-24613 · Nginx · Nginx Njs

Name of the Vulnerable Software and Affected Versions: Nginx NJS version 0.7.7 Description: A segmentation violation was discovered in Nginx NJS via the njs utf8 next function at src/njs utf8.h. Recommendations: For Nginx NJS version 0.7.7, at the moment, there is no information about a newer...

5.5CVSS5.3AI score0.00287EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2022/08/18 6:15 a.m.2 views

CVE-2022-35173

An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation...

7.5CVSS5.8AI score0.0108EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/08/18 12:0 a.m.7 views

PT-2022-22617 · Nginx · Nginx Njs

Name of the Vulnerable Software and Affected Versions: Nginx NJS version 0.7.5 Description: An issue was discovered in Nginx NJS where the JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation. Recommendations: For Nginx NJ...

7.5CVSS7.4AI score0.0108EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2022/07/18 9:15 p.m.2 views

CVE-2022-34031

Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njsvaluetonumber at src/njsvalueconversion.h...

7.5CVSS5.9AI score0.00783EPSS
Exploits1References2
Rows per page
Query Builder