105 matches found
CVE-2020-19695
Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njsobjectproperty parameter of the njs/njsvm.c function...
Buffer overflow
Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njsmoduleread in the njsmodule.c file...
PT-2023-11527 · Nginx · Nginx Njs
Name of the Vulnerable Software and Affected Versions: Nginx NJS version 0feca92 Description: A Buffer Overflow issue allows a remote attacker to execute arbitrary code via the njs module read function in the njs module.c file. This enables the attacker to potentially gain control over the system...
CVE-2020-19695
CVE-2020-19695 affects Nginx NJS (njs/njs_vm.c) with a buffer overflow in the njs_object_property handling, enabling a remote attacker to execute arbitrary code. Impact is high (network vector, no user interaction), with affected Nginx NJS builds prior to a patched release. Red Hat/Mariner notes ...
K80055530: NGINX NJS vulnerability CVE-2022-43286
Security Advisory Description Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njsjsonparseiteratorcall at njsjson.c. CVE-2022-43286 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...
The vulnerability of the njs_json_parse_iterator_call function (njs_json.c) in the njs interpreter of the nginx server allows a hacker to execute arbitrary code.
The vulnerability of the njsjsonparseiteratorcall function njsjson.c in the njs interpreter of the nginx server is related to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
CVE-2022-43284
Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njsscopevalidvalue at njsscope.h. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input...
CVE-2022-43284
Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njsscopevalidvalue at njsscope.h. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input...
CVE-2022-43285
Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njspromisereactionjob. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input...
CVE-2022-43285
Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njspromisereactionjob. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input...
CVE-2022-43286
Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njsjsonparseiteratorcall at njsjson.c...
CVE-2022-43285
CVE-2022-43285 affects Nginx NJS 0.7.4. The issue is a segmentation violation in the function njs_promise_reaction_job. The vendor disputes the significance, stating NJS does not operate on untrusted input. Practical impact is a potential crash/DoS as described by the PT-2022-5323 entry, which al...
PT-2022-5322 · Nginx · Nginx Njs
Name of the Vulnerable Software and Affected Versions: Nginx NJS version 0.7.2 Description: The issue is related to a heap-use-after-free bug caused by an illegal memory copy in the njs json parse iterator call function at njs json.c. This bug can be exploited by a remote attacker to execute...
PT-2022-5321 · Nginx · Nginx Njs
Name of the Vulnerable Software and Affected Versions: Nginx NJS versions 0.7.2 through 0.7.4 Description: The issue is related to a segmentation violation via the njs scope valid value function at njs scope.h. This could potentially allow a remote attacker to cause a denial of service. The vendo...
CVE-2022-38890
Nginx NJS v0.7.7 was discovered to contain a segmentation violation via njsutf8next at src/njsutf8.h...
Code injection
Nginx NJS v0.7.7 was discovered to contain a segmentation violation via njsutf8next at src/njsutf8.h...
PT-2022-24613 · Nginx · Nginx Njs
Name of the Vulnerable Software and Affected Versions: Nginx NJS version 0.7.7 Description: A segmentation violation was discovered in Nginx NJS via the njs utf8 next function at src/njs utf8.h. Recommendations: For Nginx NJS version 0.7.7, at the moment, there is no information about a newer...
CVE-2022-35173
An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation...
PT-2022-22617 · Nginx · Nginx Njs
Name of the Vulnerable Software and Affected Versions: Nginx NJS version 0.7.5 Description: An issue was discovered in Nginx NJS where the JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation. Recommendations: For Nginx NJ...
CVE-2022-34031
Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njsvaluetonumber at src/njsvalueconversion.h...