CVE-2023-27728

Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njsdumpisrecursive at src/njsvmcode.c...

CVE-2023-27730

Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njslvlhshfind at src/njslvlhsh.c...

CVE-2023-27727

Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njsfunctionframe at src/njsfunction.h...

CVE-2023-27729

Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the function njsvmcodereturn at src/njsvmcode.c...

CVE-2023-23596

jc21 NGINX Proxy Manager through 2.9.19 allows OS command injection. When creating an access list, the backend builds an htpasswd file with crafted username and/or password input that is concatenated without any validation, and is directly passed to the exec command, potentially allowing an...

CVE-2023-27224

An issue found in NginxProxyManager v.2.9.19 allows an attacker to execute arbitrary code via a lua script to the configuration file...

CVE-2022-30503

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njssetnumber at src/njsvalue.h...

CVE-2022-29779

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njsvalueownenumerate at src/njsvalue.c...

CVE-2022-29780

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njsarrayprototypesort at src/njsarray.c...

CVE-2022-43284

Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njsscopevalidvalue at njsscope.h. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input...

CVE-2022-43285

Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njspromisereactionjob. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input...

CVE-2022-43286

Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njsjsonparseiteratorcall at njsjson.c...

Oracle Linux 9 : nginx (ELSA-2025-7402)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-7402 advisory. - Resolves: RHEL-85556 - nginx: Memory disclosure in the ngxhttpmp4module CVE-2022-41742 - Resolves: RHEL-91446 - nginx: Memory corruption in the...

CVE-2022-41347

An issue was discovered in Zimbra Collaboration ZCS 8.8.x and 9.x e.g., 8.8.15. The Sudo configuration permits the zimbra user to execute the NGINX binary as root with arbitrary parameters. As part of its intended functionality, NGINX can load a user-defined configuration file, which includes...

CVE-2022-34030

Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njsdjbhash at src/njsdjbhash.c...

CVE-2022-34031

Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njsvaluetonumber at src/njsvalueconversion.h...

CVE-2022-34028

Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njsutf8next at src/njsutf8.h...

CVE-2022-34027

Nginx NJS v0.7.4 was discovered to contain a segmentation violation via njsvalueproperty at njsvalue.c...

CVE-2022-32414

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njsvmcodeinterpreter at src/njsvmcode.c...

CVE-2022-29369

Nginx NJS v0.7.2 was discovered to contain a segmentation violation via njslvlhshbucketfind at njslvlhsh.c...