CVE-2022-43286

CVE-2022-43286 affects the Nginx NJS component: version 0.7.2 . The root cause is a heap-use-after-free caused by an illegal memory copy in the function njs_json_parse_iterator_call located in njs_json.c . CVSS v3.1 scores reported as 9.8 (CRITICAL) with network attack vector, no user interaction...

CVE-2022-43285

CVE-2022-43285 affects Nginx NJS 0.7.4. The issue is a segmentation violation in the function njs_promise_reaction_job. The vendor disputes the significance, stating NJS does not operate on untrusted input. Practical impact is a potential crash/DoS as described by the PT-2022-5323 entry, which al...

NGINX JavaScript 缓冲区错误漏洞

NGINX JavaScript is an extension to the NGINX open source. A buffer error vulnerability exists in NGINX JavaScript versions 0.7.2 through 0.7.4, which stems from a segmentation violation in the njsscopevalidvalue function in njsscope.h. The vulnerability is caused by the use of the...

Mageia: Security Advisory (MGASA-2022-0398)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

How to Manually Configure Nginx For Use by Veeam Backup for Salesforce

Purpose This article documents how to manually configure Nginx for use with Veeam Backup for Salesforce 3.1 and higher . Solution 1. Before making configuration changes, stop the Veeam Backup for Salesforce backend service: systemctl stop vbsf-backend.service Copy 2. Use Nginx template...

nginx 1.1.x < 1.23.2 / 1.0.x < 1.22.1 Memory Disclosure

According to its Server response header, the installed version of nginx is 1.0.x prior to 1.22.1 or 1.1.x prior to 1.23.2. It is, therefore, affected by a memory disclosure in the ngxhttpmp4module that allows an attacker to cause a worker process crash or worker process memory disclosure. The...

NGINX ngx_http_mp4_module vulnerability CVE-2022-41741

...

Nginx Multiple Vulnerabilities (Oct 2022)

Nginx is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

The vulnerability of the ngx_http_mp4_module in the NGINX open-source server allows a attacker to cause a service failure or possibly exert other effects.

The vulnerability of the ngxhttpmp4module in the NGINX open-source HTTP server is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow an attacker to cause service failures or potentially have other adverse effects...

The vulnerability of the ngx_http_hls_module module in the NGINX Application Monitoring and Management Platform Ingress Controller allows a attacker to cause service interruptions or potentially exert other effects.

The vulnerability of the ngxhttphlsmodule module in the NGINX Application Monitoring and Management Controller platform relates to operations that occur outside of the buffer in memory. Exploiting this vulnerability could allow an attacker to cause service failures or potentially have other adver...

The vulnerability of the ngx_http_mp4_module in NGINX Open Source HTTP servers allows attackers to expose sensitive information or cause service failures. NGINX Open Source Subscription, NGINX Plus, and NGINX Ingress Controller platforms for application monitoring and management provide solutions to address this issue.

The vulnerability of the ngxhttpmp4module in NGINX Open Source HTTP servers, NGINX Open Source Subscription, NGINX Plus, and NGINX Ingress Controller platforms is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability can allow attackers to disclose...

CVE-2022-3638

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

Denial Of Service (DoS)

nginx is vulnerable to denial of service. The module ngxhttpmp4module allows a local attacker to cause a worker process to crash, trigger a memory disclosure by using a specially crafted audio or video file...

Nginx < 1.22.1 Multiple Vulnerabilities

According to its Server response header, the installed version of nginx is prior to 1.22.1 or 1.23.x prior to 1.23.2. It is, therefore, affected by two security issues which might allow an attacker to cause a worker process crash or worker process memory disclosure by using a specially crafted mp...

FreeBSD : nginx -- Two vulnerabilities (676d4f16-4fb3-11ed-a374-8c164567ca3c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 676d4f16-4fb3-11ed-a374-8c164567ca3c advisory. - NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before...

Vulnerabilities fixed in several F5 products

F5 has fixed several vulnerabilities in BIG-IP and NGINX. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution...

Nginx 1.23.x < 1.23.2 Multiple Vulnerabilities

According to its Server response header, the installed version of nginx is prior to 1.22.1 or 1.23.x prior to 1.23.2. It is, therefore, affected by two security issues which might allow an attacker to cause a worker process crash or worker process memory disclosure by using a specially crafted mp...

CVE-2022-41742

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to cause a worker process crash, or might...

CVE-2022-41741

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to corrupt NGINX worker memory, resulting in...

CVE-2022-41743

NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttphlsmodule that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. The issue affects only NGINX Plus when...