SUSE SLED15 / SLES15 Security Update : perl-HTTP-Daemon (SUSE-SU-2022:2874-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:2874-1 advisory. - HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability whi...

Security Bulletin: IBM Spectrum Discover is vulnerable to multiple vulnerabilities

Summary RamdaCVE-2021-42581 is vulnerable to remote attackers to execute arbitrary code on the system, caused by a prototype pollution in functions. An attacker could exploit this vulnerability to execute arbitrary code on the system. Node-forgeCVE-2022-24773, 217313, CVE-2022-24771, CVE-2020-772...

The vulnerability of the njs_array_convert_to_slow_array function (src/njs_array.c) in the NJS interpreter of the nginx server allows a attacker to increase their privileges.

The vulnerability of the njsarrayconverttoslowarray function src/njsarray.c in the njs interpreter of the nginx server involves an uncontrolled resource consumption. Exploiting this vulnerability can allow a remote attacker to increase their privileges...

The vulnerability of the njs_string_offset function (src/njs_string.c) in the njs interpreter of the nginx server allows a hacker to increase their privileges.

The vulnerability of the njsstringoffset function in the njsstring.c file of the nginx njs interpreter involves an uncontrolled resource consumption. Exploiting this vulnerability could allow a remote attacker to increase their privileges...

CVE-2022-35173

An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation...

CVE-2022-35173

An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation...

CVE-2022-35173

An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation...

CVE-2022-35173

An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation...

Code injection

An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation...

CVE-2022-35173

An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation...

CVE-2022-35173

Affected software: Nginx NJS v0.7.5. Issue: the JUMP offset for a break instruction was not set to the correct offset during code generation, leading to a segmentation fault. Impact: described as a segmentation violation with CVSS v3.1 base score 7.5 ( HIGH ). Exploit details are not provided in ...

Nginx 代码问题漏洞

Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from the US-based Nginx Corporation. A security vulnerability exists in Nginx NJS version v0.7.5 that stems from a segmentation violation where the JUMP offset of the interrupt directive is not set to the...

PT-2022-22617 · Nginx · Nginx Njs

Name of the Vulnerable Software and Affected Versions: Nginx NJS version 0.7.5 Description: An issue was discovered in Nginx NJS where the JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation. Recommendations: For Nginx NJ...

The vulnerability of the NGINX Instance Manager automation platform, related to uncontrolled resource consumption, allows a hacker to trigger a service failure.

The vulnerability of the NGINX Instance Manager automation platform is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

The vulnerability of the NGINX Ingress Controller’s monitoring and application management platform lies in insufficient validation of input data, allowing attackers to disclose sensitive information.

The vulnerability of the NGINX Ingress Controller monitoring and management platform is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...

CVE-2022-35241

In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2022-35241

In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2022-30535

In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2022-30535

In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

Design/Logic Flaw

In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...