CVE-2022-30503

CVE-2022-30503 concerns Nginx NJS v0.7.2, where a segmentation fault is reported in the function njs_set_number (src/njs_value.h). The issue is described across multiple connected sources as a denial-of-service-risk stemming from the segmentation error. Concrete technical details include the affe...

CVE-2022-29780

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njsarrayprototypesort at src/njsarray.c...

CVE-2022-29780

CVE-2022-29780 affects Nginx NJS v0.7.2. The issue is a segmentation fault in the function njs_array_prototype_sort (src/njs_array.c), leading to a denial of service. Reported in multiple sources, the vulnerability context confirms a DoS vector rather than remote code execution; exploitation stat...

CVE-2022-29779

CVE-2022-29779 affects Nginx NJS v0.7.2. The issue is a segmentation violation in the function njs_value_own_enumerate located in src/njs_value.c . This vulnerability can cause a denial of service. No exploitation details or fixes are provided in the available documents; remediation/fix status is...

CVE-2022-29779

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njsvalueownenumerate at src/njsvalue.c...

vulhub

This repository is an offensive tool for web application security training and testing. It is a collection of vulnerable web applications and tools for testing and training purposes. The repository contains a variety of vulnerable applications, including web servers, databases, and other web-base...

The vulnerability of the njs_vmcode_array component in the njs interpreter of the nginx server allows a hacker to cause a service failure.

The vulnerability of the njsvmcodearray component /src/njsvmcode.c. of the njs interpreter on the nginx server is related to pointer arithmetic errors. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

CVE-2022-29379

Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njsdefaultmoduleloader at /src/njs/src/njsmodule.c. NOTE: multiple third parties dispute this report, e.g., the behavior is only found in unreleased development code that was not part of the 0.7.2, 0.7.3, or 0.7.4 release...

CVE-2022-29379

Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njsdefaultmoduleloader at /src/njs/src/njsmodule.c. NOTE: multiple third parties dispute this report, e.g., the behavior is only found in unreleased development code that was not part of the 0.7.2, 0.7.3, or 0.7.4 release...

CVE-2022-29379

Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njsdefaultmoduleloader at /src/njs/src/njsmodule.c. NOTE: multiple third parties dispute this report, e.g., the behavior is only found in unreleased development code that was not part of the 0.7.2, 0.7.3, or 0.7.4 release...

Stack overflow

DISPUTED Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njsdefaultmoduleloader at /src/njs/src/njsmodule.c. NOTE: multiple third parties dispute this report, e.g., the behavior is only found in unreleased development code that was not part of the 0.7.2, 0.7.3, or 0.7....

CVE-2022-29379

Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njsdefaultmoduleloader at /src/njs/src/njsmodule.c. NOTE: multiple third parties dispute this report, e.g., the behavior is only found in unreleased development code that was not part of the 0.7.2, 0.7.3, or 0.7.4 release...

CVE-2022-29379

CVE-2022-29379 affects Nginx NJS v0.7.3. The vulnerability is a stack overflow in the function njs_default_module_loader (njs_module.c). Multiple sources dispute the issue, noting it may reside only in unreleased development code and not in released 0.7.2/0.7.3/0.7.4 builds. Public references lis...

NGINX JavaScript 缓冲区错误漏洞

NGINX JavaScript is an extension to the NGINX open source. A buffer error vulnerability exists in NGINX JavaScript version v0.7.3, which stems from a stack overflow in function njsdefaultmoduleloader in /src/njs/src/njsmodule.c. The vulnerability is caused by a stack overflow in function...

GHSA-HHPM-74PM-HF35 ingress-nginx component for Kubernetes allows file overwrite

The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace ...

@csltech/strong-nginx-controller (>=1.0.2 <=1.0.3), @csltech/strong-pm (>=7.0.0 <=7.0.2) +56 more potentially affected by CVE-2016-1000229 via swagger-ui (>=2.0.17 <=2.1.8-M1)

swagger-ui NPM version =2.0.17, =1.0.2, =7.0.0, =3.0.1, =2.0.0, =1.0.1, =1.0.1, =2.8.29, =1.0.1, =5.0.232, =0.0.1, =0.4.1, =1.0.1, =0.0.1, =0.0.27, =0.1.9 and more Source cves: CVE-2016-1000229 Source advisory: OSV:GHSA-H8WP-WGCQ-QHRF...

Vulnerability of the njs_lvlhsh_bucket_find() function (njs_lvlhsh.c) in the njs interpreter of the nginx server, allowing a hacker to cause a service failure

The vulnerability of the njslvlhshbucketfind function njslvlhsh.c in the njs interpreter of the nginx server involves an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions remotely...

new packages: nginx

An update is available for nginx. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.0...

The vulnerability of the software for providing network connections for NGINX Service Mesh allows a hacker to bypass the authentication process.

The vulnerability of the NGINX Service Mesh software for providing network connections is related to the absence of authentication for a critical function. Exploiting this vulnerability allows a malicious actor to bypass the authentication process...

GHSA-JJCJ-FGFM-9G9R Phusion Passenger Race Condition Allows Privilege Escalation

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passengerinstanceregistrydir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...