CVE-2022-25139

njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njsawaitfulfilled...

CVE-2021-46462

CVE-2021-46462 affects njs (the scripting language used in NGINX). The issue is a segmentation fault in njs_object_set_prototype (file /src/njs_object.c) when using njs through version up to 0.7.1. The vulnerability is documented across multiple feeds (NVD, OSV, OSV Alpine, etc.) with the core de...

CVE-2021-46462

njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njsobjectsetprototype in /src/njsobject.c...

CVE-2021-46462

njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njsobjectsetprototype in /src/njsobject.c...

CVE-2021-46461

CVE-2021-46461 involves njs (as used in NGINX) with an out-of-bounds array access in njs_vmcode.c . The vulnerability affects njs up to version 0.7.0 and can lead to an information disclosure through a read fault in the VM code typing path. Connected sources confirm the issue exists in the njs pa...

CVE-2021-46461

njs through 0.7.0, used in NGINX, was discovered to contain an out-of-bounds array access via njsvmcodetypeof in /src/njsvmcode.c...

CVE-2021-46461

njs through 0.7.0, used in NGINX, was discovered to contain an out-of-bounds array access via njsvmcodetypeof in /src/njsvmcode.c...

Nginx njs 资源管理错误漏洞

Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from the US-based Nginx Corporation. A resource management error vulnerability exists in Nginx njs 0.7.0 and earlier versions, which stems from njs including a heap use-after-free in njsawaitfulfilled...

Nginx 安全漏洞

Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from the US-based Nginx Corporation. A security vulnerability exists in Nginx, which stems from a segment violation in njsobjectsetprototype in /src/njsobject.c in njs 0.7.1 and earlier...

NGINX 安全漏洞

Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from the US-based Nginx Corporation. A security vulnerability exists in NGINX, which stems from njs was found to contain a control flow hijacking caused by a type obfuscation vulnerability in...

strong-arc (>=1.8.6 <=1.8.9), strong-mesh-client (>=1.3.5 <=2.0.2) +1 more potentially affected by CVE-2020-7621 via strong-nginx-controller (=1.0.2)

strong-nginx-controller NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on strong-nginx-controller and may be impacted: - strong-arc =1.8.6, =1.3.5, =6.0.1, =6.0.3 Source cves: CVE-2020-7621 Source advisory: OSV:GHSA-4V9W-PVWR-38H3...

GHSA-4V9W-PVWR-38H3 OS Command Injection in strong-nginx-controller

strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the 'nginxCmd' function...

OS Command Injection in strong-nginx-controller

strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the 'nginxCmd' function...

Rocky Linux 8 : nginx:1.16 (RLSA-2021:2290)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:2290 advisory. - A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory...

Rocky Linux 8 : nginx:1.18 (RLSA-2021:2259)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:2259 advisory. - A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory...

Critical Photon OS Security Update - PHSA-2022-0466

Updates of 'expat' packages of Photon OS have been released...

USN-5261-1: Phusion Passenger vulnerabilities

It was discovered that Phusion Passenger incorrectly handled a file path in the application root folder. An attacker could possibly use this issue to read arbitrary files. CVE-2017-16355 It was discovered that Phusion Passenger had a race condition in the nginx module that could be used to perfor...

USN-5261-1 passenger vulnerabilities

It was discovered that Phusion Passenger incorrectly handled a file path in the application root folder. An attacker could possibly use this issue to read arbitrary files. CVE-2017-16355 It was discovered that Phusion Passenger had a race condition in the nginx module that could be used to perfor...

ROS-20220125-02

Nginx web server vulnerability is related to a logical error in TLS implementation when working with different protocols but using compatible certificates, such as multi-domain or wildcard certificates. certificates. Exploitation of the vulnerability could allow an attacker acting remotely to...

Oracle Linux 8 : nginx:1.20 (ELSA-2022-0323)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-0323 advisory. 1.20.1-1.0.1 - Remove Red Hat references Orabug: 29498217 1:1.20.1-1 - rebase to 1.20.1 addressing CVE-2021-23017 Tenable has extracted the preceding descriptio...