6254 matches found
[SECURITY] [DSA 4750-1] nginx security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4750-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 26, 2020 https://www.debian.org/security/faq -...
DSA-4750-1 nginx - security update
Bulletin has no description...
CVE-2020-5416
Cloud Foundry Routing Gorouter, versions prior to 0.204.0, when used in a deployment with NGINX reverse proxies in front of the Gorouters, is potentially vulnerable to denial-of-service attacks in which an unauthenticated malicious attacker can send specially-crafted HTTP requests that may cause...
CVE-2020-5416
Cloud Foundry Routing (Gorouter) is affected when deployed behind NGINX proxies. The vulnerability affects Gorouter versions prior to 0.204.0, where unauthenticated attackers can send specially crafted HTTP requests that may cause Gorouters to be dropped from the NGINX backend pool, potentially e...
CVE-2020-5416 CF clusters with NGINX in front of them may be vulnerable to DoS
Cloud Foundry Routing Gorouter, versions prior to 0.204.0, when used in a deployment with NGINX reverse proxies in front of the Gorouters, is potentially vulnerable to denial-of-service attacks in which an unauthenticated malicious attacker can send specially-crafted HTTP requests that may cause...
CVE-2020-24348
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njsjsonstringifyiterator in njsjson.c...
CVE-2020-24349
njs through 0.4.3, used in NGINX, allows control-flow hijack in njsvalueproperty in njsvalue.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface...
CVE-2020-24348
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njsjsonstringifyiterator in njsjson.c...
CVE-2020-24349
njs through 0.4.3, used in NGINX, allows control-flow hijack in njsvalueproperty in njsvalue.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface...
AZL-35029 CVE-2020-24347 affecting package nginx for versions less than 1.25.4-1
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njslvlhshlevelfind in njslvlhsh.c...
CVE-2020-24346
njs through 0.4.3, used in NGINX, has a use-after-free in njsjsonparseiteratorcall in njsjson.c...
CVE-2020-24347
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njslvlhshlevelfind in njslvlhsh.c...
CVE-2020-24347
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njslvlhshlevelfind in njslvlhsh.c...
CVE-2020-24346
njs through 0.4.3, used in NGINX, has a use-after-free in njsjsonparseiteratorcall in njsjson.c...
Out-of-bounds
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njslvlhshlevelfind in njslvlhsh.c...
Out-of-bounds
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njsjsonstringifyiterator in njsjson.c...
Design/Logic Flaw
njs through 0.4.3, used in NGINX, allows control-flow hijack in njsvalueproperty in njsvalue.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface...
Design/Logic Flaw
njs through 0.4.3, used in NGINX, has a use-after-free in njsjsonparseiteratorcall in njsjson.c...
CVE-2020-24346
njs through 0.4.3, used in NGINX, has a use-after-free in njsjsonparseiteratorcall in njsjson.c...
CVE-2020-24346
CVE-2020-24346 affects the NGINX-integrated JavaScript engine, specifically njs through 0.4.3. The vulnerability is a use-after-free in function njs_json_parse_iterator_call within njs_json.c. This concrete detail is corroborated by multiple sources in the connected documents (e.g., Red Hat, NVD,...