Lucene search

K

Nginx Security Vulnerabilities

cve
cve

CVE-2020-19695

Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c...

9.8CVSS

9.7AI Score

0.004EPSS

2023-04-04 03:15 PM
145
cve
cve

CVE-2020-19692

Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njs_module_read in the njs_module.c...

9.8CVSS

9.6AI Score

0.005EPSS

2023-04-04 03:15 PM
45
cve
cve

CVE-2022-35173

An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation...

7.5CVSS

7.5AI Score

0.001EPSS

2022-08-18 06:15 AM
35
6
cve
cve

CVE-2022-30503

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at...

5.5CVSS

5.4AI Score

0.0004EPSS

2022-06-02 02:15 PM
41
5
cve
cve

CVE-2022-29779

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at...

5.5CVSS

5.4AI Score

0.0004EPSS

2022-06-02 02:15 PM
43
5
cve
cve

CVE-2022-29780

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at...

5.5CVSS

5.4AI Score

0.0004EPSS

2022-06-02 02:15 PM
38
5
cve
cve

CVE-2021-46461

njs through 0.7.0, used in NGINX, was discovered to contain an out-of-bounds array access via njs_vmcode_typeof in...

9.8CVSS

9.5AI Score

0.003EPSS

2022-02-14 10:15 PM
110
cve
cve

CVE-2011-4968

nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack...

4.8CVSS

5AI Score

0.004EPSS

2019-11-19 04:15 PM
56
cve
cve

CVE-2019-7401

NGINX Unit before 1.7.1 might allow an attacker to cause a heap-based buffer overflow in the router process with a specially crafted request. This may result in a denial of service (router process crash) or possibly have unspecified other...

9.8CVSS

9.8AI Score

0.014EPSS

2019-02-08 03:29 AM
43
cve
cve

CVE-2017-7529

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted...

7.5CVSS

7.3AI Score

0.963EPSS

2017-07-13 01:29 PM
970
2
cve
cve

CVE-2009-3898

Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE....

6.1AI Score

0.004EPSS

2009-11-24 05:30 PM
64
cve
cve

CVE-2009-3896

src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long...

6.1AI Score

0.086EPSS

2009-11-24 05:30 PM
73