← Back

Nginx

nginx

7 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Njs
njs
5 CVEs
Nginx
nginx
2 CVEs

CVEs (7)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-35173
1Nginx
1Njs
Nov 21, 2024
Aug 18, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation.
CVE-2022-30503
1Nginx
1Njs
Nov 21, 2024
Jun 2, 2022
N/A· v4
5.5 MEDIUM· v3
2.1 LOW· v2
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h.
CVE-2022-29780
1Nginx
1Njs
Nov 21, 2024
Jun 2, 2022
N/A· v4
5.5 MEDIUM· v3
2.1 LOW· v2
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c.
CVE-2022-29779
1Nginx
1Njs
Nov 21, 2024
Jun 2, 2022
N/A· v4
5.5 MEDIUM· v3
2.1 LOW· v2
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c.
CVE-2021-46461
1Nginx
1Njs
Nov 21, 2024
Feb 14, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
njs through 0.7.0, used in NGINX, was discovered to contain an out-of-bounds array access via njs_vmcode_typeof in /src/njs_vmcode.c.
CVE-2009-3898
2F5
Nginx
2Nginx
Nginx
Apr 23, 2026
Nov 24, 2009
N/A· v4
N/A· v3
4.9 MEDIUM· v2
Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a ....Show more
Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.Show less
CVE-2009-3896
2F5
Nginx
2Nginx
Nginx
Apr 23, 2026
Nov 24, 2009
N/A· v4
N/A· v3
5.0 MEDIUM· v2
src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL po...Show more
src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.Show less