CVE-2022-29779
https://notcve.org/view.php?id=CVE-2022-29779
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. Se ha detectado que Nginx NJS versión v0.7.2, contiene una violación de segmentación en la función njs_value_own_enumerate en el archivo src/njs_value.c • https://github.com/nginx/njs/commit/2e00e95473861846aa8538be87db07699d9f676d https://github.com/nginx/njs/issues/485 •
CVE-2021-46461
https://notcve.org/view.php?id=CVE-2021-46461
njs through 0.7.0, used in NGINX, was discovered to contain an out-of-bounds array access via njs_vmcode_typeof in /src/njs_vmcode.c. Se ha detectado que njs versiones hasta 0.7.0, usada en NGINX, contiene un acceso a matrices fuera de límites por medio de la función njs_vmcode_typeof en el archivo /src/njs_vmcode.c • https://github.com/nginx/njs/commit/d457c9545e7e71ebb5c0479eb16b9d33175855e2 https://github.com/nginx/njs/issues/450 https://security.netapp.com/advisory/ntap-20220303-0007 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2019-7401
https://notcve.org/view.php?id=CVE-2019-7401
NGINX Unit before 1.7.1 might allow an attacker to cause a heap-based buffer overflow in the router process with a specially crafted request. This may result in a denial of service (router process crash) or possibly have unspecified other impact. NGINX Unit, en versiones anteriores a la 1.7.1, podría permitir que un atacante provoque un desbordamiento de búfer basado en memoria dinámica (heap) en el proceso del router con una petición especialmente manipulada. Esto podría resultar en una denegación de servicio (cierre inesperado del proceso del router) o, posiblemente, en otro tipo de impacto sin especificar. • http://hg.nginx.org/unit/file/tip/CHANGES http://mailman.nginx.org/pipermail/unit/2019-February/000113.html http://unit.nginx.org/CHANGES.txt http://www.securityfocus.com/bid/106956 • CWE-787: Out-of-bounds Write •
CVE-2009-3896
https://notcve.org/view.php?id=CVE-2009-3896
src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI. src/http/ngx_http_parse.c en nginx (como Engine X) v0.1.0 hasta v0.4.14, v0.5.x anterior v0.5.38, v0.6.x anterior v0.6.39, v0.7.x anterior v0.7.62, y v0.8.x anterior 0.8.14 permite a atacantes remotos causar una denegación de servicio (deferencia puntero nulo y caída de proceso) a través de una URI larga. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552035 http://marc.info/?l=nginx&m=125692080328141&w=2 http://secunia.com/advisories/48577 http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3.diff.gz http://security.gentoo.org/glsa/glsa-201203-22.xml http://sysoev.ru/nginx/patch.null.pointer.txt http://www.debian.org/security/2009/dsa-1920 http://www.openwall.com/lists/oss-security/2009/11/20/1 http://www.openwall.com/lists/os • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-3898 – Nginx 0.7.61 - WebDAV Directory Traversal
https://notcve.org/view.php?id=CVE-2009-3898
Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method. Vulnerabilidad de salto de directorio en src/http/modules/ngx_http_dav_module.c en nginx (como Engine X) anterior v0.7.63, y v0.8.x anterior v0.8.17, permite a usuarios autentificados remotamente crear y sobrescribir archivos de su elección a través de .. (punto punto) en la cabecera HTTP Destination para el WebDAV (1) COPY o (2) méetodo MOVE. • https://www.exploit-db.com/exploits/9829 http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0379.html http://marc.info/?l=oss-security&m=125897327321676&w=2 http://marc.info/?l=oss-security&m=125897425223039&w=2 http://marc.info/?l=oss-security&m=125900327409842&w=2 http://secunia.com/advisories/36818 http://secunia.com/advisories/48577 http://security.gentoo.org/glsa/glsa-201203-22.xml http://www.openwall.com/lists/oss-security/2009/11/20/1 http: • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •