CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-27007
https://notcve.org/view.php?id=CVE-2022-27007
14 Apr 2022 — nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save(). nginx njs versión 0.7.2 está afectado por un Uso de memoria previamente liberado en la función njs_function_frame_alloc() cuando intenta invocar desde un marco restaurado guardado con njs_function_frame_save() • https://github.com/nginx/njs/commit/ad48705bf1f04b4221a5f5b07715ac48b3160d53 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-27008
https://notcve.org/view.php?id=CVE-2022-27008
14 Apr 2022 — nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat() when a slow array appended element is fast array. nginx njs versión 0.7.2 es vulnerable a Un Desbordamiento de Búfer. Una confusión de tipo en la función Array.prototype.concat() cuando un elemento anexado de un array lento es un array rápido • https://github.com/nginx/njs/commit/e673ae41a998d1391bd562edb2ed6d49db7cc716 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.4EPSS: 0%CPEs: 7EXPL: 0CVE-2021-3618 – Ubuntu Security Notice USN-6379-1
https://notcve.org/view.php?id=CVE-2021-3618
23 Mar 2022 — ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at ... • https://alpaca-attack.com • CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46463
https://notcve.org/view.php?id=CVE-2021-46463
14 Feb 2022 — njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then(). Se ha detectado que njs versiones hasta 0.7.1, usado en NGINX, contiene un secuestro del flujo de control causado por una vulnerabilidad de Confusión de Tipos en la función njs_promise_perform_then() • https://github.com/nginx/njs/commit/6a40a85ff239497c6458c7dbef18f6a2736fe992 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25139
https://notcve.org/view.php?id=CVE-2022-25139
14 Feb 2022 — njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled. Se ha detectado que njs versiones hasta 0.7.0, usado en NGINX, contiene un uso de memoria previamente liberada de la pila en la función njs_await_fulfilled • https://github.com/nginx/njs/commit/6a07c2156a07ef307b6dcf3c2ca8571a5f1af7a6 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46462
https://notcve.org/view.php?id=CVE-2021-46462
14 Feb 2022 — njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njs_object_set_prototype in /src/njs_object.c. Se ha detectado que njs versiones hasta 0.7.1, usado en NGINX, contenía una violación de segmentación por medio de la función njs_object_set_prototype en el archivo /src/njs_object.c • https://github.com/nginx/njs/commit/39e8fa1b7db1680654527f8fa0e9ee93b334ecba •
CVSS: 5.3EPSS: 0%CPEs: 70EXPL: 0CVE-2022-23029
https://notcve.org/view.php?id=CVE-2022-23029
25 Jan 2022 — On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a FastL4 profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 16.x anteriores a 16.1.0, 15.1.x anteriores a 15.1.4.1, 14.1.x anteriores a 14.1.4.4 y todas las versiones de 13.1.x, 12.1.x y 11.6.x... • https://support.f5.com/csp/article/K50343028 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-23028
https://notcve.org/view.php?id=CVE-2022-23028
25 Jan 2022 — On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when global AFM SYN cookie protection (TCP Half Open flood vector) is activated in the AFM Device Dos or DOS profile, certain types of TCP connections will fail. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP AFM versiones 16.x anteriores a 16.1.0, 15.1.x anteriores a 15.1.5, 14.1.x anteriores a 14.1.4.5 y todas las versiones de la 13.1.... • https://support.f5.com/csp/article/K16101409 • CWE-682: Incorrect Calculation •
CVSS: 5.3EPSS: 0%CPEs: 56EXPL: 0CVE-2022-23030
https://notcve.org/view.php?id=CVE-2022-23030
25 Jan 2022 — On version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when the BIG-IP Virtual Edition (VE) uses the ixlv driver (which is used in SR-IOV mode and requires Intel X710/XL710/XXV710 family of network adapters on the Hypervisor) and TCP Segmentation Offload configuration is enabled, undisclosed requests may cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En las vers... • https://support.f5.com/csp/article/K53442005 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2022-23032
https://notcve.org/view.php?id=CVE-2022-23032
25 Jan 2022 — In all versions before 7.2.1.4, when proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP Edge Client on Mac and Windows is vulnerable to a DNS rebinding attack. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En todas las versiones anteriores a la 7.2.1.4, cuando son configurados los ajustes del proxy en el recurso de acceso a la red de un sistema BIG-IP APM, la conexión de BIG-IP Edge Client en Mac y Windows es... • https://support.f5.com/csp/article/K30525503 • CWE-346: Origin Validation Error •