17 results (0.003 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1

Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c function. • https://github.com/nginx/njs/issues/188 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then(). Se ha detectado que njs versiones hasta 0.7.1, usado en NGINX, contiene un secuestro del flujo de control causado por una vulnerabilidad de Confusión de Tipos en la función njs_promise_perform_then() • https://github.com/nginx/njs/commit/6a40a85ff239497c6458c7dbef18f6a2736fe992 https://github.com/nginx/njs/issues/447 https://security.netapp.com/advisory/ntap-20220303-0007 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled. Se ha detectado que njs versiones hasta 0.7.0, usado en NGINX, contiene un uso de memoria previamente liberada de la pila en la función njs_await_fulfilled • https://github.com/nginx/njs/commit/6a07c2156a07ef307b6dcf3c2ca8571a5f1af7a6 https://github.com/nginx/njs/issues/451 https://security.netapp.com/advisory/ntap-20220303-0007 • CWE-416: Use After Free •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njs_object_set_prototype in /src/njs_object.c. Se ha detectado que njs versiones hasta 0.7.1, usado en NGINX, contenía una violación de segmentación por medio de la función njs_object_set_prototype en el archivo /src/njs_object.c • https://github.com/nginx/njs/commit/39e8fa1b7db1680654527f8fa0e9ee93b334ecba https://github.com/nginx/njs/issues/449 https://security.netapp.com/advisory/ntap-20220303-0007 •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

njs through 0.7.0, used in NGINX, was discovered to contain an out-of-bounds array access via njs_vmcode_typeof in /src/njs_vmcode.c. Se ha detectado que njs versiones hasta 0.7.0, usada en NGINX, contiene un acceso a matrices fuera de límites por medio de la función njs_vmcode_typeof en el archivo /src/njs_vmcode.c • https://github.com/nginx/njs/commit/d457c9545e7e71ebb5c0479eb16b9d33175855e2 https://github.com/nginx/njs/issues/450 https://security.netapp.com/advisory/ntap-20220303-0007 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •