CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-19695
https://notcve.org/view.php?id=CVE-2020-19695
Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c function. • https://github.com/nginx/njs/issues/188 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43286
https://notcve.org/view.php?id=CVE-2022-43286
Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c. Se descubrió que Nginx NJS v0.7.2 contenía un error de heap-use-after-free causado por una copia de memoria ilegal en la función njs_json_parse_iterator_call en njs_json.c. • https://github.com/nginx/njs/commit/2ad0ea24a58d570634e09c2e58c3b314505eaa6a https://github.com/nginx/njs/issues/480 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2022-43284
https://notcve.org/view.php?id=CVE-2022-43284
Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_value at njs_scope.h. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input. ** DISPUTA ** Se descubrió que Nginx NJS v0.7.2 a v0.7.4 contenía una infracción de segmentación a través de njs_scope_valid_value en njs_scope.h. NOTA: el proveedor cuestiona la importancia de este informe porque NJS no opera con información que no sea de confianza. • https://github.com/nginx/njs/issues/470 https://github.com/nginx/njs/issues/529 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-32414
https://notcve.org/view.php?id=CVE-2022-32414
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_vmcode_interpreter at src/njs_vmcode.c. Se ha detectado que Nginx NJS versión v0.7.2, contiene una violación de segmentación en la función njs_vmcode_interpreter en el archivo src/njs_vmcode.c • https://github.com/nginx/njs/commit/31ed93a5623f24ca94e6d47e895ba735d9d97d46 https://github.com/nginx/njs/issues/483 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31307
https://notcve.org/view.php?id=CVE-2022-31307
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_string_offset at src/njs_string.c. Se ha detectado que Nginx NJS versión v0.7.2, contiene una violación de segmentación en la función njs_string_offset en el archivo src/njs_string.c • https://github.com/nginx/njs/commit/eafe4c7a326b163612f10861392622b5da5b1792 https://github.com/nginx/njs/issues/482 • CWE-416: Use After Free •