threat
engine
.sh
Back
·
··:··
Home
/
Product
/
f5 njs
Product
f5 njs
44 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-27730
all versions
Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_lvlhsh_find at src/njs_lvlhsh.c.
7.5
HIGH
CVE-2023-27729
all versions
Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the function njs_vmcode_return at src/njs_vmcode.c.
7.5
HIGH
CVE-2023-27728
all versions
Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_dump_is_recursive at src/njs_vmcode.c.
7.5
HIGH
CVE-2023-27727
all versions
Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_function_frame at src/njs_function.h.
7.5
HIGH
CVE-2020-19695
< 0.3.4
Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the
9.8
CRITICAL
CVE-2020-19692
< 0.3.4
Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njs_module_re
9.8
CRITICAL
CVE-2022-43286
all versions
Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_
9.8
CRITICAL
CVE-2022-43285
all versions
Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job. NOTE: the vendor disputes the sig
7.5
HIGH
CVE-2022-43284
>= 0.7.2 and <= 0.7.4
Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_value at njs_scope.h. NOTE: the
7.5
HIGH
CVE-2022-38890
all versions
Nginx NJS v0.7.7 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h
5.5
MEDIUM
CVE-2022-35173
all versions
An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code g
7.5
HIGH
CVE-2022-34032
all versions
Nginx NJS v0.7.5 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c.
7.5
HIGH
CVE-2022-34031
all versions
Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_value_to_number at src/njs_value_conversion.h.
7.5
HIGH
CVE-2022-34030
all versions
Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_djb_hash at src/njs_djb_hash.c.
7.5
HIGH
CVE-2022-34029
all versions
Nginx NJS v0.7.4 was discovered to contain an out-of-bounds read via njs_scope_value at njs_scope.h.
9.1
CRITICAL
CVE-2022-34028
all versions
Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h.
7.5
HIGH
CVE-2022-34027
all versions
Nginx NJS v0.7.4 was discovered to contain a segmentation violation via njs_value_property at njs_value.c.
7.5
HIGH
CVE-2022-32414
all versions
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_vmcode_interpreter at src/njs_vmcode.c.
5.5
MEDIUM
CVE-2022-31307
all versions
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_string_offset at src/njs_string.c.
5.5
MEDIUM
CVE-2022-31306
all versions
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_convert_to_slow_array at src/njs_arr
5.5
MEDIUM
CVE-2022-30503
all versions
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h.
5.5
MEDIUM
CVE-2022-29780
all versions
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c.
5.5
MEDIUM
CVE-2022-29779
all versions
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c.
5.5
MEDIUM
CVE-2022-29379
all versions
Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c
9.8
CRITICAL
CVE-2022-29369
all versions
Nginx NJS v0.7.2 was discovered to contain a segmentation violation via njs_lvlhsh_bucket_find at njs_lvlhsh.c.
7.5
HIGH
CVE-2022-28049
all versions
NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c.
5.5
MEDIUM
CVE-2022-27008
all versions
nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat() when a slow array appended element is
7.5
HIGH
CVE-2022-27007
all versions
nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame
9.8
CRITICAL
CVE-2022-25139
< 0.7.2
njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled.
9.8
CRITICAL
CVE-2021-46463
<= 0.7.1
njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_
9.8
CRITICAL
CVE-2021-46462
<= 0.7.1
njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njs_object_set_prototype in /src/njs_obje
7.5
HIGH
CVE-2021-46461
<= 0.7.0
njs through 0.7.0, used in NGINX, was discovered to contain an out-of-bounds array access via njs_vmcode_typeof in /src/njs_vmcode
9.8
CRITICAL
CVE-2020-24349
<= 0.4.3
njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the
5.5
MEDIUM
CVE-2020-24348
<= 0.4.3
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c.
5.5
MEDIUM
CVE-2020-24347
<= 0.4.3
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c.
5.5
MEDIUM
CVE-2020-24346
<= 0.4.3
njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c.
7.8
HIGH
CVE-2019-13617
<= 0.3.3
njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as
6.5
MEDIUM
CVE-2019-13067
<= 0.3.3
njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for
9.8
CRITICAL
CVE-2019-12208
<= 0.3.1
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c.
9.8
CRITICAL
CVE-2019-12207
<= 0.3.1
njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c.
9.8
CRITICAL
CVE-2019-12206
<= 0.3.1
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c.
9.8
CRITICAL
CVE-2019-11839
<= 0.3.1
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njs_array_pr
9.8
CRITICAL
CVE-2019-11838
<= 0.3.1
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_
9.8
CRITICAL
CVE-2019-11837
<= 0.3.1
njs through 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative arguments, related to nxt_utf8
7.5
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin