Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
NGINX ngx_http_hls_module vulnerability CVE-2022-41743
Vulnerability Description
NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. The issue affects only NGINX Plus when the hls directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_hls_module.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
跨界内存写
Vulnerability Title
多款F5产品 缓冲区错误漏洞
Vulnerability Description
F5 BIG-IP等都是美国F5公司的产品。F5 BIG-IP是一款集成了网络流量管理、应用程序安全管理、负载均衡等功能的应用交付平台。F5 BIG-IQ是一套基于软件的云管理解决方案。F5 F5OS-A是一种操作系统软件。 F5 F5OS-A,F5OS-C,BIG-IQ和BIG-IP 存在缓冲区错误漏洞,该漏洞源于 NGINX Plus 组件的 ngx_http_hls_module 模块可能允许本地攻击者破坏NGINX工作内存,使用特殊制作的音频或视频文件导致崩溃或潜在的其他影响。
CVSS Information
N/A
Vulnerability Type
N/A