Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-32760 | 2 F5, Fedoraproject | 3 Nginx Open Source, Nginx Plus, Fedora | 2025-01-24 | N/A | 6.5 MEDIUM |
| When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact. | |||||
| CVE-2024-34161 | 2 F5, Fedoraproject | 3 Nginx Open Source, Nginx Plus, Fedora | 2025-01-24 | N/A | 5.3 MEDIUM |
| When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory. | |||||
| CVE-2024-35200 | 2 F5, Fedoraproject | 3 Nginx Open Source, Nginx Plus, Fedora | 2025-01-24 | N/A | 5.3 MEDIUM |
| When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate. | |||||
| CVE-2024-24989 | 1 F5 | 2 Nginx Open Source, Nginx Plus | 2025-01-24 | N/A | 7.5 HIGH |
| When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html . NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2024-24990 | 1 F5 | 2 Nginx Open Source, Nginx Plus | 2025-01-24 | N/A | 7.5 HIGH |
| When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2024-31079 | 2 F5, Fedoraproject | 3 Nginx Open Source, Nginx Plus, Fedora | 2025-01-24 | N/A | 4.8 MEDIUM |
| When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker has no visibility and limited influence over. | |||||
| CVE-2024-7347 | 1 F5 | 2 Nginx Open Source, Nginx Plus | 2025-01-22 | N/A | 4.7 MEDIUM |
| NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||