Search CVE reports


Toggle filters

1 – 10 of 53 results


CVE-2024-7347

Medium priority
Fixed

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only...

1 affected package

nginx

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nginx Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2024-35200

Medium priority
Not affected

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate.

1 affected package

nginx

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nginx Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-34161

Medium priority
Not affected

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX...

1 affected package

nginx

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nginx Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-32760

Medium priority
Not affected

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.

1 affected package

nginx

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nginx Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-31079

Medium priority
Not affected

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request...

1 affected package

nginx

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nginx Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-24990

Medium priority
Not affected

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental....

1 affected package

nginx

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nginx Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-24989

Medium priority
Not affected

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental....

1 affected package

nginx

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nginx Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-44487

High priority

Some fixes available 18 of 56

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

13 affected packages

dotnet6, dotnet7, dotnet8, h2o, haproxy...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dotnet6 Not in release Fixed Not in release Not in release Not in release
dotnet7 Not in release Fixed Not in release Not in release Not in release
dotnet8 Fixed Not affected Not in release Not in release Not in release
h2o Not affected Needs evaluation Needs evaluation Needs evaluation Not in release
haproxy Not affected Not affected Not affected Fixed Not affected
netty Not affected Fixed Fixed Not affected Not affected
nghttp2 Not affected Fixed Fixed Fixed Fixed
nginx Not affected Not affected Not affected Not affected Not affected
nodejs Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tomcat10 Needs evaluation Not in release Not in release Ignored Ignored
tomcat8 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
trafficserver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 13 packages Show less packages

CVE-2020-21699

Medium priority
Not affected

The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information...

1 affected package

nginx

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nginx Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-41742

Medium priority
Fixed

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that...

1 affected package

nginx

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nginx Fixed Fixed Fixed Fixed
Show less packages