256 matches found
K000139609: NGINX HTTP/3 QUIC vulnerability CVE-2024-32760
Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause other potential impact. CVE-2024-32760 Note : This issue affects NGINX systems compiled with the...
PT-2024-3974
Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX OSS affected versions not specified Description The issue is related to a null pointer dereference in the HTTP/3 QUIC module ngx http v3 module of NGINX Plus and NGINX OSS. This can be exploited...
nginx -- Multiple Vulnerabilities in HTTP/3
The nginx development team reports: This update fixes the following vulnerabilities: Stack overflow and use-after-free in HTTP/3 Buffer overwrite in HTTP/3 Memory disclosure in HTTP/3 NULL pointer dereference in HTTP/3...
ROS-20240410-02
Vulnerability in the HTTP/3 QUIC module of NGINX Plus, NGINX OSS web servers that allows an attacker to cause a denial of service. denial of service Vulnerability of ngxhttpv3module module of NGINX and NGINX Plus servers is related to memory usage after its release. memory after it has been freed...
CentOS 9 : haproxy-2.4.17-6.el9
The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the haproxy-2.4.17-6.el9 build changelog. - An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an...
Denial Of Service
jetty-http is vulnerable to Denial Of Service DoS. The vulnerability is due to GOAWAY frames failing to be written to the queue when there is TCP congestion within the server. An attacker can exploit idle timeout periods to leave HTTP/2 or 3 connections in the ESTABLISHED state, even when they...
nginx 1.25.x < 1.25.4 DoS
According to its Sever response header, the installed version of nginx is 1.25.x prior to 1.25.4. It may, therefore, affected by the following vulnerabilities: - When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to...
Nginx 1.25.3 HTTP/3 Vulnerability
Nginx is prone to a NULL pointer dereference vulnerability in HTTP/3. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nginx:nginx...
Nginx 1.25.0 - 1.25.3 HTTP/3 Vulnerability
Nginx is prone to a use-after-free vulnerability in HTTP/3. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nginx:nginx";...
CVE-2024-24990
A flaw was found in the nginx HTTP/3 implementation. This issue may allow an attacker to use a specially crafted QUIC session to trigger a use-after-free condition, causing a worker process to crash, leading to a denial of service...
CVE-2024-24989
A flaw was found in the nginx HTTP/3 implementation. This issue may allow an attacker to use a specially crafted QUIC session to trigger a NULL pointer dereference error, causing a worker process to crash, leading to a denial of service...
FreeBSD : nginx-devel -- Multiple Vulnerabilities in HTTP/3 (c97a4ecf-cc25-11ee-b0ee-0050569f0b83)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c97a4ecf-cc25-11ee-b0ee-0050569f0b83 advisory. - When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed...
CVE-2024-24990
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...
CVE-2024-24989
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...
CVE-2024-24989
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...
CVE-2024-24990
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...
Design/Logic Flaw
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...
Design/Logic Flaw
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...
CVE-2024-24989
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...
NULL pointer dereference in HTTP/3
NULL pointer dereference in HTTP/3 Severity: major CVE-2024-24989 Not vulnerable: 1.25.4+ Vulnerable: 1.25.3...