K000139612: NGINX HTTP/3 QUIC vulnerability CVE-2024-35200

Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate. CVE-2024-35200 Note : This issue affects NGINX systems compiled with the ngxhttpv3module module, where the...

K000139609: NGINX HTTP/3 QUIC vulnerability CVE-2024-32760

Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause other potential impact. CVE-2024-32760 Note : This issue affects NGINX systems compiled with the...

(Pwn2Own) Phoenix Contact CHARX SEC-3100 Missing Encryption Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of nginx. The issue results from a lac...

F5 NGINX Plus and NGINX Open Source Denial of Service Vulnerabilities

NGINX is an HTTP and reverse proxy server, email proxy server and general purpose TCP/UDP proxy server. A denial of service vulnerability exists in F5 NGINX Plus and NGINX Open Source, which can be exploited by an unauthenticated, remote attacker to cause a denial of service...

F5 Nginx 安全漏洞

NGINX is an HTTP and reverse proxy server, email proxy server and general purpose TCP/UDP proxy server. An information disclosure vulnerability exists in F5 NGINX Plus and NGINX Open Source, which can be exploited by an unauthenticated, remote attacker to gain access to previously freed memory...

F5 NGINX Plus and NGINX Open Source Information Disclosure Vulnerability

NGINX is an HTTP and reverse proxy server, email proxy server and general purpose TCP/UDP proxy server. An information disclosure vulnerability exists in F5 NGINX Plus and NGINX Open Source, which can be exploited by an unauthenticated, remote attacker to gain access to previously freed memory...

F5 Nginx 安全漏洞

NGINX is an HTTP and reverse proxy server, email proxy server and general purpose TCP/UDP proxy server. A denial of service vulnerability exists in F5 NGINX Plus and NGINX Open Source, which can be exploited by an unauthenticated, remote attacker to cause a denial of service...

PT-2024-3973

Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX OSS affected versions not specified Description The issue is related to the HTTP/3 QUIC module in NGINX Plus and NGINX OSS. It involves undisclosed HTTP/3 encoder instructions that can cause NGI...

PT-2024-3974

Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX OSS affected versions not specified Description The issue is related to a null pointer dereference in the HTTP/3 QUIC module ngx http v3 module of NGINX Plus and NGINX OSS. This can be exploited...

F5 NGINX Plus and NGINX Open Source Denial of Service Vulnerability (CNVD-2024-25363)

NGINX is an HTTP and reverse proxy server, email proxy server and general purpose TCP/UDP proxy server. A denial of service vulnerability exists in F5 NGINX Plus and NGINX Open Source, which can be exploited by an unauthenticated, remote attacker to cause a denial of service...

F5 Nginx 安全漏洞

NGINX is an HTTP and reverse proxy server, email proxy server and general purpose TCP/UDP proxy server. A denial of service vulnerability exists in F5 NGINX Plus and NGINX Open Source, which can be exploited by an unauthenticated, remote attacker to cause a denial of service...

F5 NGINX Plus and NGINX Open Source Denial of Service Vulnerability (CNVD-2024-25362)

NGINX is an HTTP and reverse proxy server, email proxy server and general purpose TCP/UDP proxy server. F5 NGINX Plus and NGINX Open Source denial of service vulnerability can be exploited by unauthenticated, remote attackers to cause a denial of service...

F5 Nginx 安全漏洞

NGINX is an HTTP and reverse proxy server, email proxy server and general purpose TCP/UDP proxy server. F5 NGINX Plus and NGINX Open Source denial of service vulnerability can be exploited by unauthenticated, remote attackers to cause a denial of service...

nginx -- Multiple Vulnerabilities in HTTP/3

The nginx development team reports: This update fixes the following vulnerabilities: Stack overflow and use-after-free in HTTP/3 Buffer overwrite in HTTP/3 Memory disclosure in HTTP/3 NULL pointer dereference in HTTP/3...

JA4+ - Suite Of Network Fingerprinting Standards

JA4+ is a suite of network Fingerprinting methods that are easy to use and easy to share. These methods are both human and machine readable to facilitate more effective threat-hunting and analysis. The use-cases for these fingerprints include scanning for threat actors, malware detection, session...

Silverstripe X-Forwarded-Host request hostname injection

A potential hostname injection vulnerability has been found which could allow attackers to alter url resolution. If a request contains the X-Forwarded-Host HTTP header a website would then use its value in place of the actual HTTP hostname. In cases where caching is enabled, this could allow an...

EZsystems Remote code execution in file uploads

This Security Advisory is about a vulnerability in the way eZ Platform and eZ Publish Legacy handles file uploads, which can in the worst case lead to remote code execution RCE, a very serious threat. An attacker would need access to uploading files to be able to exploit the vulnerability, so if...

GHSA-9895-26WR-4FGV EZsystems Remote code execution in file uploads

This Security Advisory is about a vulnerability in the way eZ Platform and eZ Publish Legacy handles file uploads, which can in the worst case lead to remote code execution RCE, a very serious threat. An attacker would need access to uploading files to be able to exploit the vulnerability, so if...

Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads

The eZ Platform and Legacy are affected by an issue related to how uploaded PHP and PHAR files are handled, and consists of two parts: 1. Web server configuration, and 2. Disabling the PHAR stream wrapper. 1. WEB SERVER CONFIGURATION The sample web server configuration in our documentation can in...

GHSA-PQJM-XCP8-WGMM Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads

The eZ Platform and Legacy are affected by an issue related to how uploaded PHP and PHAR files are handled, and consists of two parts: 1. Web server configuration, and 2. Disabling the PHAR stream wrapper. 1. WEB SERVER CONFIGURATION The sample web server configuration in our documentation can in...