Security Bulletin: nginx is vulnerable to CVE-2021-23017 used in IBM Maximo Application Suite - Edge Data Collector Component

Summary IBM Maximo Application Suite - Edge Data Collector Component uses nginx which is vulnerable to CVE-2021-23017. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2021-23017 DESCRIPTION: NGINX could allow a remote attacker to execute...

CVE-2024-26615 net/smc: fix illegal rmb_desc access in SMC-D connection dump

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix illegal rmbdesc access in SMC-D connection dump A crash was found when dumping SMC-D connections. It can be reproduced by following steps: - run nginx/wrk test: smcrun nginx smcrun wrk -t 16 -c 1000 -d -H 'Connection...

CVE-2024-26615 net/smc: fix illegal rmb_desc access in SMC-D connection dump

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix illegal rmbdesc access in SMC-D connection dump A crash was found when dumping SMC-D connections. It can be reproduced by following steps: - run nginx/wrk test: smcrun nginx smcrun wrk -t 16 -c 1000 -d -H 'Connection...

CVE-2024-26615

CVE-2024-26615 affects the Linux kernel net/smc code. A crash from NULL pointer dereference occurs when dumping SMC-D connections due to illegal rmb_desc access to conn->rmb_desc during an in-progress connection. The issue is fixed by adding a check before dumping to ensure rmb_desc has been i...

Parse Nginx Config (Linux)

Binary data nginxnixparseconfig.nbin...

CentOS 9 : nginx-1.20.1-10.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the nginx-1.20.1-10.el9 build changelog. - Application Layer Protocol Confusion CVE-2021-3618 Note that Nessus has not tested for this issue but has instead relied only on the application's...

nginx 1.25.x < 1.25.4 DoS

According to its Sever response header, the installed version of nginx is 1.25.x prior to 1.25.4. It may, therefore, affected by the following vulnerabilities: - When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to...

Nginx 1.25.x < 1.25.4 Multiple Vulnerabilities

According to its Server response header, the installed version of nginx is 1.25.x prior to 1.25.4. It is, therefore, affected by the following issues : - A NULL pointer dereference in HTTP/3. CVE-2024-24989 - A Use-after-free in HTTP/3. CVE-2024-24990 Note that the scanner has not tested for thes...

SUSE CVE-2024-24989

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

SUSE CVE-2024-24990

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

Nginx 1.25.0 - 1.25.3 HTTP/3 Vulnerability

Nginx is prone to a use-after-free vulnerability in HTTP/3. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nginx:nginx";...

Nginx 1.25.3 HTTP/3 Vulnerability

Nginx is prone to a NULL pointer dereference vulnerability in HTTP/3. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nginx:nginx...

CVE-2024-24990

A flaw was found in the nginx HTTP/3 implementation. This issue may allow an attacker to use a specially crafted QUIC session to trigger a use-after-free condition, causing a worker process to crash, leading to a denial of service...

CVE-2024-24989

A flaw was found in the nginx HTTP/3 implementation. This issue may allow an attacker to use a specially crafted QUIC session to trigger a NULL pointer dereference error, causing a worker process to crash, leading to a denial of service...

FreeBSD : nginx-devel -- Multiple Vulnerabilities in HTTP/3 (c97a4ecf-cc25-11ee-b0ee-0050569f0b83)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c97a4ecf-cc25-11ee-b0ee-0050569f0b83 advisory. - When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed...

The vulnerability of the ngx_http_v3_module in NGINX and NGINX Plus servers allows a hacker to cause a service failure.

The vulnerability of the ngxhttpv3module in NGINX and NGINX Plus servers is related to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

The vulnerability of HTTP/3 QUIC modules in NGINX Plus and NGINX OSS web servers allows attackers to cause service interruptions.

The vulnerability of HTTP/3 QUIC in NGINX Plus and NGINX OSS web servers is related to the swapping of the zero pointer. Exploiting this vulnerability allows a malicious actor to cause service interruptions by sending specially crafted requests...

CVE-2024-24990 vulnerabilities

Vulnerabilities for packages: nginx-mainline...

CVE-2024-24989 vulnerabilities

Vulnerabilities for packages: nginx-mainline...

DEBIAN-CVE-2024-24990

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...