CVE-2024-24990 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

CVE-2024-24989 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

CVE-2024-24990

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

CVE-2024-24989

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

K000138353: Quarterly Security Notification (February 2024)

Security Advisory Description On February 14, 2024, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associat...

K000138445: NGINX HTTP/3 QUIC vulnerability CVE-2024-24990

Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. CVE-2024-24990 Note : The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information,...

K000138444: NGINX HTTP/3 QUIC vulnerability CVE-2024-24989

Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. CVE-2024-24989 Note : The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information,...

F5 Nginx Resource Management Error Vulnerability

F5 Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from F5, Inc. distributed under the BSD-like protocol. A security vulnerability exists in F5 Nginx Plus versions R30 and R31, which stems from an undisclosed request that could cause an NGINX worker process...

F5 Nginx Code Issues Vulnerabilities

F5 Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from F5 Inc. distributed under the BSD-like protocol. A security vulnerability exists in F5 Nginx Plus version R31, which stems from an undisclosed request that could cause an NGINX worker process to...

CVE-2024-24990

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

CVE-2024-24989

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

PT-2024-1647 · Nginx +1 · Nginx Oss +3

The affected software is NGINX, specifically the HTTP/3 QUIC module in NGINX Plus and NGINX OSS. When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate, potentially leading to a denial of service, related to a...

nginx-devel -- Multiple Vulnerabilities in HTTP/3

The nginx development team reports: When using HTTP/3 a segmentation fault might occur in a worker process while processing a specially crafted QUIC session...

Huawei EulerOS: Security Advisory for nginx (EulerOS-SA-2024-1154)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : nginx (EulerOS-SA-2024-1154)

According to the versions of the nginx packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as...

Navgix - A Multi-Threaded Golang Tool That Will Check For Nginx Alias Traversal Vulnerabilities

navgix is a multi-threaded golang tool that will check for nginx alias traversal vulnerabilities Techniques Currently, navgix supports 2 techniques for finding vulnerable directories or location aliases. Those being the following: Heuristics navgix will make an initial GET request to the page, an...

PT-2024-1653 · Nginx +1 · Nginx Oss +3

The affected software includes NGINX Plus and NGINX OSS, specifically when configured to use the HTTP/3 QUIC module. This issue may allow a remote attacker to cause a denial of service due to undisclosed requests that can cause worker processes to terminate. The HTTP/3 QUIC module is not enabled ...

CVE-2024-21626 vulnerabilities

Vulnerabilities for packages: trivy, k3d, datadog-agent, podman, datadog-agent-fips, newrelic-infrastructure-agent, zot, k3s, runc, syft, zarf, ctop, nerdctl, skopeo, skaffold, kubescape, kots, buildkitd, grype, kubernetes-fips, wolfictl, docker, cadvisor, k9s, kaniko, kubernetes...

CVE-2024-21626 vulnerabilities

Vulnerabilities for packages: newrelic-infrastructure-agent, runc, kubescape, wolfictl, docker, k9s, kaniko, datadog-agent, trivy, skaffold, k3d, podman, k3s, nerdctl, kots, grype, ctop, zot, cadvisor, zarf, skopeo, kubernetes, buildkitd, syft...

The vulnerability of the Import Certificate function in the Nginx UI server’s user interface allows a perpetrator to gain access to read, modify, and delete data, as well as execute arbitrary code.

The vulnerability of the Import Certificate function in the Nginx UI server’s user interface is related to incorrect restrictions on the path names for sslcertificatepath, sslcertificatekeypath, sslcertificate, and sslcertificatekey, which have limited access. Exploiting this vulnerability could...