Lucene search
K

83 matches found

F5 Networks
F5 Networks
added 2024/05/29 1:33 p.m.40 views

K000139612: NGINX HTTP/3 QUIC vulnerability CVE-2024-35200

Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate. CVE-2024-35200 Note : This issue affects NGINX systems compiled with the ngxhttpv3module module, where the...

5.3CVSS6.8AI score0.00917EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
added 2024/05/29 1:32 p.m.43 views

K000139609: NGINX HTTP/3 QUIC vulnerability CVE-2024-32760

Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause other potential impact. CVE-2024-32760 Note : This issue affects NGINX systems compiled with the...

6.5CVSS7.2AI score0.00848EPSS
Exploits0Affected Software2
Tenable Nessus
Tenable Nessus
added 2024/02/15 12:0 a.m.39 views

FreeBSD : nginx-devel -- Multiple Vulnerabilities in HTTP/3 (c97a4ecf-cc25-11ee-b0ee-0050569f0b83)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c97a4ecf-cc25-11ee-b0ee-0050569f0b83 advisory. - When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed...

7.5CVSS7.6AI score0.01061EPSS
Exploits0References3
OSV
OSV
added 2024/02/14 5:15 p.m.1 views

DEBIAN-CVE-2024-24989

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

7.5CVSS7.6AI score0.01061EPSS
Exploits0References1
NVD
NVD
added 2024/02/14 5:15 p.m.26 views

CVE-2024-24989

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

7.5CVSS7.5AI score0.01061EPSS
Exploits0References2
Prion
Prion
added 2024/02/14 5:15 p.m.15 views

Design/Logic Flaw

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

5CVSS7.1AI score0.01061EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/14 4:30 p.m.77 views

CVE-2024-24990 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

7.5CVSS7.6AI score0.00914EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/14 4:30 p.m.72 views

CVE-2024-24989 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

7.5CVSS7.6AI score0.01061EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2024/02/14 4:30 p.m.33 views

CVE-2024-24989

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

7.5CVSS7.7AI score0.01061EPSS
Exploits0
Debian CVE
Debian CVE
added 2024/02/14 4:30 p.m.39 views

CVE-2024-24990

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

7.5CVSS7.7AI score0.00914EPSS
Exploits0
F5 Networks
F5 Networks
added 2024/02/14 1:35 p.m.60 views

K000138445: NGINX HTTP/3 QUIC vulnerability CVE-2024-24990

Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. CVE-2024-24990 Note : The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information,...

7.5CVSS7.8AI score0.00914EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
added 2024/02/14 1:33 p.m.53 views

K000138444: NGINX HTTP/3 QUIC vulnerability CVE-2024-24989

Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. CVE-2024-24989 Note : The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information,...

7.5CVSS7.7AI score0.01061EPSS
Exploits0Affected Software2
UbuntuCve
UbuntuCve
added 2024/02/14 12:0 a.m.35 views

CVE-2024-24990

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

7.5CVSS7.1AI score0.00914EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2023/10/25 12:0 a.m.32 views

CVE-2023-46136

Werkzeug is a comprehensive WSGI web application library. In versions on the 3.x branch prior to 3.0.1 and on the 2.x branch prior to 2.3.8, if an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk b...

8CVSS6.8AI score0.01072EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2023/10/24 11:48 p.m.25 views

CVE-2023-46136

Werkzeug is a comprehensive WSGI web application library. In versions on the 3.x branch prior to 3.0.1 and on the 2.x branch prior to 2.3.8, if an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk b...

8CVSS6.8AI score0.01072EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2023/02/15 3:36 p.m.46 views

High resource usage when parsing multipart form data with many fields

Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses request.data, request.form,...

7.5CVSS7.2AI score0.0142EPSS
Exploits0References8Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/15 2:58 p.m.4 views

CVE-2023-25578 Starlite DoS vulnerability when parsing multipart request body

Starlite is an Asynchronous Server Gateway Interface ASGI framework. Prior to version 1.5.2, the request body parsing in starlite allows a potentially unauthenticated attacker to consume a large amount of CPU time and RAM. The multipart body parser processes an unlimited number of file parts and ...

7.5CVSS7.7AI score0.01004EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:11 a.m.3 views

SUSE CVE-2007-3303

Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that 1 stop request processing by killing all worker processes and preventing creation of replacements or 2 hang the system by forcin...

4.9CVSS6.8AI score0.0089EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:51 a.m.2 views

SUSE CVE-2011-3090

Race condition in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to worker processes...

7.6CVSS9.6AI score0.0185EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:46 a.m.3 views

SUSE CVE-2012-2868

Race condition in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving improper interaction between worker processes and an XMLHttpRequest aka XHR object...

6.8CVSS9.6AI score0.0095EPSS
Exploits0References4
Rows per page
Query Builder