10 matches found
Tenable Sensor Proxy < 1.4.0 Multiple Vulnerabilities (TNS-2026-15)
According to its self-reported version, the Tenable Sensor Proxy running on the remote host is prior to 1.4.0. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2026-15 advisory. - When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed...
TencentOS Server 4: nginx (TSSA-2024:0615)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0615 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
CVE-2024-24990
A flaw was found in the nginx HTTP/3 implementation. This issue may allow an attacker to use a specially crafted QUIC session to trigger a use-after-free condition, causing a worker process to crash, leading to a denial of service...
FreeBSD : nginx-devel -- Multiple Vulnerabilities in HTTP/3 (c97a4ecf-cc25-11ee-b0ee-0050569f0b83)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c97a4ecf-cc25-11ee-b0ee-0050569f0b83 advisory. - When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed...
CVE-2024-24990 vulnerabilities
Vulnerabilities for packages: nginx-mainline...
CVE-2024-24990 vulnerabilities
Vulnerabilities for packages: nginx-mainline...
CVE-2024-24990 NGINX HTTP/3 QUIC vulnerability
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...
CVE-2024-24990
Summary of CVE-2024-24990 (NGINX HTTP/3 QUIC): The issue affects NGINX Plus and NGINX Open Source when the HTTP/3 QUIC module is enabled. Undisclosed requests can trigger a denial-of-service by causing NGINX worker processes to terminate. In practice, this is a data-plane DoS with no control-plan...
Use-after-free in HTTP/3
Use-after-free in HTTP/3 Severity: major CVE-2024-24990 Not vulnerable: 1.25.4+ Vulnerable: 1.25.0-1.25.3...
K000138445: NGINX HTTP/3 QUIC vulnerability CVE-2024-24990
Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. CVE-2024-24990 Note : The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information,...