Lucene search
K

258 matches found

RedhatCVE
RedhatCVE
added 2024/05/30 8:33 a.m.33 views

CVE-2024-31079

A flaw was found in the nginx HTTP/3 implementation. Undisclosed HTTP/3 requests can trigger a stack-based buffer overflow, causing worker processes to crash and lead to a denial of service. Mitigation Mitigation for this issue is either not available or the currently available options do not mee...

6.5CVSS6.1AI score0.00872EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/05/30 8:33 a.m.39 views

CVE-2024-32760

A flaw was found in the nginx HTTP/3 implementation. Undisclosed HTTP/3 encoder instructions can trigger an out-of-bounds write error, causing worker processes to crash, leading to a denial of service or other potential impacts. Mitigation Mitigation for this issue is either not available or the...

7.5CVSS6.1AI score0.00848EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/05/30 12:0 a.m.32 views

FreeBSD : nginx-devel -- Multiple Vulnerabilities in HTTP/3 (320a19f7-1ddd-11ef-a2ae-8c164567ca3c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 320a19f7-1ddd-11ef-a2ae-8c164567ca3c advisory. The nginx development team reports: This update fixes the following vulnerabilities: Tenable h...

6.5CVSS6.4AI score0.00917EPSS
Exploits0References5
NVD
NVD
added 2024/05/29 4:15 p.m.14 views

CVE-2024-32760

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact...

6.5CVSS6.3AI score0.00848EPSS
Exploits0References4
NVD
NVD
added 2024/05/29 4:15 p.m.20 views

CVE-2024-34161

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit MTU of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory...

5.3CVSS5.2AI score0.00867EPSS
Exploits0References4
OSV
OSV
added 2024/05/29 4:15 p.m.21 views

CVE-2024-34161

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit MTU of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory...

5.3CVSS6.6AI score
Exploits0References4
NVD
NVD
added 2024/05/29 4:15 p.m.19 views

CVE-2024-35200

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate...

5.3CVSS5.3AI score0.00917EPSS
Exploits0References4
OSV
OSV
added 2024/05/29 4:15 p.m.20 views

CVE-2024-35200

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate...

5.3CVSS6.7AI score
Exploits0References4
OSV
OSV
added 2024/05/29 4:15 p.m.19 views

CVE-2024-32760

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact...

6.5CVSS6.7AI score
Exploits0References4
NVD
NVD
added 2024/05/29 4:15 p.m.24 views

CVE-2024-31079

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacke...

4.8CVSS5.1AI score0.00872EPSS
Exploits0References4
OSV
OSV
added 2024/05/29 4:15 p.m.20 views

CVE-2024-31079

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacke...

4.8CVSS6.6AI score
Exploits0References4
UbuntuCve
UbuntuCve
added 2024/05/29 4:15 p.m.31 views

CVE-2024-32760

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact...

6.5CVSS6.9AI score0.00848EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/05/29 4:15 p.m.35 views

CVE-2024-34161

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit MTU of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory...

5.3CVSS6.8AI score0.00867EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/05/29 4:15 p.m.27 views

CVE-2024-31079

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacke...

4.8CVSS6.7AI score0.00872EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/05/29 4:15 p.m.22 views

CVE-2024-35200

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate...

5.3CVSS6.8AI score0.00917EPSS
Exploits0References3
Nginx
Nginx
added 2024/05/29 4:2 p.m.289 views

Memory disclosure in HTTP/3

Memory disclosure in HTTP/3 Severity: medium CVE-2024-34161 Not vulnerable: 1.27.0+, 1.26.1+ Vulnerable: 1.25.0-1.25.5, 1.26.0...

5.3CVSS7AI score0.00867EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/05/29 4:2 p.m.36 views

CVE-2024-34161 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit MTU of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory...

5.3CVSS5.2AI score0.00867EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/05/29 4:2 p.m.28 views

CVE-2024-34161 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit MTU of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory...

5.3CVSS5.2AI score0.00867EPSS
Exploits0References4
CVE
CVE
added 2024/05/29 4:2 p.m.344 views

CVE-2024-34161

CVE-2024-34161 affects NGINX Plus and NGINX Open Source when using the HTTP/3 QUIC module with MTU 4096+ without fragmentation. The root cause is in the HTTP/3 QUIC module (ngx_http_v3_module) handling QUIC packets, which can cause leakage of previously freed memory in NGINX worker processes. The...

5.3CVSS5.2AI score0.00867EPSS
Exploits0References4Affected Software2
AlpineLinux
AlpineLinux
added 2024/05/29 4:2 p.m.36 views

CVE-2024-34161

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit MTU of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory...

5.3CVSS5.6AI score0.00867EPSS
Exploits0
Rows per page
Query Builder