10 matches found
EUVD-2024-22351
Malicious code in bioql PyPI...
TencentOS Server 4: nginx (TSSA-2024:0497)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0497 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
curl: TLS Cipher Misconfiguration in HTTP/3/QUIC Support
Summary: This vulnerability occurs when the --ciphers option is used with the curl command to manually specify TLS cipher suites. HTTP/3 or QUIC fails to function in this scenario because QUIC does not rely on traditional TLS cipher suites defined for TLS 1.2 or earlier. Consequently, using the...
BIT-NGINX-2024-24989 NGINX HTTP/3 QUIC vulnerability
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...
PT-2024-3974
Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX OSS affected versions not specified Description The issue is related to a null pointer dereference in the HTTP/3 QUIC module ngx http v3 module of NGINX Plus and NGINX OSS. This can be exploited...
nginx 1.25.x < 1.25.4 DoS
According to its Sever response header, the installed version of nginx is 1.25.x prior to 1.25.4. It may, therefore, affected by the following vulnerabilities: - When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to...
CVE-2024-24990
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...
Design/Logic Flaw
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...
CVE-2024-24989 NGINX HTTP/3 QUIC vulnerability
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...
CVE-2024-24990
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...