SUSE CVE-2024-31079

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacke...

CVE-2024-49214

A flaw was found in HAProxy's QUIC listener. This vulnerability can allow an attacker to bypass the IP allow/block list via a spoofed IP address in a 0-RTT session. The attacker could exploit this by obtaining a TLS session ticket using their real IP, then initiating a 0-RTT session with a spoofe...

CVE-2024-35200

A flaw was found in the nginx HTTP/3 implementation. This issue may allow an attacker using a specially crafted QUIC session to trigger a NULL pointer dereference error, causing worker processes to crash and lead to a denial of service. Mitigation Mitigation for this issue is either not available...

CVE-2024-35200

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate...

CVE-2024-31079

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacke...