Lucene search
K

145 matches found

SUSE CVE
SUSE CVE
added 2025/02/14 5:41 a.m.2 views

SUSE CVE-2024-7347

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and the mp4 directi...

5.3CVSS6.3AI score0.0032EPSS
Exploits0References8
OSV
OSV
added 2024/11/01 4:53 p.m.5 views

CLSA-2024-1730479989 Fix CVE(s): CVE-2023-7347, CVE-2024-7347

SECURITY UPDATE: mp4 module allows buffer underread and unordered chunks - debian/patches/CVE-2024-7347.patch: fix buffer underread while updating stsz atom and reject unordered chunks - CVE-2023-7347...

5.7CVSS6.8AI score0.0032EPSS
Exploits0References1
OSV
OSV
added 2024/09/16 12:2 p.m.2 views

USN-7014-1 nginx vulnerability

It was discovered that the nginx ngxhttpmp4 module incorrectly handled certain malformed mp4 files. In environments where the mp4 directive is in use, a remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service...

5.7CVSS6.7AI score0.0032EPSS
Exploits0References2
OSV
OSV
added 2024/09/06 11:9 a.m.3 views

OESA-2024-2089 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its...

5.7CVSS6.9AI score0.0032EPSS
Exploits0References2
OSV
OSV
added 2024/09/06 11:9 a.m.3 views

OESA-2024-2086 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its...

5.7CVSS6.9AI score0.0032EPSS
Exploits0References2
OSV
OSV
added 2024/09/06 11:9 a.m.2 views

OESA-2024-2088 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its...

5.7CVSS6.9AI score0.0032EPSS
Exploits0References2
OSV
OSV
added 2024/09/06 11:9 a.m.5 views

OESA-2024-2087 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its...

5.7CVSS6.9AI score0.0032EPSS
Exploits0References2
Amazon
Amazon
added 2024/09/04 12:0 a.m.3 views

Medium: nginx

Issue Overview: NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and...

5.7CVSS6.8AI score0.0032EPSS
Exploits0
Amazon
Amazon
added 2024/09/04 12:0 a.m.4 views

Medium: nginx

Issue Overview: NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and...

5.7CVSS6.7AI score0.0032EPSS
Exploits0
OSV
OSV
added 2024/08/30 11:8 a.m.5 views

OESA-2024-2065 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its...

5.7CVSS6.9AI score0.0032EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2024/08/16 12:12 a.m.154 views

CVE-2024-7347

A flaw was found in the ngxhttpmp4module module of Nginx. Processing a specially crafted MP4 file can trigger a buffer over-read and cause the nginx process to terminate, resulting in a denial of service. Mitigation Restrict publishing of audio and video to trusted users only...

4.7CVSS4.8AI score0.0032EPSS
Exploits0References4
OSV
OSV
added 2024/08/14 3:15 p.m.4 views

AZL-47789 CVE-2024-7347 affecting package nginx for versions less than 1.25.4-2

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and the mp4 directi...

4.7CVSS6.7AI score0.0032EPSS
Exploits0References1
OSV
OSV
added 2024/08/14 3:15 p.m.3 views

ALPINE-CVE-2024-7347

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and the mp4 directi...

4.7CVSS6.8AI score0.0032EPSS
Exploits0References1
OSV
OSV
added 2024/08/14 3:15 p.m.4 views

DEBIAN-CVE-2024-7347

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and the mp4 directi...

4.7CVSS6.4AI score0.0032EPSS
Exploits0References1
OSV
OSV
added 2024/08/14 3:15 p.m.36 views

CVE-2024-7347

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and the mp4 directi...

4.7CVSS6.6AI score
Exploits0References3
OSV
OSV
added 2024/08/14 3:15 p.m.11 views

UBUNTU-CVE-2024-7347

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and the mp4 directi...

5.7CVSS6.7AI score0.0032EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/08/14 2:32 p.m.39 views

CVE-2024-7347 NGINX MP4 module vulnerability

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and the mp4 directi...

5.7CVSS0.0032EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/14 2:32 p.m.52 views

CVE-2024-7347 NGINX MP4 module vulnerability

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and the mp4 directi...

5.7CVSS6.9AI score0.0032EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2024/08/14 2:32 p.m.20 views

CVE-2024-7347

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and the mp4 directi...

5.7CVSS7.2AI score0.0032EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/08/14 12:0 a.m.12 views

PT-2024-5858

Name of the Vulnerable Software and Affected Versions NGINX Open Source and NGINX Plus versions prior to 1.26.2 NGINX Open Source and NGINX Plus versions prior to 1.27.1 Description The issue is related to a buffer overread vulnerability in the ngx http mp4 module, which might allow an attacker t...

9.8CVSS8.2AI score0.99999EPSS
Exploits43References125
Rows per page
Query Builder