Nginx Plus Security Vulnerabilities and Issues — Nginx Plus CVE List

Lucene search

F5Nginx Plus

10 matches found

CVE•added 2023/10/10 2:15 p.m.•4694 views

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

7.5CVSS8AI score0.94437EPSS

In wild

CVE•added 2024/02/14 5:15 p.m.•425 views

CVE-2024-24989

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://ng...

7.5CVSS7.5AI score0.00646EPSS

CVE•added 2024/08/14 3:15 p.m.•398 views

CVE-2024-7347

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 dir...

5.7CVSS4.7AI score0.00106EPSS

CVE•added 2024/02/14 5:15 p.m.•364 views

CVE-2024-24990

7.5CVSS7.5AI score0.00182EPSS

CVE•added 2024/05/29 4:15 p.m.•338 views

CVE-2024-32760

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.

6.5CVSS6.3AI score0.00208EPSS

CVE•added 2024/05/29 4:15 p.m.•334 views

CVE-2024-31079

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker ...

4.8CVSS5AI score0.00208EPSS

CVE•added 2024/05/29 4:15 p.m.•305 views

CVE-2024-34161

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory.

5.3CVSS5.2AI score0.00405EPSS

CVE•added 2024/05/29 4:15 p.m.•294 views

CVE-2024-35200

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate.

5.3CVSS5.2AI score0.00186EPSS

CVE•added 2024/08/14 3:15 p.m.•92 views

CVE-2024-39792

When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

8.7CVSS7.5AI score0.00731EPSS

CVE•added 2022/10/19 10:15 p.m.•77 views

CVE-2022-41743

NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. The issue affects only NGINX Plus whe...

7CVSS6.9AI score0.00089EPSS