Nginx Plus Security Vulnerabilities and Issues — Nginx Plus CVE List

Lucene search

F5Nginx Plus

3 matches found

CVE•added 2024/08/14 3:15 p.m.•364 views

CVE-2024-7347

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 dir...

5.7CVSS4.7AI score0.00067EPSS

CVE•added 2024/05/29 4:15 p.m.•266 views

CVE-2024-34161

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory.

5.3CVSS5.2AI score0.00191EPSS

CVE•added 2024/05/29 4:15 p.m.•251 views

CVE-2024-35200

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate.

5.3CVSS5.2AI score0.00077EPSS