CVE search results

1 – 10 of 53 results

Detailed view

Sort by:

CVE-2024-7347

Medium priority

Some fixes available 3 of 6

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only...

1 affected packages

nginx

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
nginx	Fixed	Fixed	Fixed	Vulnerable	Vulnerable

CVE-2024-35200

Medium priority

Not affected

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate.

1 affected packages

nginx

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
nginx	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2024-34161

Medium priority

Not affected

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX...

1 affected packages

nginx

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
nginx	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2024-32760

Medium priority

Not affected

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.

1 affected packages

nginx

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
nginx	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2024-31079

Medium priority

Not affected

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request...

1 affected packages

nginx

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
nginx	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2024-24990

Medium priority

Not affected

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental....

1 affected packages

nginx

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
nginx	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2024-24989

Medium priority

Not affected

1 affected packages

nginx

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
nginx	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2023-44487

High priority

Some fixes available 24 of 78

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

26 affected packages

dotnet6, dotnet7, dotnet8, golang, golang-1.10...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
dotnet6	Not in release	Fixed	Not in release	Not in release	Not in release
dotnet7	Not in release	Fixed	Not in release	Not in release	Not in release
dotnet8	Fixed	Not affected	Not in release	Not in release	Not in release
golang	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
golang-1.13	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
golang-1.14	Not in release	Not in release	Needs evaluation	Not in release	Not in release
golang-1.16	Not in release	Not in release	Needs evaluation	Needs evaluation	Not in release
golang-1.17	Not in release	Needs evaluation	Not in release	Not in release	Not in release
golang-1.18	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
golang-1.19	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.20	Not in release	Fixed	Fixed	Not in release	Not in release
golang-1.21	Not affected	Fixed	Fixed	Not in release	Not in release
golang-1.6	Not in release	Not in release	Not in release	Not in release	Needs evaluation
golang-1.8	Not in release	Not in release	Not in release	Needs evaluation	Not in release
golang-1.9	Not in release	Not in release	Not in release	Needs evaluation	Not in release
h2o	Not affected	Needs evaluation	Needs evaluation	Needs evaluation	Not in release
haproxy	Not affected	Not affected	Not affected	Needs evaluation	Not affected
netty	Not affected	Fixed	Fixed	Not affected	Not affected
nghttp2	Not affected	Fixed	Fixed	Fixed	Fixed
nginx	Not affected	Not affected	Not affected	Not affected	Not affected
nodejs	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tomcat10	Needs evaluation	Not in release	Not in release	Ignored	Ignored
tomcat8	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
tomcat9	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Ignored
trafficserver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2020-21699

Medium priority

Not affected

The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information...

1 affected packages

nginx

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
nginx	—	Not affected	Not affected	Not affected	Not affected

CVE-2022-41742

Medium priority

Fixed

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that...

1 affected packages

nginx

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
nginx	—	Fixed	Fixed	Fixed	Fixed

Export to JSON

Results by page:

Search CVE reports