Search CVE reports
11 – 20 of 67 results
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only...
1 affected package
nginx
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| nginx | — | Fixed | Fixed | Fixed | Fixed |
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate.
1 affected package
nginx
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| nginx | — | Not affected | Not affected | Not affected | Not affected |
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX...
1 affected package
nginx
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| nginx | — | Not affected | Not affected | Not affected | Not affected |
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.
1 affected package
nginx
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| nginx | — | Not affected | Not affected | Not affected | Not affected |
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or causeĀ other potential impact. This attack requires that a request...
1 affected package
nginx
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| nginx | — | Not affected | Not affected | Not affected | Not affected |
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental....
1 affected package
nginx
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| nginx | — | Not affected | Not affected | Not affected | Not affected |
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental....
1 affected package
nginx
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| nginx | — | Not affected | Not affected | Not affected | Not affected |
Some fixes available 33 of 46
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
14 affected packages
haproxy, tomcat10, tomcat9, trafficserver, h2o...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| haproxy | Not affected | Not affected | Not affected | Not affected | Fixed |
| tomcat10 | Not affected | Not affected | Not in release | Not in release | Ignored |
| tomcat9 | Not affected | Not affected | Fixed | Fixed | Fixed |
| trafficserver | Not in release | Not affected | Fixed | Fixed | Not affected |
| h2o | Not in release | Not affected | Fixed | Fixed | Fixed |
| tomcat8 | Not in release | Not in release | Not in release | Not in release | Fixed |
| dotnet6 | Not in release | Not in release | Fixed | Not in release | Not in release |
| dotnet7 | Not in release | Not in release | Fixed | Not in release | Not in release |
| dotnet8 | Not in release | Fixed | Not affected | Not in release | Not in release |
| nginx | Not affected | Not affected | Not affected | Not affected | Not affected |
| nghttp2 | Not affected | Not affected | Fixed | Fixed | Fixed |
| nodejs | Not affected | Not affected | Fixed | Fixed | Fixed |
| netty | Not affected | Not affected | Fixed | Fixed | Not affected |
| dnsdist | Not affected | Not affected | Fixed | Not affected | Not affected |
The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information...
1 affected package
nginx
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| nginx | — | — | Not affected | Not affected | Not affected |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
1 affected package
nginx
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| nginx | — | — | Not affected | Not affected | Not affected |