Vulnerabilities > F5 > Nginx Ingress Controller > High

DATE CVE VULNERABILITY TITLE RISK
2023-10-10 CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. 7.5
2022-10-19 CVE-2022-41741 Out-of-bounds Write vulnerability in multiple products
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file.
local
low complexity
f5 fedoraproject debian CWE-787
7.8
2022-10-19 CVE-2022-41742 Out-of-bounds Write vulnerability in multiple products
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file.
local
low complexity
f5 fedoraproject debian CWE-787
7.1
2022-10-19 CVE-2022-41743 Out-of-bounds Write vulnerability in F5 Nginx Ingress Controller and Nginx Plus
NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file.
local
high complexity
f5 CWE-787
7.0