Vulnerabilities > F5 > Nginx Open Source

DATE CVE VULNERABILITY TITLE RISK
2024-08-14 CVE-2024-7347 Out-of-bounds Read vulnerability in F5 Nginx Open Source and Nginx Plus
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file.
local
high complexity
f5 CWE-125
4.7
4.7
2024-05-29 CVE-2024-31079 Out-of-bounds Write vulnerability in multiple products
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact.
network
high complexity
f5 fedoraproject CWE-787
4.8
4.8
2024-05-29 CVE-2024-32760 Out-of-bounds Write vulnerability in multiple products
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.
network
low complexity
f5 fedoraproject CWE-787
6.5
6.5
2024-05-29 CVE-2024-34161 Use After Free vulnerability in multiple products
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory.
network
low complexity
f5 fedoraproject CWE-416
5.3
5.3
2024-05-29 CVE-2024-35200 NULL Pointer Dereference vulnerability in multiple products
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate.
network
low complexity
f5 fedoraproject CWE-476
5.3
5.3
2024-02-14 CVE-2024-24989 NULL Pointer Dereference vulnerability in F5 Nginx Open Source and Nginx Plus
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental.
network
low complexity
f5 CWE-476
7.5
7.5
2024-02-14 CVE-2024-24990 Use After Free vulnerability in F5 Nginx Open Source and Nginx Plus
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental.
network
low complexity
f5 CWE-416
7.5
7.5