Nginx Plus

DATE	CVE	VULNERABILITY TITLE	RISK
2024-08-14	CVE-2024-39792	Operation on a Resource after Expiration or Release vulnerability in F5 Nginx Plus R30/R31/R32 When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. network low complexity f5 CWE-672	7.5
2024-08-14	CVE-2024-7347	Out-of-bounds Read vulnerability in F5 Nginx Open Source and Nginx Plus NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. local high complexity f5 CWE-125	4.7
2023-10-10	CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. network low complexity ietf nghttp2 netty envoyproxy eclipse caddyserver golang f5 apache apple grpc microsoft nodejs dena facebook amazon debian kazu-yamamoto istio varnish-cache-project traefik projectcontour linkerd linecorp redhat fedoraproject netapp akka konghq jenkins openresty cisco	7.5
2022-10-19	CVE-2022-41743	Out-of-bounds Write vulnerability in F5 Nginx Ingress Controller and Nginx Plus NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. local high complexity f5 CWE-787	7.0