Vulnerabilities > F5 > Nginx Plus

DATE CVE VULNERABILITY TITLE RISK
2024-08-14 CVE-2024-39792 Operation on a Resource after Expiration or Release vulnerability in F5 Nginx Plus R30/R31/R32
When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
network
low complexity
f5 CWE-672
7.5
2024-08-14 CVE-2024-7347 Out-of-bounds Read vulnerability in F5 Nginx Open Source and Nginx Plus
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file.
local
high complexity
f5 CWE-125
4.7
2023-10-10 CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. 7.5
2022-10-19 CVE-2022-41743 Unspecified vulnerability in F5 Nginx Ingress Controller and Nginx Plus
NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file.
local
high complexity
f5
7.0