Vulnerabilities > F5 > Nginx Plus > r30
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-14 | CVE-2024-39792 | Operation on a Resource after Expiration or Release vulnerability in F5 Nginx Plus R30/R31/R32 When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.5 |
| 2024-08-14 | CVE-2024-7347 | Out-of-bounds Read vulnerability in F5 Nginx Open Source and Nginx Plus NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. | 4.7 |
| 2024-05-29 | CVE-2024-31079 | Out-of-bounds Write vulnerability in multiple products When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. | 4.8 |
| 2024-05-29 | CVE-2024-32760 | Out-of-bounds Write vulnerability in multiple products When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact. | 6.5 |
| 2024-05-29 | CVE-2024-34161 | Use After Free vulnerability in multiple products When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory. | 5.3 |
| 2024-05-29 | CVE-2024-35200 | NULL Pointer Dereference vulnerability in multiple products When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate. | 5.3 |
| 2024-02-14 | CVE-2024-24990 | Use After Free vulnerability in F5 Nginx Open Source and Nginx Plus When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. | 7.5 |
| 2023-10-10 | CVE-2023-44487 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 |