Search CVE reports
1 – 10 of 55 results
CVE-2024-33452
Medium priorityAn issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request.
3 affected packages
lua-nginx-memcached, lua-nginx-redis, lua-nginx-websocket
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| lua-nginx-memcached | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| lua-nginx-redis | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| lua-nginx-websocket | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2025-23419
Medium prioritySome fixes available 4 of 7
When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when ...
1 affected package
nginx
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| nginx | Fixed | Fixed | Fixed | Needs evaluation |
CVE-2024-7347
Medium priorityNGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only...
1 affected package
nginx
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| nginx | Fixed | Fixed | Fixed | Fixed |
CVE-2024-35200
Medium priorityWhen NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate.
1 affected package
nginx
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| nginx | Not affected | Not affected | Not affected | Not affected |
CVE-2024-34161
Medium priorityWhen NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX...
1 affected package
nginx
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| nginx | Not affected | Not affected | Not affected | Not affected |
CVE-2024-32760
Medium priorityWhen NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.
1 affected package
nginx
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| nginx | Not affected | Not affected | Not affected | Not affected |
CVE-2024-31079
Medium priorityWhen NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request...
1 affected package
nginx
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| nginx | Not affected | Not affected | Not affected | Not affected |
CVE-2024-24990
Medium priorityWhen NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental....
1 affected package
nginx
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| nginx | Not affected | Not affected | Not affected | Not affected |
CVE-2024-24989
Medium priorityWhen NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental....
1 affected package
nginx
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| nginx | Not affected | Not affected | Not affected | Not affected |
CVE-2023-44487
High prioritySome fixes available 29 of 42
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
13 affected packages
dotnet6, dotnet7, dotnet8, h2o, haproxy...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dotnet6 | Not in release | Fixed | Not in release | Not in release |
| dotnet7 | Not in release | Fixed | Not in release | Not in release |
| dotnet8 | Fixed | Not affected | Not in release | Not in release |
| h2o | Not affected | Not affected | Not affected | Fixed |
| haproxy | Not affected | Not affected | Not affected | Fixed |
| netty | Not affected | Fixed | Fixed | Not affected |
| nghttp2 | Not affected | Fixed | Fixed | Fixed |
| nginx | Not affected | Not affected | Not affected | Not affected |
| nodejs | Not affected | Fixed | Fixed | Fixed |
| tomcat10 | Not affected | Not in release | Not in release | Ignored |
| tomcat8 | Not in release | Not in release | Not in release | Fixed |
| tomcat9 | Not affected | Fixed | Fixed | Fixed |
| trafficserver | Not affected | Fixed | Fixed | Not affected |