NGNIX — HTTP-сервер, обратный прокси сервер с поддержкой кеширования и балансировки нагрузки, TCP/UDP прокси-сервер, а также почтовый прокси-сервер.
Релизный цикл, информация об уязвимостях
График релизов
Количество 38
CVE-2024-7347
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2024-7347
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2024-35200
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate.
CVE-2024-35200
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...
CVE-2024-34161
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory.
CVE-2024-34161
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...
CVE-2024-32760
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.
CVE-2024-32760
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...
CVE-2024-31079
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker has no visibility and limited influence over.
CVE-2024-31079
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2024-7347 NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | CVSS3: 4.7 | 0% Низкий | больше 1 года назад |
 | CVE-2024-7347 NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | CVSS3: 4.7 | 0% Низкий | больше 1 года назад |
 | CVE-2024-35200 When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate. | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
| CVE-2024-35200 When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ... | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
| CVE-2024-34161 When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory. | CVSS3: 5.3 | 1% Низкий | больше 1 года назад |
| CVE-2024-34161 When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ... | CVSS3: 5.3 | 1% Низкий | больше 1 года назад |
| CVE-2024-32760 When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact. | CVSS3: 6.5 | 0% Низкий | больше 1 года назад |
| CVE-2024-32760 When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ... | CVSS3: 6.5 | 0% Низкий | больше 1 года назад |
| CVE-2024-31079 When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker has no visibility and limited influence over. | CVSS3: 4.8 | 0% Низкий | больше 1 года назад |
| CVE-2024-31079 When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ... | CVSS3: 4.8 | 0% Низкий | больше 1 года назад |
Уязвимостей на страницу