F5

Nginx Plus

12 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.3

CVE-2025-53859

  • EPSS 0.13%
  • Published 13.08.2025 14:46:55
  • Last modified 13.08.2025 17:33:46

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a requ...

5.3

CVE-2025-23419

  • EPSS 0.37%
  • Published 05.02.2025 18:15:33
  • Last modified 05.02.2025 20:15:45

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets ht...

4.7

CVE-2024-7347

  • EPSS 0.19%
  • Published 14.08.2024 15:15:31
  • Last modified 05.09.2025 15:42:32

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is b...

7.5

CVE-2024-39792

  • EPSS 0.84%
  • Published 14.08.2024 15:15:26
  • Last modified 19.08.2024 16:20:28

When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

6.5

CVE-2024-32760

  • EPSS 0.21%
  • Published 29.05.2024 16:15:10
  • Last modified 24.01.2025 16:21:55

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.

5.3

CVE-2024-34161

  • EPSS 0.41%
  • Published 29.05.2024 16:15:10
  • Last modified 24.01.2025 16:20:57

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to...

5.3

CVE-2024-35200

  • EPSS 0.19%
  • Published 29.05.2024 16:15:10
  • Last modified 24.01.2025 16:15:15

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate.

4.8

CVE-2024-31079

  • EPSS 0.21%
  • Published 29.05.2024 16:15:09
  • Last modified 24.01.2025 16:01:04

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the...

7.5

CVE-2024-24989

  • EPSS 0.65%
  • Published 14.02.2024 17:15:15
  • Last modified 13.02.2025 18:17:12

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more informatio...

7.5

CVE-2024-24990

  • EPSS 0.18%
  • Published 14.02.2024 17:15:15
  • Last modified 13.02.2025 18:17:12

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more informatio...