F5

Nginx Plus

27 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.87%
  • Veröffentlicht 29.05.2024 16:15:10
  • Zuletzt bearbeitet 24.01.2025 16:20:57

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to...

  • EPSS 0.85%
  • Veröffentlicht 29.05.2024 16:15:10
  • Zuletzt bearbeitet 24.01.2025 16:21:55

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.

  • EPSS 0.87%
  • Veröffentlicht 29.05.2024 16:15:09
  • Zuletzt bearbeitet 24.01.2025 16:01:04

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the...

  • EPSS 0.91%
  • Veröffentlicht 14.02.2024 17:15:15
  • Zuletzt bearbeitet 13.02.2025 18:17:12

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more informatio...

  • EPSS 1.06%
  • Veröffentlicht 14.02.2024 17:15:15
  • Zuletzt bearbeitet 13.02.2025 18:17:12

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more informatio...

Warnung Medienbericht Exploit
  • EPSS 100%
  • Veröffentlicht 10.10.2023 14:15:10
  • Zuletzt bearbeitet 12.05.2026 15:10:32

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • EPSS 0.21%
  • Veröffentlicht 19.10.2022 22:15:12
  • Zuletzt bearbeitet 21.11.2024 07:23:46

NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or ...