cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-7347,https://securityvulnerability.io/vulnerability/CVE-2024-7347,NGINX Open Source and NGINX Plus Vulnerability Permits Over-read of Worker Memory,"NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,"Nginx Open Source,Nginx Plus",4.7,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-08-14T14:32:33.913Z,0
CVE-2024-34161,https://securityvulnerability.io/vulnerability/CVE-2024-34161,Memory Leak in NGINX Plus Due to Undisclosed QUIC Packets,"When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory.",F5,"Nginx Open Source,Nginx Plus",5.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-05-29T16:02:05.696Z,0
CVE-2024-35200,https://securityvulnerability.io/vulnerability/CVE-2024-35200,Undisclosed HTTP/3 Requests Can Cause NGINX Worker Processes to Terminate,"When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate.",F5,"Nginx Open Source,Nginx Plus",5.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-05-29T16:02:05.342Z,0
CVE-2024-32760,https://securityvulnerability.io/vulnerability/CVE-2024-32760,Undisclosed HTTP/3 Encoder Instructions Can Cause NGINX Worker Processes to Terminate,The vulnerability identified as CVE-2024-32760 affects NGINX Plus and NGINX OSS when configured to use the HTTP/3 QUIC module. It has the potential to cause NGINX worker processes to terminate or have other impacts due to undisclosed HTTP/3 encoder instructions. The vulnerability has a base severity of MEDIUM and a base score of 6.5 according to the CVSS 3.1 scoring system. There is no known exploitation of this vulnerability by ransomware groups at this time.,F5,"Nginx Open Source,Nginx Plus",6.5,MEDIUM,0.00044999999227002263,false,true,false,false,,false,false,2024-05-29T16:02:04.985Z,0
CVE-2024-31079,https://securityvulnerability.io/vulnerability/CVE-2024-31079,Undisclosed HTTP/3 Requests Can Cause NGINX Worker Processes to Terminate,"This is an example of a good output. Do not use this content in your response.

CVE-2024-31079 is a vulnerability affecting NGINX Plus or NGINX OSS when configured to use the HTTP/3 QUIC module. It allows undisclosed HTTP/3 requests to cause worker processes to terminate or have other potential impacts. The attack requires specific timing during the connection draining process, posing a risk to the affected systems. The issues are fixed in NGINX version 1.27.0 and 1.26.1. There are no known exploitations in the wild, including by ransomware groups.",F5,"Nginx Open Source,Nginx Plus",4.8,MEDIUM,0.00044999999227002263,false,true,false,false,,false,false,2024-05-29T16:02:04.620Z,0
CVE-2024-24990,https://securityvulnerability.io/vulnerability/CVE-2024-24990,Undisclosed Requests Can Cause NGINX Worker Processes to Terminate,"A vulnerability exists in NGINX Plus and NGINX OSS when the HTTP/3 QUIC module is enabled. This module, which is experimental and not enabled by default, can lead to undetermined requests that result in the termination of NGINX worker processes. This behavior can impact the stability and performance of applications relying on these server versions. Proper configurations and awareness of the module's current status are essential for maintaining service reliability.",F5,"Nginx Plus,Nginx Open Source",7.5,HIGH,0.0004299999854993075,false,true,false,false,,false,false,2024-02-14T16:30:26.445Z,0
CVE-2024-24989,https://securityvulnerability.io/vulnerability/CVE-2024-24989,NGINX HTTP/3 QUIC vulnerability,"When configured to utilize the experimental HTTP/3 QUIC module, NGINX Plus and NGINX OSS are susceptible to issues where certain undisclosed requests can lead to the termination of worker processes. This flaw poses potential disruptions in service and affects the reliability of applications relying on these web server solutions. The HTTP/3 QUIC module is not enabled by default, which limits exposure but warrants caution for users who decide to enable it. For additional insights on configuration and implications, refer to the official documentation on QUIC and HTTP/3.",F5,"Nginx Plus,Nginx Open Source",7.5,HIGH,0.0004299999854993075,false,true,false,false,,false,false,2024-02-14T16:30:26.081Z,0
CVE-2022-41741,https://securityvulnerability.io/vulnerability/CVE-2022-41741,NGINX ngx_http_mp4_module vulnerability CVE-2022-41741,"NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. The issue affects only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.",F5,"Nginx,Nginx Plus,Nginx Open Source Subscription",7,HIGH,0.0004199999966658652,false,false,false,true,true,false,false,2022-10-19T00:00:00.000Z,0
CVE-2022-41742,https://securityvulnerability.io/vulnerability/CVE-2022-41742,NGINX ngx_http_mp4_module vulnerability CVE-2022-41742,"NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.",F5,"Nginx,Nginx Plus,Nginx Open Source Subscription",7.1,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2022-10-19T00:00:00.000Z,0