VYPR

apk package

wolfi/nginx-mainline-mod-mail

pkg:apk/wolfi/nginx-mainline-mod-mail

Vulnerabilities (8)

  • CVE-2025-1695Mar 4, 2025
    affected < 0fixed 0

    In NGINX Unit before version 1.34.2 with the Java Language Module in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. This vulnerability allows a remote attacker to cause a degradation that can lead to a limited denial-of-

  • CVE-2024-34161May 29, 2024
    affected < 1.27.0-r0fixed 1.27.0-r0

    When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory.

  • CVE-2024-35200May 29, 2024
    affected < 1.27.0-r0fixed 1.27.0-r0

    When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate.

  • CVE-2024-32760May 29, 2024
    affected < 1.27.0-r0fixed 1.27.0-r0

    When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.

  • CVE-2024-31079May 29, 2024
    affected < 1.27.0-r0fixed 1.27.0-r0

    When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process,

  • CVE-2024-24990Feb 14, 2024
    affected < 1.25.4-r0fixed 1.25.4-r0

    When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC

  • CVE-2024-24989Feb 14, 2024
    affected < 1.25.4-r0fixed 1.25.4-r0

    When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC

  • CVE-2023-44487HigKEVOct 10, 2023
    affected < 1.25.2-r4fixed 1.25.2-r4

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.