Lucene search
K

10 matches found

OSV
OSV
added 2026/06/30 11:39 p.m.3 views

BIT-ENVOY-2026-47775 Envoy OAuth2 Filter: Padding Oracle via AES-256-CBC Cookie Decryption

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt/decrypt functions use AES-256-CBC without an authentication tag no HMAC, no AEAD. The /callback endpoint returns HTTP 302 on...

6.8CVSS5.8AI score0.00219EPSS
Exploits1References2
NVD
NVD
added 2026/06/26 6:16 p.m.7 views

CVE-2026-48042

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, destructor of JSON Object results in stack overflow when deeply O100K nested objects are present. This vulnerability is fixed in 1.35.11, 1.36.7, 1.37.3, and 1.38.1...

7.5CVSS0.00557EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/26 5:32 p.m.34 views

CVE-2026-48497 Envoy: Abnormal process termination in DNS UDP filter

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, in cases where UDP DNS filter is configured with local resolution containing a name with the length of 255 octets or remote resolution for a name of 255 octets long...

5.9CVSS0.00405EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 5:32 p.m.8 views

EUVD-2026-39821

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, in cases where UDP DNS filter is configured with local resolution containing a name with the length of 255 octets or remote resolution for a name of 255 octets long...

5.9CVSS5.8AI score0.00405EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 5:31 p.m.8 views

EUVD-2026-39820

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.23.0 until 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability has been identified in Envoy's zstd decompressor implementation ZstdDecompressorImpl. When zstd decompression is enabled, processing a...

7.5CVSS5.8AI score0.00486EPSS
Exploits1References1
CVE
CVE
added 2026/06/26 5:29 p.m.20 views

CVE-2026-48042

Envoy (open source edge and service proxy) contains a stack overflow vulnerability in the destructor of a JSON object when processing extremely nested structures. Affected versions are prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1. The issue is fixed in those same release lines (upgrade to 1.35.11...

7.5CVSS5.8AI score0.00557EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/26 5:29 p.m.33 views

CVE-2026-48042 Envoy: Stack overflow in destructor of highly nested JSON

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, destructor of JSON Object results in stack overflow when deeply O100K nested objects are present. This vulnerability is fixed in 1.35.11, 1.36.7, 1.37.3, and 1.38.1...

7.5CVSS0.00557EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52888

Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.35.11 Envoy versions prior to 1.36.7 Envoy versions prior to 1.37.3 Envoy versions prior to 1.38.1 Description A stack overflow occurs during the destructor process of a JSON Object when deeply nested objects, reachin...

7.5CVSS5.8AI score0.00557EPSS
Exploits2References21
Positive Technologies
Positive Technologies
added 2023/10/08 12:0 a.m.6 views

PT-2023-8948 · Mediawiki +2 · Wikibase +2

Name of the Vulnerable Software and Affected Versions: Wikibase extension for MediaWiki versions 1.35.x through 1.35.11 Wikibase extension for MediaWiki versions 1.36.x through 1.39.4 Wikibase extension for MediaWiki versions 1.40.x through 1.40.0 Description: An issue was discovered in the...

9.8CVSS6AI score0.22699EPSS
Exploits27References108
OpenVAS
OpenVAS
added 2023/07/06 12:0 a.m.33 views

MediaWiki < 1.35.11, 1.36.x < 1.38.7, 1.39.x < 1.39.4 Multiple Vulnerabilities - Linux

MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...

7.5CVSS6.7AI score0.01216EPSS
Exploits1References4
Rows per page
Query Builder