Lucene search
K

130 matches found

Prion
Prion
added 2020/08/05 9:15 p.m.16 views

Code injection

In Contour Ingress controller for Kubernetes before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane. GET requests to /shutdown on port 8090 of the Envoy pod initiate Envoy's shutdown procedure. The shutdown procedure includes...

5CVSS7.5AI score0.01375EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/08/05 8:15 p.m.27 views

CVE-2020-15127 Denial of service in Contour

In Contour Ingress controller for Kubernetes before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane. GET requests to /shutdown on port 8090 of the Envoy pod initiate Envoy's shutdown procedure. The shutdown procedure includes...

7.5CVSS7.5AI score0.01375EPSS
Exploits0References2
CVE
CVE
added 2020/08/05 8:15 p.m.42 views

CVE-2020-15127

Contour (Ingress controller for Kubernetes) prior to version 1.7.0 is affected by a DoS that lets a network attacker shut down all Envoy instances. The vulnerability arises from an unauthenticated /shutdown endpoint on port 8090 of the Envoy pod, which triggers Envoy shutdown and flips the readin...

7.5CVSS7.5AI score0.01375EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2020/08/05 8:15 p.m.3 views

CVE-2020-15127

In Contour Ingress controller for Kubernetes before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane. GET requests to /shutdown on port 8090 of the Envoy pod initiate Envoy's shutdown procedure. The shutdown procedure includes...

7.5CVSS7.5AI score0.01375EPSS
Exploits0References2
Prion
Prion
added 2019/05/06 8:29 p.m.14 views

Design/Logic Flaw

An issue was discovered in the Ascensia Contour NEXT ONE application for iOS and Android before 2019-01-15. An attacker may retrieve encrypted medical information of any user of the Ascensia cloud platform by performing Direct Object References with a series of user ID values. This information ca...

5CVSS4.9AI score0.01142EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2019/05/06 8:29 p.m.17 views

Information disclosure

An issue was discovered in the Ascensia Contour NEXT ONE app for iOS before 2019-01-15. An attacker may proxy communications between the app and Ascensia backend servers because of a weak certificate-pinning implementation, leading to disclosure of medical information...

5CVSS7.1AI score0.00962EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2019/05/06 8:29 p.m.12 views

CVE-2018-18978

An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded encryption key. Extraction of the encryption key is necessary for deciphering communications between this application and the backend server. This, in combination with...

7.4CVSS7.2AI score0.00734EPSS
Exploits1References1
Prion
Prion
added 2019/05/06 8:29 p.m.18 views

Design/Logic Flaw

An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded encryption key. Extraction of the encryption key is necessary for deciphering communications between this application and the backend server. This, in combination with...

5.8CVSS7.2AI score0.00734EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2019/05/06 8:29 p.m.15 views

Design/Logic Flaw

An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded initialization vector. Extraction of the initialization vector is necessary for deciphering communications between this application and the backend server. This, in...

5.8CVSS7.2AI score0.01174EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2019/05/06 8:29 p.m.12 views

CVE-2018-18976

An issue was discovered in the Ascensia Contour NEXT ONE application for iOS and Android before 2019-01-15. An attacker may retrieve encrypted medical information of any user of the Ascensia cloud platform by performing Direct Object References with a series of user ID values. This information ca...

5.3CVSS4.9AI score0.01142EPSS
Exploits1References1
Prion
Prion
added 2019/05/06 8:29 p.m.18 views

Design/Logic Flaw

An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. An attacker may reverse engineer the codebase to extract sensitive data that contributes to the disclosure of medical information of patients utilizing the Ascensia platform. This occurs because of...

5CVSS7.2AI score0.0158EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2019/05/06 8:29 p.m.4 views

CVE-2018-18978

An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded encryption key. Extraction of the encryption key is necessary for deciphering communications between this application and the backend server. This, in combination with...

7.4CVSS5.8AI score0.00734EPSS
Exploits1References1
OSV
OSV
added 2019/05/06 8:29 p.m.2 views

CVE-2018-18976

An issue was discovered in the Ascensia Contour NEXT ONE application for iOS and Android before 2019-01-15. An attacker may retrieve encrypted medical information of any user of the Ascensia cloud platform by performing Direct Object References with a series of user ID values. This information ca...

5.3CVSS5.8AI score0.01142EPSS
Exploits1References1
NVD
NVD
added 2019/05/06 8:29 p.m.18 views

CVE-2018-18979

An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded initialization vector. Extraction of the initialization vector is necessary for deciphering communications between this application and the backend server. This, in...

7.4CVSS7.2AI score0.01174EPSS
Exploits1References1
OSV
OSV
added 2019/05/06 8:29 p.m.5 views

CVE-2018-18977

An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. An attacker may reverse engineer the codebase to extract sensitive data that contributes to the disclosure of medical information of patients utilizing the Ascensia platform. This occurs because of...

7.5CVSS5.8AI score0.0158EPSS
Exploits1References1
OSV
OSV
added 2019/05/06 8:29 p.m.4 views

CVE-2018-18975

An issue was discovered in the Ascensia Contour NEXT ONE app for iOS before 2019-01-15. An attacker may proxy communications between the app and Ascensia backend servers because of a weak certificate-pinning implementation, leading to disclosure of medical information...

7.5CVSS5.8AI score0.00962EPSS
Exploits1References1
NVD
NVD
added 2019/05/06 8:29 p.m.20 views

CVE-2018-18977

An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. An attacker may reverse engineer the codebase to extract sensitive data that contributes to the disclosure of medical information of patients utilizing the Ascensia platform. This occurs because of...

7.5CVSS7.2AI score0.0158EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/05/06 7:19 p.m.27 views

CVE-2018-18979

An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded initialization vector. Extraction of the initialization vector is necessary for deciphering communications between this application and the backend server. This, in...

7.3AI score0.01174EPSS
Exploits1References1
CVE
CVE
added 2019/05/06 7:19 p.m.56 views

CVE-2018-18979

The CVE-2018-18979 entry documents a vulnerability in the Ascensia Contour NEXT ONE Android app (pre-2019-01-15) caused by a statically coded initialization vector in the app’s crypto. This enables extraction of the IV to decipher communications with the backend server. When combined with another...

7.4CVSS7.2AI score0.01174EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/05/06 7:18 p.m.20 views

CVE-2018-18978

An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded encryption key. Extraction of the encryption key is necessary for deciphering communications between this application and the backend server. This, in combination with...

7.3AI score0.00734EPSS
Exploits1References1
Rows per page
Query Builder