27 matches found
EUVD-2020-3162
Malware in sbrugna...
EUVD-2022-6197
Malicious code in bioql PyPI...
EUVD-2022-1049
Malicious code in bioql PyPI...
CVE-2022-24687
HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 clusters with at least one Ingress Gateway allow a user with service:write to register a specifically-defined service that can cause Consul servers to panic. Fixed in 1.9.15, 1.10.8, and 1.11.3...
CVE-2025-30162 East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service implementation and use network policies to block egress traffic from workloads in a namespace to...
CVE-2025-30162
Cilium CVE-2025-30162 affects the eBPF-based dataplane in Cilium when Gateway API for Ingress is used with LB-IPAM or BGP LB services and namespace egress policies. The issue allows egress traffic from workloads governed by such policies to LoadBalancers configured by Gateway resources, while Loa...
Linux Distros Unpatched Vulnerability : CVE-2022-24687
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 clusters with at least one Ingress Gateway allow a user with service:write to...
CVE-2024-7207
Rejected reason: Duplicate of CVE-2024-45806...
CVE-2024-7207
...
CVE-2024-7207
...
PT-2024-38168 · Envoy · Envoy
Name of the Vulnerable Software and Affected Versions: Envoy affected versions not specified Description: A flaw was found in Envoy, allowing modification or manipulation of headers from external clients when pass-through routes are used for the ingress gateway. This issue could enable a maliciou...
GO-2022-0953 HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul
HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul...
Ill-formed headers may lead to unexpected behavior in Istio
Impact Ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing. You are at most risk if you have an Istio ingress Gateway exposed to external traffic. Patches 1.12.8, 1.13.5, 1.14.1 Workarounds No. References More...
CVE-2022-31045 Ill-formed headers may lead to unexpected behavior in Istio
Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing. Users are most likely at risk if they have an Istio ingress...
Denial Of Service (DoS)
github.com/hashicorp/consul is vulnerable to denial of service DoS attacks. A remote attacker with service:write permission is able to register a specifically-crafted service on clusters with at least one ingress gateway configured, resulting in denial of service conditions in the server...
HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers
HashiCorp Consul and Consul Enterprise 1.8.0 through 1.9.14, 1.10.7, and 1.11.2 has Uncontrolled Resource Consumption. Clusters with at least one ingress gateway configured may allow a user with service:write permission to register a specifically-defined service that can cause the Consul server t...
GHSA-HJ93-5FG3-3CHR HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers
HashiCorp Consul and Consul Enterprise 1.8.0 through 1.9.14, 1.10.7, and 1.11.2 has Uncontrolled Resource Consumption. Clusters with at least one ingress gateway configured may allow a user with service:write permission to register a specifically-defined service that can cause the Consul server t...
CVE-2022-24687
HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 clusters with at least one Ingress Gateway allow a user with service:write to register a specifically-defined service that can cause Consul servers to panic. Fixed in 1.9.15, 1.10.8, and 1.11.3...
DEBIAN-CVE-2022-24687
HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 clusters with at least one Ingress Gateway allow a user with service:write to register a specifically-defined service that can cause Consul servers to panic. Fixed in 1.9.15, 1.10.8, and 1.11.3...
Design/Logic Flaw
HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 clusters with at least one Ingress Gateway allow a user with service:write to register a specifically-defined service that can cause Consul servers to panic. Fixed in 1.9.15, 1.10.8, and 1.11.3...