Lucene search
K

154 matches found

NVD
NVD
added 2022/02/22 11:15 p.m.37 views

CVE-2022-21656

Envoy is an open source edge and service proxy, designed for cloud-native applications. The defaultvalidator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This processing allows, for example, an rfc822Na...

7.4CVSS0.00768EPSS
Exploits0References2
NVD
NVD
added 2022/02/22 11:15 p.m.16 views

CVE-2021-43825

Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered dat...

7.5CVSS0.00864EPSS
Exploits0References2
OSV
OSV
added 2022/02/22 11:15 p.m.25 views

CVE-2021-43824

Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions a crafted request crashes Envoy when a CONNECT request is sent to JWT filter configured with regex match. This provides a denial of service attack vector. The only workaround is to not use...

7.5CVSS6.5AI score
Exploits0References2
Prion
Prion
added 2022/02/22 11:15 p.m.23 views

Type confusion

Envoy is an open source edge and service proxy, designed for cloud-native applications. The defaultvalidator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This processing allows, for example, an rfc822Na...

5.8CVSS5.7AI score0.00768EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/02/22 11:15 p.m.30 views

Buffer overflow

Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered dat...

5CVSS7.9AI score0.00864EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/10/19 2:15 p.m.4 views

CVE-2021-30358

Mobile Access Portal Native Applications who's path is defined by the administrator with environment variables may run applications from other locations by the Mobile Access Portal Agent...

7.2CVSS5.8AI score0.27466EPSS
Exploits0References2
CVE
CVE
added 2021/10/19 1:32 p.m.119 views

CVE-2021-30358

CVE-2021-30358 affects Check Point Mobile Access Portal Native Applications when the administrator configures a path with environment variables; the Mobile Access Portal Agent may run an arbitrary application from a crafted location. The issue arises due to how the agent handles environment-varia...

7.2CVSS6.9AI score0.27466EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/07/21 12:0 a.m.4 views

Apple iOS和Apple iPadOS 授权问题漏洞

Apple iOS and Apple iPadOS are products of Apple Inc.Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for iPad tablets.Apple iOS 14.7 and iPadOS 14.7 are vulnerable to an authorization issue in the OS Kernel subsystem logic. Apple iOS 14.7 and iPad...

5.5CVSS5.7AI score0.01112EPSS
Exploits0References8
CNNVD
CNNVD
added 2021/07/21 12:0 a.m.5 views

Apple macOS 安全漏洞

Apple macOS is a specialized operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS that stems from a vulnerability due to improper security restrictions, where a sandboxed process may be able to bypass the sandbox restrictions. The vulnerabilit...

6.5CVSS6.4AI score0.00342EPSS
Exploits0References14
Cvelist
Cvelist
added 2021/06/15 10:0 p.m.52 views

CVE-2021-24037

A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of...

10AI score0.01795EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/05/25 12:0 a.m.5 views

Apple tvOS 权限许可和访问控制问题漏洞

Apple tvOS is an operating system for Smart TVs from Apple. A vulnerability exists in Apple tvOS due to a permissions licensing and access control issue, which arises from an application not properly imposing security restrictions in the "crash report" component. The vulnerability allows native...

5.5CVSS6.2AI score0.00961EPSS
Exploits0References9
CNVD
CNVD
added 2021/04/06 12:0 a.m.7 views

NATS Server Access Control Error Vulnerability

NATS Server is an open source messaging system. The system is mainly used for cloud-native applications, IoT messaging and microservices architecture. An access control error vulnerability exists in NATS Server 2.x before 2.2.0 and JWT library before 2.0.1, which stems from improper handling of...

7.5CVSS6.6AI score0.0146EPSS
Exploits1References1
Imperva Blog
Imperva Blog
added 2021/02/17 6:15 p.m.36 views

Can security and compliance for managed database services be simple?

Actual Tech Media recently released a new entry in its Gorilla Guide series for IT professionals, focused on simplifying security and compliance for Database as a Service DBaaS. The Gorilla Guide To® Securing Database as a Service DBaaS features Imperva Cloud Data Security as a solution to help...

0.4AI score
Exploits0
OSV
OSV
added 2021/02/02 7:15 a.m.38 views

CVE-2020-1896

A stack overflow vulnerability in Facebook Hermes 'builtin apply' prior to commit 86543ac47e59c522976b5632b8bf9a2a4583c7d2 https://github.com/facebook/hermes/commit/86543ac47e59c522976b5632b8bf9a2a4583c7d2 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that th...

9.8CVSS8AI score0.02418EPSS
Exploits0References2
NVD
NVD
added 2021/02/02 7:15 a.m.46 views

CVE-2020-1896

A stack overflow vulnerability in Facebook Hermes 'builtin apply' prior to commit 86543ac47e59c522976b5632b8bf9a2a4583c7d2 https://github.com/facebook/hermes/commit/86543ac47e59c522976b5632b8bf9a2a4583c7d2 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that th...

9.8CVSS0.02418EPSS
Exploits0References2
Prion
Prion
added 2021/02/02 7:15 a.m.30 views

Stack overflow

A stack overflow vulnerability in Facebook Hermes 'builtin apply' prior to commit 86543ac47e59c522976b5632b8bf9a2a4583c7d2 https://github.com/facebook/hermes/commit/86543ac47e59c522976b5632b8bf9a2a4583c7d2 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that th...

6.8CVSS9.7AI score0.02418EPSS
Exploits0References2Affected Software1
Akamai Blog
Akamai Blog
added 2020/11/09 2:0 p.m.28 views

The Origin Is No More

Over the last 15 years, there's been a paradigm shift. Long gone are the days when you built and managed your own data center, were responsible for the physical hardware and the management overhead, and endured the high capital investment of the build and maintenance. As soon as central cloud...

6.8AI score
Exploits0
OSV
OSV
added 2020/10/26 9:15 p.m.41 views

CVE-2020-1915

An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application...

7.5CVSS6.8AI score0.01584EPSS
Exploits0References2
Prion
Prion
added 2020/10/26 9:15 p.m.25 views

Memory corruption

An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application...

4.3CVSS7.5AI score0.01584EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/10/26 8:20 p.m.52 views

CVE-2020-1915

An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application...

7.5AI score0.01584EPSS
Exploits0References2
Rows per page
Query Builder