Lucene search
K

172 matches found

CNNVD
CNNVD
added 2021/07/21 12:0 a.m.4 views

go-proxyproto 处理逻辑错误漏洞

Pires go-proxyproto is Pires an open source application . It provides a secure way to securely transfer connection information functions across multiple layers of NAT or TCP proxies. A processing logic error vulnerability exists in go-proxyproto, which can be exploited to cause a denial of servic...

7.5CVSS7.2AI score0.01648EPSS
Exploits0References5
Snyk
Snyk
added 2021/07/12 1:5 p.m.2 views

Denial of Service (DoS)

Overview github.com/pires/go-proxyproto is a Go library implementation of the PROXY protocol, versions 1 and 2. Affected versions of this package are vulnerable to Denial of Service DoS via creating connections without the proxy protocol header. Details Denial of Service DoS describes a family of...

7.5CVSS7AI score0.01648EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/03/20 12:0 a.m.14 views

Fedora: Security Advisory for golang-github-pires-proxyproto (FEDORA-2021-f5fcd9b0c1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

4.9CVSS5.3AI score0.01871EPSS
Exploits0References2
Fedora
Fedora
added 2021/03/19 8:31 p.m.63 views

[SECURITY] Fedora 34 Update: golang-github-pires-proxyproto-0.5.0-1.fc34

A Go library implementation of the PROXY protocol, versions 1 and 2...

4.9CVSS4.3AI score0.01871EPSS
Exploits0
Fedora
Fedora
added 2021/03/17 2:18 a.m.50 views

[SECURITY] Fedora 33 Update: golang-github-pires-proxyproto-0.5.0-1.fc33

A Go library implementation of the PROXY protocol, versions 1 and 2...

4.9CVSS4.3AI score0.01871EPSS
Exploits0
NVD
NVD
added 2021/03/08 5:15 a.m.25 views

CVE-2021-23351

The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service DoS via the parseVersion1 function. The reader in this package is a default bufio.Reader wrapping a net.Conn. It will read from the connection until it finds a newline. Since no limits are implemented in t...

4.9CVSS0.01871EPSS
Exploits0References6
OSV
OSV
added 2021/03/08 5:15 a.m.6 views

DEBIAN-CVE-2021-23351

The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service DoS via the parseVersion1 function. The reader in this package is a default bufio.Reader wrapping a net.Conn. It will read from the connection until it finds a newline. Since no limits are implemented in t...

4.9CVSS5.3AI score0.01871EPSS
Exploits0References1
OSV
OSV
added 2021/03/08 5:15 a.m.1 views

UBUNTU-CVE-2021-23351

The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service DoS via the parseVersion1 function. The reader in this package is a default bufio.Reader wrapping a net.Conn. It will read from the connection until it finds a newline. Since no limits are implemented in t...

4.9CVSS5.8AI score0.01871EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2021/03/08 4:45 a.m.18 views

CVE-2021-23351

The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service DoS via the parseVersion1 function. The reader in this package is a default bufio.Reader wrapping a net.Conn. It will read from the connection until it finds a newline. Since no limits are implemented in t...

4.9CVSS5AI score0.01871EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2021/03/08 4:40 a.m.6 views

CVE-2021-23351

The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service DoS via the parseVersion1 function. The reader in this package is a default bufio.Reader wrapping a net.Conn. It will read from the connection until it finds a newline. Since no limits are implemented in t...

4.9CVSS5.7AI score0.01871EPSS
Exploits0References9
Snyk
Snyk
added 2021/03/03 2:46 p.m.2 views

Denial of Service (DoS)

Overview github.com/pires/go-proxyproto is a Go library implementation of the PROXY protocol, versions 1 and 2. Affected versions of this package are vulnerable to Denial of Service DoS via the parseVersion1 function. The reader in this package is a default bufio.Reader wrapping a net.Conn. It wi...

4.9CVSS6.9AI score0.01871EPSS
Exploits0References2
CNVD
CNVD
added 2020/12/23 12:0 a.m.8 views

Unspecified vulnerability in Envoy (CNVD-2021-07242)

Envoy is an open source distributed proxy server . A security vulnerability exists in versions prior to Envoy 1.16.1 that stems from logging an incorrect downstream address because it only considers directly connected peers and not the information in the proxy protocol header. This affects cases...

8.8CVSS6.4AI score0.00974EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2020/12/16 2:55 p.m.26 views

CVE-2020-35470

Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter not HTTP filters...

8.8CVSS1.7AI score0.00974EPSS
Exploits0References4
OSV
OSV
added 2020/12/15 1:15 a.m.13 views

CVE-2020-35470

Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter not HTTP filters...

8.8CVSS6.6AI score
Exploits0References3
Prion
Prion
added 2020/12/15 1:15 a.m.16 views

Design/Logic Flaw

Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter not HTTP filters...

5.8CVSS8.5AI score0.00974EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2020/12/15 12:0 a.m.5 views

PT-2020-17336 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.16.1 Description: The issue arises when Envoy logs an incorrect downstream address, considering only the directly connected peer and not the information in the proxy protocol header. This specifically affects...

8.8CVSS8.6AI score0.00974EPSS
Exploits0References10
CNNVD
CNNVD
added 2020/12/14 12:0 a.m.6 views

Envoy 安全漏洞

Envoy is an open source distributed proxy server . A security vulnerability exists in versions prior to Envoy 1.16.1 that stems from logging an incorrect downstream address because it only considers directly connected peers and not the information in the proxy protocol header. This affects cases...

8.8CVSS7.3AI score0.00974EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/04/06 7:28 p.m.3 views

httpd: null-pointer dereference in mod_remoteip

A vulnerability was discovered in Apache httpd, in modremoteip. A trusted proxy using the "PROXY" protocol could send specially crafted headers that can cause httpd to experience a stack buffer overflow or NULL pointer dereference, leading to a crash or other potential consequences. This issue...

7.2CVSS7.3AI score0.52873EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/04/06 7:9 p.m.6 views

httpd: null-pointer dereference in mod_remoteip

A vulnerability was discovered in Apache httpd, in modremoteip. A trusted proxy using the "PROXY" protocol could send specially crafted headers that can cause httpd to experience a stack buffer overflow or NULL pointer dereference, leading to a crash or other potential consequences. This issue...

7.2CVSS7.3AI score0.52873EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2020/04/02 12:0 a.m.270 views

EulerOS Virtualization for ARM 64 3.0.6.0 : httpd (EulerOS-SA-2020-1359)

According to the versions of the httpd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the...

9.1CVSS6.8AI score0.52873EPSS
Exploits1References6
Rows per page
Query Builder