Lucene search
+L

42 matches found

Tenable Nessus
Tenable Nessus
added 2024/11/13 12:0 a.m.19 views

Amazon Linux 2 : ecs-service-connect-agent, --advisory ALAS2ECS-2024-045 (ALASECS-2024-045)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.29.9.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2024-045 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-report...

6.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/07/23 12:0 a.m.16 views

Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2024-038)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.29.6.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2024-038 advisory. dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context du...

7.5CVSS5.5AI score0.00431EPSS
Exploits0References4
Amazon
Amazon
added 2024/07/22 12:0 a.m.8 views

Important: ecs-service-connect-agent

Issue Overview: dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the nlohmann JSON library. However, due to the way the JSON library is invoked, it throws a...

7.5CVSS6.8AI score0.00431EPSS
Exploits0
Amazon
Amazon
added 2024/07/22 12:0 a.m.10 views

Important: ecs-service-connect-agent

Issue Overview: dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the nlohmann JSON library. However, due to the way the JSON library is invoked, it throws a...

7.5CVSS7.2AI score0.00431EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/07/22 12:0 a.m.11 views

Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2024-655)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-655 advisory. dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the nlohmann...

7.5CVSS5.4AI score0.00431EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/06/24 12:0 a.m.30 views

Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2024-037)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.29.5.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2024-037 advisory. Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling...

8.2CVSS7.1AI score0.00693EPSS
Exploits6References18
Tenable Nessus
Tenable Nessus
added 2024/06/24 12:0 a.m.55 views

Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2024-647)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-647 advisory. 2024-07-17: CVE-2024-30255 was added to this advisory. Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a serve...

8.2CVSS7.4AI score0.8781EPSS
Exploits7References20
Tenable Nessus
Tenable Nessus
added 2024/03/06 12:0 a.m.25 views

Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2024-034)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.27.3.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2024-034 advisory. Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happ...

8.6CVSS6.7AI score0.00751EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2024/03/06 12:0 a.m.44 views

Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2024-543)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-543 advisory. Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1...

8.6CVSS6.6AI score0.00751EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2023/11/04 12:0 a.m.66 views

Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2023-420)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-420 advisory. An issue was found in libcurl which allows cookies to be inserted into a running program if specific conditions are met. The libcurl provided function, curleasyduphandle, is used to duplicate t...

8.1CVSS7.6AI score0.99999EPSS
Exploits20References8
Tenable Nessus
Tenable Nessus
added 2023/11/01 12:0 a.m.40 views

Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2023-016)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.27.2.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-016 advisory. An issue was found in libcurl which allows cookies to be inserted into a running program if specif...

8.1CVSS7.7AI score0.99999EPSS
Exploits20References8
Amazon
Amazon
added 2023/10/17 12:0 a.m.19 views

Important: ecs-service-connect-agent

Issue Overview: An issue was found in libcurl which allows cookies to be inserted into a running program if specific conditions are met. The libcurl provided function, curleasyduphandle, is used to duplicate the easyhandle associated with a transfer. If a duplicated transfer's easyhandle has...

8.1CVSS8AI score0.99999EPSS
Exploits20
Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.33 views

Amazon Linux 2 : ecs-service-connect-agent, --advisory ALAS2ECS-2023-007 (ALASECS-2023-007)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.27.0.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-007 advisory. Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1,...

8.8CVSS6.7AI score0.01577EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2023/09/20 12:0 a.m.28 views

Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2023-344)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-344 advisory. Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1, Wasmtime's implementation of managing per-instance state, such as tables and memories, contains...

8.8CVSS6.6AI score0.01577EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2023/09/06 12:0 a.m.32 views

Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2023-006)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.26.4.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-006 advisory. Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to...

9.8CVSS7.4AI score0.01288EPSS
Exploits3References12
Tenable Nessus
Tenable Nessus
added 2023/08/24 12:0 a.m.24 views

Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2023-300)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-300 advisory. Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct...

9.8CVSS7.3AI score0.01288EPSS
Exploits3References12
Tenable Nessus
Tenable Nessus
added 2023/07/14 12:0 a.m.56 views

Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2023-003)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.25.4.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-003 advisory. Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to...

9.8CVSS6.8AI score0.00869EPSS
Exploits6References14
OSV
OSV
added 2022/08/04 6:15 p.m.4 views

CVE-2022-33203

In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when a BIG-IP APM access policy with Service Connect agent is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have...

7.5CVSS5.8AI score0.00681EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/08/03 2:0 p.m.2 views

CVE-2022-33203

In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when a BIG-IP APM access policy with Service Connect agent is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have...

7.5CVSS5.8AI score0.00681EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2022/08/03 12:0 a.m.26 views

F5 BIG-IP APM and F5 SSL Orchestrator Denial of Service Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A denial of service vulnerability exists in F5 BIG-IP APM and F5 SSL Orchestrator, which stems from the configuration of an...

7.5CVSS3AI score0.00681EPSS
Exploits0References1
Rows per page
Query Builder