42 matches found
Amazon Linux 2 : ecs-service-connect-agent, --advisory ALAS2ECS-2024-045 (ALASECS-2024-045)
The version of ecs-service-connect-agent installed on the remote host is prior to v1.29.9.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2024-045 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-report...
Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2024-038)
The version of ecs-service-connect-agent installed on the remote host is prior to v1.29.6.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2024-038 advisory. dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context du...
Important: ecs-service-connect-agent
Issue Overview: dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the nlohmann JSON library. However, due to the way the JSON library is invoked, it throws a...
Important: ecs-service-connect-agent
Issue Overview: dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the nlohmann JSON library. However, due to the way the JSON library is invoked, it throws a...
Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2024-655)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-655 advisory. dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the nlohmann...
Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2024-037)
The version of ecs-service-connect-agent installed on the remote host is prior to v1.29.5.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2024-037 advisory. Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling...
Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2024-647)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-647 advisory. 2024-07-17: CVE-2024-30255 was added to this advisory. Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a serve...
Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2024-034)
The version of ecs-service-connect-agent installed on the remote host is prior to v1.27.3.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2024-034 advisory. Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happ...
Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2024-543)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-543 advisory. Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1...
Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2023-420)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-420 advisory. An issue was found in libcurl which allows cookies to be inserted into a running program if specific conditions are met. The libcurl provided function, curleasyduphandle, is used to duplicate t...
Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2023-016)
The version of ecs-service-connect-agent installed on the remote host is prior to v1.27.2.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-016 advisory. An issue was found in libcurl which allows cookies to be inserted into a running program if specif...
Important: ecs-service-connect-agent
Issue Overview: An issue was found in libcurl which allows cookies to be inserted into a running program if specific conditions are met. The libcurl provided function, curleasyduphandle, is used to duplicate the easyhandle associated with a transfer. If a duplicated transfer's easyhandle has...
Amazon Linux 2 : ecs-service-connect-agent, --advisory ALAS2ECS-2023-007 (ALASECS-2023-007)
The version of ecs-service-connect-agent installed on the remote host is prior to v1.27.0.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-007 advisory. Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1,...
Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2023-344)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-344 advisory. Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1, Wasmtime's implementation of managing per-instance state, such as tables and memories, contains...
Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2023-006)
The version of ecs-service-connect-agent installed on the remote host is prior to v1.26.4.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-006 advisory. Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to...
Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2023-300)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-300 advisory. Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct...
Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2023-003)
The version of ecs-service-connect-agent installed on the remote host is prior to v1.25.4.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-003 advisory. Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to...
CVE-2022-33203
In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when a BIG-IP APM access policy with Service Connect agent is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have...
CVE-2022-33203
In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when a BIG-IP APM access policy with Service Connect agent is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have...
F5 BIG-IP APM and F5 SSL Orchestrator Denial of Service Vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A denial of service vulnerability exists in F5 BIG-IP APM and F5 SSL Orchestrator, which stems from the configuration of an...