212 matches found
Azure Linux 3.0 Security Update: application-gateway-kubernetes-ingress / cf-cli / cni / containerized-data-importer / containernetworking-plugins / gh / keda / kubevirt (CVE-2022-32149)
The version of application-gateway-kubernetes-ingress / cf-cli / cni / containerized-data-importer / containernetworking-plugins / gh / keda / kubevirt installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the...
Azure Linux 3.0 Security Update: application-gateway-kubernetes-ingress / azcopy / blobfuse2 / cert-manager / coredns (CVE-2023-45288)
The version of application-gateway-kubernetes-ingress / azcopy / blobfuse2 / cert-manager / coredns installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45288 advisory. - An attacker May cause an HTTP/...
Azure Linux 3.0 Security Update: application-gateway-kubernetes-ingress / cf-cli / cri-o / csi-driver-lvm / golang / keda / moby-engine / node-problem-detector (CVE-2021-44716)
The version of application-gateway-kubernetes-ingress / cf-cli / cri-o / csi-driver-lvm / golang / keda / moby-engine / node-problem-detector installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-44716...
Azure Linux 3.0 Security Update: cert-manager / cni-plugins / kubevirt / multus / packer / prometheus-adapter (CVE-2023-3978)
The version of cert-manager / cni-plugins / kubevirt / multus / packer / prometheus-adapter installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-3978 advisory. - Text nodes not in the HTML namespace ar...
Azure Linux 3.0 Security Update: application-gateway-kubernetes-ingress / cert-manager / cf-cli / cni / cni-plugins (CVE-2024-45338)
The version of application-gateway-kubernetes-ingress / cert-manager / cf-cli / cni / cni-plugins installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-45338 advisory. - An attacker can craft an input t...
CVE-2024-45338 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.2-3
CVE-2024-45338 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.2-3. A patched version of the package is available...
CVE-2024-45338 affecting package application-gateway-kubernetes-ingress for versions less than 1.4.0-24
CVE-2024-45338 affecting package application-gateway-kubernetes-ingress for versions less than 1.4.0-24. A patched version of the package is available...
CVE-2022-3064 affecting package application-gateway-kubernetes-ingress 1.4.0-27
CVE-2022-3064 affecting package application-gateway-kubernetes-ingress 1.4.0-27. This CVE either no longer is or was never applicable...
CVE-2021-4235 affecting package application-gateway-kubernetes-ingress 1.4.0-27
CVE-2021-4235 affecting package application-gateway-kubernetes-ingress 1.4.0-27. This CVE either no longer is or was never applicable...
CBL Mariner 2.0 Security Update: application-gateway-kubernetes-ingress / cert-manager / cf-cli / cni / cni-plugins (CVE-2024-45338)
The version of application-gateway-kubernetes-ingress / cert-manager / cf-cli / cni / cni-plugins installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-45338 advisory. - An attacker can craft an input t...
AZL-54431 CVE-2024-45338 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.2-3
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...
AZL-52195 CVE-2024-51744 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-1
golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...
CVE-2022-21698 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.2-2
CVE-2022-21698 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.2-2. A patched version of the package is available...
PT-2024-8884 · Juniper Networks · Junos
Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions 20.4 through 20.4R3-S10 Juniper Networks Junos OS versions 21.2 through 21.2R3-S6 Juniper Networks Junos OS versions 21.3 through 21.3R3-S5 Juniper Networks Junos OS versions 21.4 through 21.4R3-S6 Juniper...
DEBIAN-CVE-2024-6162
A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processe...
AZL-42655 CVE-2024-35255 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-1
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability...
PT-2024-18606 · Unknown · Foxmann-Un/Unem Server / Api Gateway
Name of the Vulnerable Software and Affected Versions: FOXMAN-UN/UNEM server / API Gateway affected versions not specified Description: A security issue exists in the FOXMAN-UN/UNEM server / API Gateway, allowing an attacker to execute unintended commands or code on the UNEM server if exploited...
CVE-2024-5590
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. This vulnerability affects unknown code of the file /protocol/iscuser/uploadiscuser.php of the component JSON Content Handler. The manipulation of the argument messagecontent leads to...
CVE-2024-3457
A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/configISCGroupNoCache.php. The manipulation of the argument GroupId leads to sql injection. It is possible to initiate the attack remotely. T...
AZL-38158 CVE-2023-45288 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-1
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...