Lucene search
+L

4 matches found

Oracle linux
Oracle linux
added 2024/04/26 12:0 a.m.33 views

cri-o security update

cri-o 1.26.4-2 - Address CVE-2024-24786 cri-tools 1.26.1-5 - Address CVE-2024-24786 etcd 3.5.10-3 - Address protobuf CVE-2024-24786 3.5.10-1 - Added Oracle specific build files istio 1.17.8-3 - Address protobuf CVE-2024-24786 - Backport from 1.19.7 to address CVE-2024-23322, CVE-2024-23323,...

7.5CVSS7.4AI score0.01262EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/03/06 12:0 a.m.25 views

Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2024-034)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.27.3.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2024-034 advisory. Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happ...

8.6CVSS6.7AI score0.00751EPSS
Exploits0References12
Amazon
Amazon
added 2024/03/05 12:0 a.m.11 views

Important: ecs-service-connect-agent

Issue Overview: Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedgeonpertrytimeout is enabled, 2. pertryidletimeout is enabled it can only be done in configuration, 3...

8.6CVSS7.1AI score0.00751EPSS
Exploits0
CVE
CVE
added 2024/02/09 10:48 p.m.114 views

CVE-2024-23324

Envoy CVE-2024-23324: External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to ext_authz, bypassing ext_authz checks when failure_mode_allow is true. Affects Envoy’s ext_authz handling; impact is limited to bypass of authorization fo...

8.6CVSS7.4AI score0.006EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder