Lucene search
K

412 matches found

OSV
OSV
added 2026/06/30 11:39 p.m.4 views

BIT-ENVOY-2026-48090 Envoy HTTP: OAuth2 filter late async token completion after stream teardown (UAF / crash risk)

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, the HTTP OAuth2 filter envoy.filters.http.oauth2 can leave an in-flight async token exchange attached to a downstream stream that has already been torn down. A late...

5.9CVSS6.2AI score0.00579EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52895

Name of the Vulnerable Software and Affected Versions Envoy versions 1.37.0 through 1.37.4 Envoy versions 1.38.0 through 1.38.2 Description The HTTP OAuth2 filter envoy.filters.http.oauth2 can leave an in-flight async token exchange attached to a downstream stream that has already been torn down....

5.9CVSS5.8AI score0.00579EPSS
Exploits1References22
Fedora
Fedora
added 2026/06/24 1:30 a.m.5 views

[SECURITY] Fedora 44 Update: grout-0.16.0-1.fc44

grout stands for Graph Router. In English, "grout" refers to thin mortar that hardens to fill gaps between tiles. grout is a DPDK based network processing application. It uses the rtegraph library for data path processing. Its main purpose is to simulate a network function or a physical router fo...

7.5CVSS5.8AI score0.00389EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/23 7:17 p.m.6 views

CVE-2026-54762

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to fail open. When an Ingress explicitly enables BasicAuth or DigestAuth through the supported...

8.6CVSS5.8AI score0.0036EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 7:15 p.m.4 views

CVE-2026-54761

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlis...

6CVSS5.9AI score0.00318EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2026/06/23 7:15 p.m.36 views

CVE-2026-54761 Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlis...

6CVSS0.00318EPSS
Exploits2References3
NVD
NVD
added 2026/06/19 6:17 a.m.14 views

CVE-2026-11752

A vulnerability has been identified in armeria-xds versions 1.38.0 through 1.39.0, where DataSourceStream in the xDS module can resolve control-plane-supplied filenames and environment variables without restriction, allowing a compromised or semi-trusted xDS control plane to read arbitrary local...

5.9CVSS0.00198EPSS
Exploits0References1
OSV
OSV
added 2026/06/18 12:0 a.m.5 views

UBUNTU-CVE-2026-11311

When NGINX Plus is configured as the data plane for NGINX Gateway Fabr...

8.6CVSS5.3AI score0.00567EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.15 views

PT-2026-46407

On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control plane may detect this condition, and attempt to reset the IPsec processing pipeline. After reset traffic may not resume being...

8.7CVSS5.8AI score0.00386EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.8 views

Arista EOS 安全漏洞

Arista EOS is a fully programmable, highly modular Linux-based network operating system developed by the American company Arista. There is a security vulnerability in Arista EOS. This vulnerability arises when configuring IPsec, where specially crafted packets may cause the data plane to stop...

8.7CVSS5.3AI score0.00386EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/05/24 12:0 a.m.15 views

Securing High-Performance Data Transfers: Implementing AES Encryption in RDMA Systems

Remote Direct Memory Access RDMA is a key enabler of high-performance systems, offering low latency, high throughput, and reduced CPU overhead by allowing direct memory-to-memory transfers between machines. However, its design bypasses traditional CPU-mediated security mechanisms, introducing...

5.8AI score
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: Do not update the checksum in bnxtxdpbuildskb. The bnxtrxpkt function updates the ipsummed value at the end if the checksum offload is enabled. When the XDP-MB program is executed and returns XDPPASS, the bnxtxdpbuilds...

5.5CVSS6.4AI score0.00191EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in dpdk

A flaw was discovered in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as auxiliary data to VHOSTUSERGETINFLIGHTFD / VHOSTUSERSETINFLIGHTFD messages that are not closed by the vhost-user slave. By continuously sending such messages, the malicious...

6.5CVSS6.7AI score0.00283EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in dpdk

A flaw in the permissive list of allowed inputs was discovered in DPDK. This issue allows a remote attacker to trigger a denial of service by sending a crafted Vhost header to DPDK...

8.6CVSS7.2AI score0.01772EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in dpdk

NVIDIA’s distribution of the Data Plane Development Kit MLNXDPDK contains a vulnerability in the network stack, where error recovery is not handled properly. This vulnerability can allow a remote attacker to cause denial of service, as well as affect data integrity and confidentiality...

8.6CVSS7AI score0.0188EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2026/05/13 1:25 p.m.16 views

K000161107: BIG-IP tmsh vulnerability CVE-2026-41217

Security Advisory Description A vulnerability exists in an undisclosed BIG-IP TMOS Shell tmsh command that may allow an authenticated attacker with resource administrator or administrator role to execute arbitrary system commands with higher privileges. In Appliance mode deployments, a successful...

8.3CVSS5.8AI score0.00107EPSS
Exploits0Affected Software11
F5 Networks
F5 Networks
added 2026/05/13 1:22 p.m.16 views

K000158978: BIG-IP SSL/TLS vulnerability CVE-2026-40629

Security Advisory Description When SSL profiles are configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections. CVE-2026-40629 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote,...

8.7CVSS6AI score0.00324EPSS
Exploits0Affected Software14
F5 Networks
F5 Networks
added 2026/05/13 1:15 p.m.14 views

K000160857: Appliance mode iControl REST vulnerability CVE-2026-34176

Security Advisory Description When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. CVE-2026-34176 Impact In Appliance mode, this...

8.7CVSS5.9AI score0.00692EPSS
Exploits0Affected Software11
F5 Networks
F5 Networks
added 2026/05/13 1:11 p.m.19 views

K000161027: NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability CVE-2026-42946

Security Advisory Description A vulnerability exists in the ngxhttpscgimodule and ngxhttpuwsgimodule modules that may result in excessive memory allocation or an over-read of data. When scgipass or uwsgipass is configured, an unauthenticated attacker with man-in-the-middle MITM ability to control...

8.3CVSS6.2AI score0.00932EPSS
Exploits0Affected Software9
F5 Networks
F5 Networks
added 2026/05/13 12:32 p.m.19 views

K000150508: BIG-IP BFD vulnerability CVE-2026-34019

Security Advisory Description When Bidirectional Forwarding Detection BFD is configured in Static and Dynamic routing protocols, undisclosed traffic can cause the Traffic Management Microkernel TMM to stop processing BFD packets and cause the configured routing protocol to fail over. CVE-2026-340...

6.3CVSS5.7AI score0.00293EPSS
Exploits0Affected Software11
Rows per page
Query Builder