164 matches found
BIT-HUBBLE-UI-2024-28249
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec-eligible traffic between a node's Envoy proxy and pods on other nodes is sen...
BIT-CILIUM-PROXY-2024-28249
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec-eligible traffic between a node's Envoy proxy and pods on other nodes is sen...
CVE-2024-32017
RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The size check in the gcoapdnsserverproxyget function contains a small typo that may lead to a buffer overflow in the subsequent strcpy. In detail, t...
GO-2024-2656 Unencrypted traffic between nodes with IPsec in github.com/cilium/cilium
In Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, traffic that should be IPsec-encrypted between a node's Envoy proxy and pods on other nodes is sent unencrypted, and traffic that should be IPsec-encrypted between a node's DNS proxy and pods on other nodes is sent...
CVE-2024-28249
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec-eligible traffic between a node's Envoy proxy and pods on other nodes is sen...
CVE-2024-28249 Cilium has possible unencrypted traffic between nodes when using IPsec and L7 policies
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec-eligible traffic between a node's Envoy proxy and pods on other nodes is sen...
Unencrypted traffic between nodes when using WireGuard and L7 policies
Impact In Cilium clusters with WireGuard enabled and traffic matching Layer 7 policies: - Traffic that should be WireGuard-encrypted is sent unencrypted between a node's Envoy proxy and pods on other nodes. - Traffic that should be WireGuard-encrypted is sent unencrypted between a node's DNS prox...
PT-2024-22366 · Cilium · Cilium
Name of the Vulnerable Software and Affected Versions: Cilium versions 1.14.0 through 1.14.7 Cilium versions 1.15.0 through 1.15.1 Cilium version 1.14.4 with encryption.wireguard.encapsulate set to false in tunneling mode Description: In Cilium clusters with WireGuard enabled and traffic matching...
openSUSE: Security Advisory for connman (openSUSE-SU-2023:0369-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OPENSUSE-SU-2023:0370-1 Security update for connman
This update for connman fixes the following issues: - Update to 1.42 Fix issue with iwd and signal strength calculation. Fix issue with iwd and handling service removal. Fix issue with iwd and handling new connections. Fix issue with handling default online check URL. Fix issue with handling...
OPENSUSE-SU-2023:0369-1 Security update for connman
This update for connman fixes the following issues: Update to 1.42 Fix issue with iwd and signal strength calculation. Fix issue with iwd and handling service removal. Fix issue with iwd and handling new connections. Fix issue with handling default online check URL. Fix issue with handling...
GLSA-202310-21 : ConnMan: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202310-21 ConnMan: Multiple Vulnerabilities - An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an...
SUSE CVE-2022-23097
An issue was discovered in the DNS proxy in Connman through 1.40. forwarddnsreply mishandles a strnlen call, leading to an out-of-bounds read...
SUSE CVE-2022-23096
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read...
SUSE CVE-2022-23098
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received...
Debian dla-3144 : connman - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3144 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3144-1 [email protected]...
Debian DSA-5231-1 : connman - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5231 advisory. Several vulnerabilities were discovered in ConnMan, a network manager for embedded devices, which could result in denial of service or the execution of arbitrary...
Domain Name Relay Daemon 安全漏洞
Domain Name Relay Daemon DNRD is a Sourceforge open source caching, forwarding DNS proxy server. A security vulnerability exists in DNRD Domain Name Relay Daemon version 2.20.3, which stems from a domain name and its associated IP address being cached in its misinterpreted form, where the...
dproxy 安全漏洞
dproxy is an intelligent caching DNS proxy by Matthew Pratt, a personal developer. A security vulnerability exists in dproxy that stems from setting the CD aka Check Disabled bit to 1, which causes the DNSSEC protection provided by the upstream resolver to be disabled...
[SECURITY] Fedora 35 Update: dnscrypt-proxy-2.1.1-4.fc35
A flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2 and DNS-over-HTTP/2. Features: - DNS traffic encryption and authentication. Supports DNS-over-HTTPS DoH and DNSCrypt. - DNSSEC compatible - DNS query monitoring, with separate log files for regular and...