4 matches found
BIT-ENVOY-2026-47774 Envoy vulnerable to HTTP/2 memory exhaustion via cookie header size bypass and HPACK amplification
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability in Envoy's HTTP/2 downstream request processing allows an unauthenticated remote client to trigger excessive memory consumption, potentiall...
IBM MQ 安全漏洞
IBM MQ is a messaging middleware product from International Business Machines IBM. The product focuses on providing a reliable, proven messaging backbone for Service Oriented Architecture SOA. IBM-supplied MQ Advanced container images are standard container images officially provided by IBM,...
UBUNTU-CVE-2020-29511
The encoding/xml package in Go all versions does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...
UBUNTU-CVE-2020-29510
The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...