Lucene search
K

25 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.9 views

Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2026-1893)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1893 advisory. A denial-of-service vulnerability was found in Envoy's HTTP/2 HPACK header compression implementation. A remote attacker could send a specially crafted HTTP/2 request that triggers disproportionately...

7.5CVSS6.2AI score0.00815EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.5 views

Amazon Linux 2 : ecs-service-connect-agent, --advisory ALAS2ECS-2026-126 (ALASECS-2026-126)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.34.13.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2026-126 advisory. A denial-of-service vulnerability was found in Envoy's HTTP/2 HPACK header compression implementation. A...

7.5CVSS6.2AI score0.00815EPSS
Exploits1References4
Amazon
Amazon
added 2026/05/09 12:0 a.m.23 views

Medium: runc

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

9.8CVSS7.4AI score0.00621EPSS
Exploits0
Amazon
Amazon
added 2026/05/05 12:0 a.m.8 views

Medium: ecs-service-connect-agent

Issue Overview: Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envoy allows external clients to manipulate Envoy headers, potentially leading to unauthorized access or other malicious actions within the mesh. This issue arises due to Envoy's defaul...

7.5CVSS7.3AI score0.17301EPSS
Exploits2
Amazon
Amazon
added 2026/05/05 12:0 a.m.10 views

Medium: docker

Issue Overview: Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may...

8.1CVSS5.8AI score0.00387EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/05 12:0 a.m.8 views

Amazon Linux 2 : ecs-service-connect-agent, --advisory ALAS2ECS-2025-093 (ALASECS-2025-093)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.34.4.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2025-093 advisory. There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with...

9.8CVSS6.9AI score0.01218EPSS
Exploits7References26
Tenable Nessus
Tenable Nessus
added 2025/05/01 12:0 a.m.9 views

Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2025-052)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.29.12.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-052 advisory. Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and...

7.5CVSS5.5AI score0.00406EPSS
Exploits0References4
Amazon
Amazon
added 2025/04/16 12:0 a.m.6 views

Medium: ecs-service-connect-agent

Issue Overview: Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy's extproc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the failur...

7.5CVSS6.7AI score0.00406EPSS
Exploits0
Amazon
Amazon
added 2025/04/14 12:0 a.m.10 views

Medium: ecs-service-connect-agent

Issue Overview: Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy's extproc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the failur...

7.5CVSS6.5AI score0.00406EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/02/26 12:0 a.m.10 views

Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2025-047)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.29.12.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-047 advisory. Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions sendOverloadError...

7.5CVSS7.2AI score0.00687EPSS
Exploits1References4
Amazon
Amazon
added 2025/02/25 12:0 a.m.7 views

Important: ecs-service-connect-agent

Issue Overview: Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions sendOverloadError is going to assume the active request exists when envoy.loadshedpoints.http1serverabortdispatch is configured. If activerequest is nullptr, only onMessageBeginImpl is called...

7.5CVSS6.8AI score0.00687EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/11/13 12:0 a.m.19 views

Amazon Linux 2 : ecs-service-connect-agent, --advisory ALAS2ECS-2024-045 (ALASECS-2024-045)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.29.9.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2024-045 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-report...

6.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/07/23 12:0 a.m.16 views

Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2024-038)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.29.6.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2024-038 advisory. dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context du...

7.5CVSS5.5AI score0.00431EPSS
Exploits0References4
Amazon
Amazon
added 2024/07/22 12:0 a.m.9 views

Important: ecs-service-connect-agent

Issue Overview: dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the nlohmann JSON library. However, due to the way the JSON library is invoked, it throws a...

7.5CVSS7.2AI score0.00431EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/07/22 12:0 a.m.11 views

Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2024-655)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-655 advisory. dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the nlohmann...

7.5CVSS5.4AI score0.00431EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/06/24 12:0 a.m.54 views

Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2024-647)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-647 advisory. 2024-07-17: CVE-2024-30255 was added to this advisory. Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a serve...

8.2CVSS7.4AI score0.8781EPSS
Exploits7References20
Tenable Nessus
Tenable Nessus
added 2024/06/24 12:0 a.m.29 views

Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2024-037)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.29.5.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2024-037 advisory. Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling...

8.2CVSS7.1AI score0.00693EPSS
Exploits6References18
Tenable Nessus
Tenable Nessus
added 2024/03/06 12:0 a.m.41 views

Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2024-543)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-543 advisory. Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1...

8.6CVSS6.6AI score0.00751EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2024/03/06 12:0 a.m.24 views

Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2024-034)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.27.3.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2024-034 advisory. Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happ...

8.6CVSS6.7AI score0.00751EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2023/11/01 12:0 a.m.39 views

Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2023-016)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.27.2.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-016 advisory. An issue was found in libcurl which allows cookies to be inserted into a running program if specif...

8.1CVSS7.7AI score0.99999EPSS
Exploits19References8
Rows per page
Query Builder