CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

72 matches found

NVD•added 2024/11/29 7:15 p.m.•17 views

CVE-2024-52003

Traefik pronounced traffic is an HTTP reverse proxy and load balancer. There is a vulnerability in Traefik that allows the client to provide the X-Forwarded-Prefix header from an untrusted source. This issue has been addressed in versions 2.11.14 and 3.2.1. Users are advised to upgrade. There are...

6.3CVSS0.0024EPSS

Exploits0References4

Vulnrichment•added 2024/11/29 6:15 p.m.•17 views

CVE-2024-52003 X-Forwarded-Prefix Header still allows for Open Redirect in traefik

6.3CVSS6.8AI score0.0024EPSS

Exploits0References4

NVD•added 2024/11/12 5:15 p.m.•16 views

CVE-2024-52010

Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH...

8.6CVSS0.00901EPSS

Exploits0References3

Cvelist•added 2024/11/12 4:6 p.m.•19 views

CVE-2024-52010 Zoraxy has an authenticated command injection in the Web SSH feature

8.6CVSS0.00901EPSS

Exploits0References3

OSV•added 2024/11/12 4:6 p.m.•20 views

CVE-2024-52010 Zoraxy has an authenticated command injection in the Web SSH feature

8.6CVSS9.7AI score0.00901EPSS

Exploits0References5

AlpineLinux•added 2024/07/05 6:15 p.m.•15 views

CVE-2024-39321

Traefik is an HTTP reverse proxy and load balancer. Versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3 have a vulnerability that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Versions 2.11.6, 3.0.4, and 3.1.0-rc3 contain a patc...

7.5CVSS7.2AI score0.00177EPSS

Exploits0

NVD•added 2024/07/05 6:15 p.m.•17 views

CVE-2024-39321

7.5CVSS0.00177EPSS

Exploits0References4

OSV•added 2024/07/05 5:32 p.m.•1 views

CVE-2024-39321 Traefik vulnerable to bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes

7.5CVSS7.3AI score0.00177EPSS

Exploits0References6

Vulnrichment•added 2024/07/05 5:32 p.m.•18 views

CVE-2024-39321 Traefik vulnerable to bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes

7.5CVSS6.8AI score0.00177EPSS

Exploits0References4

CVE•added 2024/07/05 5:32 p.m.•54 views

CVE-2024-39321

Traefik vulnerability CVE-2024-39321 affects Traefik versions prior to 2.11.14 and 3.2.1, where the API/dashboard validates X-Forwarded-Prefix but can be bypassed by a crafted header, potentially enabling cache poisoning. Remediation: upgrade to Traefik 2.11.14+ or 3.2.1+. Exploitation status not...

7.5CVSS7.3AI score0.00177EPSS

Exploits0References4Affected Software1

NVD•added 2023/12/04 9:15 p.m.•10 views

CVE-2023-47633

Traefik is an open source HTTP reverse proxy and load balancer. The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. This issue has been addressed in versions...

7.5CVSS0.00833EPSS

Exploits1References3

AlpineLinux•added 2023/12/04 9:15 p.m.•18 views

CVE-2023-47633

7.5CVSS6.9AI score0.00833EPSS

Exploits1

Prion•added 2023/12/04 9:15 p.m.•16 views

Improper access control

Traefik is an open source HTTP reverse proxy and load balancer. When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates RFC 7230 because in the origin-form the URL should only contain the absolute path...

6.4CVSS6.9AI score0.00128EPSS

Exploits1References4Affected Software1

CVE•added 2023/12/04 8:36 p.m.•384 views

CVE-2023-47633

CVE-2023-47633 affects the Traefik Docker image when it serves as its own backend, triggered by an automatically generated route from Docker integration in default configuration. The issue causes 100% CPU usage, leading to a denial of service-like impact on the affected instance. The vulnerabilit...

7.5CVSS7.5AI score0.00833EPSS

Exploits1References3Affected Software1

OSV•added 2023/12/04 8:36 p.m.•15 views

CVE-2023-47633 Uncontrolled Resource Consumption in Traefik

7.5CVSS6.8AI score0.00833EPSS

Exploits1References5

Cvelist•added 2023/12/04 8:36 p.m.•15 views

CVE-2023-47633 Uncontrolled Resource Consumption in Traefik

7.5CVSS7.6AI score0.00833EPSS

Exploits1References3

CVE•added 2023/12/04 8:20 p.m.•383 views

CVE-2023-47124

CVE-2023-47124 describes a DoS vector in Traefik when using HTTPChallenge to obtain/renew Let’s Encrypt TLS certificates: the 50-second delay allowed solving the challenge can be abused for a slowloris-style attack. Public details in the initial document specify impacts as a server availability r...

5.9CVSS5.8AI score0.00227EPSS

Exploits0References8Affected Software1

OpenVAS•added 2023/12/02 12:0 a.m.•18 views

Fedora: Security Advisory for golang-github-openprinting-ipp-usb (FEDORA-2023-ce2836acfa)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS7.1AI score0.00331EPSS

Exploits0References2

OSV•added 2023/04/14 6:15 p.m.•26 views

CVE-2023-29013 HTTP header parsing could cause a deny of service

Traefik pronounced traffic is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This...

7.5CVSS6.5AI score0.03393EPSS

Exploits0References7

AlpineLinux•added 2023/04/14 6:15 p.m.•37 views

CVE-2023-29013

7.5CVSS7.4AI score0.03393EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by