Lucene search
K

243 matches found

OpenVAS
OpenVAS
added 2023/05/10 12:0 a.m.16 views

Huawei EulerOS: Security Advisory for haproxy (EulerOS-SA-2023-1870)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS9.3AI score0.05493EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/05/03 12:0 a.m.26 views

Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2023-165)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-165 advisory. Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the client may bypass JSON Web Token JWT...

9.8CVSS6.8AI score0.00869EPSS
Exploits6References14
RedHat Linux
RedHat Linux
added 2023/04/25 10:27 a.m.50 views

Moderate: Red Hat Security Advisory: haproxy security update

An update for haproxy is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

9.1CVSS6.6AI score0.05493EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/04/04 9:36 p.m.30 views

CVE-2023-27491

A flaw was found in Envoy that may allow attackers to send specially crafted HTTP/2 or HTTP/3 requests to trigger parsing errors on the upstream HTTP/1 service...

6.5CVSS8.8AI score0.00869EPSS
Exploits1References4
NVD
NVD
added 2023/04/04 7:15 p.m.12 views

CVE-2023-27491

Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, There is a possibility that non compliant HTTP/1 service may allow malformed request...

9.1CVSS7AI score0.00869EPSS
Exploits1References4
Prion
Prion
added 2023/04/04 7:15 p.m.21 views

Security feature bypass

Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, There is a possibility that non compliant HTTP/1 service may allow malformed request...

6.4CVSS9AI score0.00869EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2023/04/04 6:18 p.m.158 views

CVE-2023-27491

CVE-2023-27491 affects Envoy: a non-compliant HTTP/1 service may allow malformed requests to bypass security policies. The BIT-ENVOY-2023-27491 entry documents that this vulnerability can be triggered in pre‑fix releases and that the issue is fixed in Envoy versions 1.26.0, 1.25.3, 1.24.4, 1.23.6...

9.1CVSS6.9AI score0.00869EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/04/04 6:18 p.m.15 views

CVE-2023-27491 Envoy forwards invalid Http2/Http3 downstream headers

Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, There is a possibility that non compliant HTTP/1 service may allow malformed request...

5.4CVSS7.6AI score0.00869EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2023/03/21 2:50 p.m.58 views

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.12.8 security update

Red Hat OpenShift Container Platform release 4.12.8 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...

9.1CVSS6.7AI score0.05623EPSS
Exploits0References3
F5 Networks
F5 Networks
added 2023/02/21 6:32 p.m.13 views

K97045220: BIG-IP LTM HTTP/2 desync attacks: malicious CRLF placement security exposure

Security Advisory Description Multiple desync attacks have been discovered. For more information refer to the following related articles: K27144609: Overview of HTTP/2 desync attacks K30341203: BIG-IP LTM and NGINX are not exposed to certain desync attacks K63312282: BIG-IP LTM HTTP/2 desync...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/02/18 12:0 a.m.31 views

Debian dla-3318 : haproxy - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3318 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3318-1 [email protected] https://www.debian.org/lts/security/...

9.1CVSS7.4AI score0.05493EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/02/15 12:0 a.m.42 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : HAProxy vulnerability (USN-5869-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5869-1 advisory. Bahruz Jabiyev, Anthony Gavazzi, Engin Kirda, Kaan Onarlioglu, Adi Peleg, and Harvey Tuch discovered that HAProxy incorrectly handled empt...

9.1CVSS7.7AI score0.05493EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2023/02/14 5:0 p.m.96 views

CVE-2023-25725

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some...

9.1CVSS7AI score0.05493EPSS
Exploits0References4
CVE
CVE
added 2023/02/14 12:0 a.m.575 views

CVE-2023-25725

HAProxy URL: CVE-2023-25725 affects HAProxy with HTTP/1 header parsing issues that may allow bypassing access control via request smuggling. The root cause is that the HTTP header parsers can accept empty header field names, potentially truncating the header list and causing headers to disappear ...

9.1CVSS8.9AI score0.05493EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2022/12/03 2:39 p.m.13 views

Cross-Site Request Forgery (CSRF)

github.com/mittwald/kube-httpcache is vulnerable to cross-site request forgery. The vulnerability exists when the HTTP/2 protocol is turned on, allowing an attacker to introduce characters through the HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the...

5.1AI score
Exploits0
Oracle linux
Oracle linux
added 2022/11/28 12:0 a.m.27 views

varnish:6 security update

varnish 6.0.8-2.1 - Resolves: 2142092 - CVE-2022-45060 varnish:6/varnish: Request Forgery Vulnerability 6.0.8-2 - Resolves: 2047650 - CVE-2022-23959 varnish:6/varnish: Varnish HTTP/1 Request Smuggling Vulnerability varnish-modules 0.15.0-6 - Related: 1982862 - rebuild for new varnish version...

9.1CVSS2.8AI score0.01957EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/11/22 12:0 a.m.39 views

Oracle Linux 9 : grafana-pcp (ELSA-2022-8250)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-8250 advisory. 3.2.0-3 - bump NVR Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...

7.5CVSS7.2AI score0.01618EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2022/11/15 12:0 a.m.32 views

Oracle Linux 8 : container-tools:3.0 (ELSA-2022-7529)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7529 advisory. - fixes CVE-2021-3602 - amend CVE-2022-1708 - fix CVE-2022-1708 - thanks to Peter Hunt - fix CVE-2022-27650 - fixes CVE-2021-3602 - rc95 fixes...

8.5CVSS7.3AI score0.06604EPSS
Exploits4References11
RedhatCVE
RedhatCVE
added 2022/11/10 8:56 p.m.29 views

CVE-2022-45060

An HTTP Request Forgery issue was discovered in Varnish Cache. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could be used to exploit...

7.5CVSS0.5AI score0.00928EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2022/11/10 12:0 a.m.12 views

FreeBSD : varnish -- Request Smuggling Vulnerability (b10d1afa-6087-11ed-8c5e-641c67a117d8)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b10d1afa-6087-11ed-8c5e-641c67a117d8 advisory. - Varnish Cache Project reports: A request smuggling attack can be performed on Varnish Cache servers b...

5.8AI score
Exploits0References2
Rows per page
Query Builder