Lucene search
K

4433 matches found

Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.22 views

Fedora 37 : htmltest (2023-0fa7715821)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-0fa7715821 advisory. Security fix for CVE-2022-41717 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

5.3CVSS7.1AI score0.05623EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.31 views

Fedora 38 : htmltest (2023-3baf3f43a0)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-3baf3f43a0 advisory. Security fix for CVE-2022-41717 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

5.3CVSS7.1AI score0.05623EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.54 views

Oracle Linux 8 : haproxy (ELSA-2020-1725)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-1725 advisory. - Fix hapack zero byte input causing overwrite CVE-2020-11100, 1819519 Tenable has extracted the preceding description block directly from the Oracle...

9.8CVSS7AI score0.60727EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2023/09/06 12:0 a.m.28 views

Amazon Linux 2 : amazon-ecr-credential-helper (ALASNITRO-ENCLAVES-2023-029)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.7.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2023-029 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Tenable has extracted th...

7.5CVSS6.9AI score0.04561EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/09/06 12:0 a.m.25 views

Amazon Linux 2 : amazon-ecr-credential-helper (ALASDOCKER-2023-030)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.7.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2023-030 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Tenable has extracted the...

7.5CVSS6.9AI score0.04561EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/09/05 12:0 a.m.29 views

Fedora 37 : exercism (2023-af2e3d1c18)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-af2e3d1c18 advisory. Update to latest version 2228145 Security fix for CVE-2022-3064, CVE-2022-41717 Tenable has extracted the preceding description block directly from...

7.5CVSS7.2AI score0.05623EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/09/05 12:0 a.m.26 views

Fedora 38 : exercism (2023-e82fd2abcb)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-e82fd2abcb advisory. Update to latest version 2228145 Security fix for CVE-2022-3064, CVE-2022-41717 Tenable has extracted the preceding description block directly from...

7.5CVSS7.2AI score0.05623EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/08/24 12:0 a.m.24 views

Amazon Linux 2023 : nerdctl (ALAS2023-2023-313)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-313 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject...

7.5CVSS6.9AI score0.04561EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/08/14 12:0 a.m.47 views

Amazon Linux 2 : containerd (ALASNITRO-ENCLAVES-2023-026)

The version of containerd installed on the remote host is prior to 1.6.19-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2023-026 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Large handshake records may caus...

9.8CVSS7.1AI score0.04561EPSS
Exploits0References28
Tenable Nessus
Tenable Nessus
added 2023/08/14 12:0 a.m.29 views

Amazon Linux AMI : nghttp2 (ALAS-2023-1793)

The version of nghttp2 installed on the remote host is prior to 1.33.0-1.1.7. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1793 advisory. Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's HTTP/2 codec may leak a header map and bookkeeping...

7.5CVSS8.1AI score0.01106EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/08/14 12:0 a.m.26 views

Amazon Linux 2023 : libnghttp2, libnghttp2-devel, nghttp2 (ALAS2023-2023-278)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-278 advisory. Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's HTTP/2 codec may leak a header map and bookkeeping structures upon receiving RSTSTREAM immediately followed by the GOAWAY fram...

7.5CVSS8AI score0.01106EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/08/14 12:0 a.m.27 views

Amazon Linux 2 : nghttp2 (ALAS-2023-2180)

The version of nghttp2 installed on the remote host is prior to 1.41.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2180 advisory. Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's HTTP/2 codec may leak a header map and bookkeeping...

7.5CVSS8.1AI score0.01106EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/08/14 12:0 a.m.81 views

Amazon Linux 2 : nerdctl (ALAS-2023-2193)

The version of nerdctl installed on the remote host is prior to 1.1.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2193 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 The HTTP/1 client does not fully validate the...

7.5CVSS7AI score0.04561EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/08/14 12:0 a.m.29 views

Amazon Linux 2 : cni-plugins (ALAS-2023-2192)

The version of cni-plugins installed on the remote host is prior to 1.2.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2192 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Tenable has extracted the preceding description block...

7.5CVSS6.9AI score0.04561EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/08/14 12:0 a.m.62 views

Amazon Linux 2 : cri-tools (ALAS-2023-2194)

The version of cri-tools installed on the remote host is prior to 1.26.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2194 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 The HTTP/1 client does not fully validate the...

7.5CVSS7AI score0.04561EPSS
Exploits0References6
Amazon
Amazon
added 2023/08/08 12:0 a.m.24 views

Important: nghttp2

Issue Overview: Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's HTTP/2 codec may leak a header map and bookkeeping structures upon receiving RSTSTREAM immediately followed by the GOAWAY frames from an upstream server. In nghttp2, cleanup of pending requests due to...

7.5CVSS7.9AI score0.01106EPSS
Exploits0
Amazon
Amazon
added 2023/08/07 12:0 a.m.27 views

Important: nghttp2

Issue Overview: Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's HTTP/2 codec may leak a header map and bookkeeping structures upon receiving RSTSTREAM immediately followed by the GOAWAY frames from an upstream server. In nghttp2, cleanup of pending requests due to...

7.5CVSS7.9AI score0.01106EPSS
Exploits0
Veracode
Veracode
added 2023/07/27 9:42 a.m.28 views

Authentication Bypass

github.com/envoyproxy/envoy is vulnerable to Authentication Bypass. The library supports mixed-case schemes for HTTP/2; however, internal checks that are case-sensitive may result in rejections or bypasses in unencrypted connections, possibly harming htTp and htTps requests...

8.2CVSS7AI score0.00598EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2023/07/26 4:47 p.m.41 views

CVE-2023-35944

A flaw was found in Envoy that allows for mixed-case schemes in HTTP/2. However, some internal scheme checks in Envoy are case-sensitive, leading to incorrect handling of requests and responses with mixed case schemes. For example, if a request with a mixed scheme HTTP is sent to the OAuth2 filte...

8.2CVSS6.8AI score0.00598EPSS
Exploits1References3
NVD
NVD
added 2023/07/25 7:15 p.m.16 views

CVE-2023-35944

Envoy is an open source edge and service proxy designed for cloud-native applications. Envoy allows mixed-case schemes in HTTP/2, however, some internal scheme checks are case-sensitive. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, this can lead to the rejection of requests wit...

8.2CVSS8.9AI score0.00598EPSS
Exploits1References1
Rows per page
Query Builder