Lucene search
K

48 matches found

NVD
NVD
added last week8 views

CVE-2026-47220

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, when the %REQUESTEDSERVERNAMEX:Y% is used in log format and host related options is specified, like HOSTFIRST, SNIFIRST, it's possible to crash Envoy when the specified host...

7.5CVSS0.00665EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added last week3 views

CVE-2026-47220 Envoy: Segmentation fault when using %REQUESTED_SERVER_NAME% in log format

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, when the %REQUESTEDSERVERNAMEX:Y% is used in log format and host related options is specified, like HOSTFIRST, SNIFIRST, it's possible to crash Envoy when the specified host...

7.5CVSS5.8AI score0.00665EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added last week8 views

CVE-2026-47220

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, when the %REQUESTEDSERVERNAMEX:Y% is used in log format and host related options is specified, like HOSTFIRST, SNIFIRST, it's possible to crash Envoy when the specified host...

7.5CVSS5.8AI score0.00665EPSS
Exploits1References2Affected Software1
CVE
CVE
added last week22 views

CVE-2026-47220

The CVE describes a crash in Envoy when using %REQUESTED_SERVER_NAME(X:Y)% in log format with host-related options (e.g., HOST_FIRST, SNI_FIRST) and the specified host header is missing in the request headers. Affected versions are 1.37.0 through 1.37.5 and 1.38.3. The vulnerability arises from t...

7.5CVSS5.8AI score0.00665EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added last week32 views

CVE-2026-47220 Envoy: Segmentation fault when using %REQUESTED_SERVER_NAME% in log format

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, when the %REQUESTEDSERVERNAMEX:Y% is used in log format and host related options is specified, like HOSTFIRST, SNIFIRST, it's possible to crash Envoy when the specified host...

7.5CVSS0.00665EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.6 views

PT-2026-52894

Name of the Vulnerable Software and Affected Versions Envoy versions 1.37.0 through 1.37.4 Envoy versions 1.38.0 through 1.38.2 Description Envoy can crash when the %REQUESTED SERVER NAMEX:Y% variable is used in the log format and host-related options such as HOST FIRST or SNI FIRST are specified...

7.5CVSS5.8AI score0.00665EPSS
Exploits1References22
Cvelist
Cvelist
added 2026/06/17 8:4 p.m.17 views

CVE-2026-50107 NGINX Gateway Fabric vulnerability

When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition CRD access log format...

8.6CVSS0.00492EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 8:4 p.m.9 views

EUVD-2026-37792

When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition CRD access log format...

8.6CVSS5.6AI score0.00492EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 8:4 p.m.74 views

CVE-2026-50107

CVE-2026-50107 : Affects NGINX Plus or NGINX Open Source used as the data plane for NGINX Gateway Fabric. The vulnerability lies in the configuration generator component: user-supplied values from the NginxProxy CRD access log format setting are rendered directly into NGINX configuration template...

8.6CVSS5.7AI score0.00492EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50537

Name of the Vulnerable Software and Affected Versions NGINX Gateway Fabric affected versions not specified Description An injection issue exists in the NGINX configuration generator component of NGINX Gateway Fabric when NGINX Plus or NGINX Open Source is used as the data plane. User-supplied...

8.6CVSS5.4AI score0.00492EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/03/24 7:42 a.m.2 views

CVE-2026-3509

An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service DoS condition...

7.5CVSS5.8AI score0.00353EPSS
Exploits0References2Affected Software15
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-2743

Malicious code in bioql PyPI...

8.8CVSS7.1AI score0.01567EPSS
Exploits0References7
OSV
OSV
added 2025/09/16 7:50 a.m.6 views

SUSE-SU-2025:20717-1 Security update for rust-keylime

This update for rust-keylime fixes the following issues: - Update vendored crate slab to version 0.4.11 CVE-2025-55159: Fixed incorrect bounds check in getdisjointmut function leading to undefined behavior or potential crash due to out-of-bounds access bsc1248006 - Update to version 0.2.8+12:...

9.8CVSS6AI score0.0078EPSS
Exploits0References7
SUSE Linux
SUSE Linux
added 2025/09/16 7:49 a.m.7 views

Security update for rust-keylime

This update for rust-keylime fixes the following issues: Update vendored crate slab to version 0.4.11 CVE-2025-55159: Fixed incorrect bounds check in getdisjointmut function leading to undefined behavior or potential crash due to out-of-bounds access bsc1248006 Update to version 0.2.8+12:...

6.3CVSS7.6AI score0.0078EPSS
Exploits0References12
SUSE Linux
SUSE Linux
added 2025/08/22 12:50 p.m.4 views

Security update for rust-keylime

This update for rust-keylime fixes the following issues: Update slab to version 0.4.11: CVE-2025-55159: Fixed incorrect bounds check in getdisjointmut function bsc1248006 Update to version 0.2.8+12: builddeps: bump actions/checkout from 4 to 5 builddeps: bump cfg-if from 1.0.0 to 1.0.1 builddeps:...

5.8CVSS6.4AI score0.00156EPSS
Exploits0References4
OSV
OSV
added 2025/08/22 10:7 a.m.7 views

SUSE-SU-2025:02961-1 Security update for rust-keylime

This update for rust-keylime fixes the following issues: - Update slab to version 0.4.11: CVE-2025-55159: Fixed incorrect bounds check in getdisjointmut function bsc1248006 - Update to version 0.2.8+12: builddeps: bump actions/checkout from 4 to 5 builddeps: bump cfg-if from 1.0.0 to 1.0.1...

5.1CVSS5.8AI score0.00156EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/07/19 3:0 p.m.11 views

CVE-2025-54064

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. The common Rucio helm-charts for the rucio-server, rucio-ui, and rucio-webui define the log format for the apache access log of these components...

6.9CVSS7.2AI score0.00411EPSS
Exploits0References1
NVD
NVD
added 2025/07/17 3:15 p.m.11 views

CVE-2025-54064

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. The common Rucio helm-charts for the rucio-server, rucio-ui, and rucio-webui define the log format for the apache access log of these components...

6.9CVSS0.00411EPSS
Exploits0References1
OSV
OSV
added 2025/07/17 2:40 p.m.7 views

CVE-2025-54064 rucio-server, rucio-ui, and rucio-webui vulnerable to insertion of X-Rucio-Auth-Token in apache access logfiles

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. The common Rucio helm-charts for the rucio-server, rucio-ui, and rucio-webui define the log format for the apache access log of these components...

6.9CVSS7AI score0.00411EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/07/17 12:0 a.m.4 views

PT-2025-29919 · Unknown +2 · Rucio-Webui +3

Name of the Vulnerable Software and Affected Versions: rucio-server versions 37.0.2, 35.0.1, and 32.0.1 rucio-ui versions 37.0.4, 35.0.1, and 32.0.2 rucio-webui versions 37.0.2, 35.1.1, and 32.0.1 Description: Rucio is a software framework used to organize, manage, and access large volumes of...

6.9CVSS6.4AI score0.00411EPSS
Exploits0References4
Rows per page
Query Builder