EUVD-2022-0904

Malicious code in bioql PyPI...

PT-2022-24864 · Unknown +1 · Kubernetes +1

Name of the Vulnerable Software and Affected Versions: Istio versions prior to 1.15.2 Istio versions prior to 1.14.5 Istio versions prior to 1.13.9 Description: Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. The...

Oracle Linux 7 / 8 : olcne / istio / istio (ELSA-2022-9362)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9362 advisory. - Addresses CVE-2022-24726, CVE-2022-24921 istio Tenable has extracted the preceding description block directly from the Oracle Linux security...

CVE-2022-24726

The CVE-2022-24726 entry affects Istio’s control plane (istiod) where a request processing error in the validating webhook, exposed publicly on TLS port 15017, can crash the control plane when a specially crafted message is processed. Affected versions have been patched in Istio releases 1.13.2, ...

GHSA-856Q-XV3C-7F2F Unauthenticated control plane denial of service attack in Istio

Impact The Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the...

Denial Of Service (DoS)

github.com/istio/istio is vulnerable to denial of service DoS attacks. A malicious user is able to send a specifically crafted message causing a request processing error resulting a control plane crash...

Denial Of Service (DoS)

Microsoft .NET Framework is vulnerable to denial of serviceDoS attacks. A remote user could send specially crafted requests to the target .NET web application to trigger a request processing error in the Microsoft Common Object Runtime Library and cause denial of service conditions which leads...