Design/Logic Flaw

Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a...

CVE-2022-39278 Istio vulnerable to denial of service attack due to Golang Regex Library

Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a...

PT-2022-24864 · Unknown +1 · Kubernetes +1

Name of the Vulnerable Software and Affected Versions: Istio versions prior to 1.15.2 Istio versions prior to 1.14.5 Istio versions prior to 1.13.9 Description: Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. The...

CVE-2022-28937

FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via an invalid proposal with an invalid header, will cause normal nodes to stop producing new blocks and processing new clients' requests...

Oracle Linux 7 / 8 : olcne / istio / istio (ELSA-2022-9362)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9362 advisory. - Addresses CVE-2022-24726, CVE-2022-24921 istio Tenable has extracted the preceding description block directly from the Oracle Linux security...

Design/Logic Flaw

Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing when the...

CVE-2022-24726

The CVE-2022-24726 entry affects Istio’s control plane (istiod) where a request processing error in the validating webhook, exposed publicly on TLS port 15017, can crash the control plane when a specially crafted message is processed. Affected versions have been patched in Istio releases 1.13.2, ...

GHSA-856Q-XV3C-7F2F Unauthenticated control plane denial of service attack in Istio

Impact The Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the...

Denial Of Service (DoS)

github.com/istio/istio is vulnerable to denial of service DoS attacks. A malicious user is able to send a specifically crafted message causing a request processing error resulting a control plane crash...

Design/Logic Flaw

Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoin...

Istio 授权问题漏洞

Istio is an open platform for connecting, managing and securing microservices. Istio suffers from an authorization issue vulnerability that stems from the Istio control plane "istiod" being susceptible to request processing errors in the affected version. An attacker could use this vulnerability ...

Server side template injection — SSTI vulnerability ⚠️

Server side template injection — SSTI vulnerability ⚠️ Introduction There is hardly any software development or other linked elements that haven’t fallen into the trap of cyber vulnerabilities. Templates, used for HTML code management on the server-side, are amongst them. The attack targeting the...

ALPINE-CVE-2021-44541

A vulnerability was found in Privoxy which was fixed in processencryptedrequestheaders by freeing header memory when failing to get the request destination...

Apache HTTP Server Denial of Service Vulnerability (CNVD-2022-09237)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A denial of service vulnerability exists in Apache HTTP Server version 2.4.49, which arises from the detection of new null pointer...

Apache 2.4.49 < 2.4.50 Multiple Vulnerabilities

According to its banner, the version of Apache running on the remote host is 2.4.49. It is, therefore, affected by multiple vulnerabilities: - While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the serve...

CVE-2021-41524

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project...

Apache Httpd < 2.4.50 : null pointer dereference in h2 fuzzing

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project...

CVE-2021-32781

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a locally generated response it must stop further processing of request or response data. However when local response is generated due the intern...

SUSE: Security Advisory (SUSE-SU-2016:2089-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2021-31806

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack against all clients using the proxy via HTTP Range request processing...