12 matches found
UBUNTU-CVE-2026-27142
Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...
CVE-2026-28400 Docker Model Runner Unauthenticated Runtime Flag Injection via _configure Endpoint
Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expose a POST /engines/configure endpoint that accepts arbitrary runtime flags without authentication. These flags are passed directly to the underlying inference server llama.cpp...
SUSE CVE-2025-64763
Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, when Envoy is configured in TCP proxy mode to handle CONNECT requests, it accepts client data before issuing a 2xx response and forwards that data to the upstream TCP connection. If a forwardi...
CVE-2025-68366 nbd: defer config unlock in nbd_genl_connect
In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbdgenlconnect There is one use-after-free warning when running NBDCMDCONNECT and NBDCLEARSOCK: nbdgenlconnect nbdallocandinitconfig // configrefs=1 nbdstartdevice // configrefs=2 set NBDRTHASCONFIGREF...
BIT-ENVOY-2025-64763 Envoy forwards early CONNECT data in TCP proxy mode
Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, when Envoy is configured in TCP proxy mode to handle CONNECT requests, it accepts client data before issuing a 2xx response and forwards that data to the upstream TCP connection. If a forwardi...
GHSA-RJ35-4M94-77JH Envoy forwards early CONNECT data in TCP proxy mode
Summary Forwarding of early CONNECT data in TCP proxy mode. Details Per RFC 7231-4.3.6 the sender of CONNECT and all inbound proxies switch to tunnel mode only after receiving 2xx response. However in TCP proxy mode, Envoy accepts client data before it has issued a 2xx response and eagerly proxie...
Envoy forwards early CONNECT data in TCP proxy mode
Summary Forwarding of early CONNECT data in TCP proxy mode. Details Per RFC 7231-4.3.6 the sender of CONNECT and all inbound proxies switch to tunnel mode only after receiving 2xx response. However in TCP proxy mode, Envoy accepts client data before it has issued a 2xx response and eagerly proxie...
CVE-2025-64763 Envoy forwards early CONNECT data in TCP proxy mode
Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, when Envoy is configured in TCP proxy mode to handle CONNECT requests, it accepts client data before issuing a 2xx response and forwards that data to the upstream TCP connection. If a forwardi...
CVE-2025-64763 Envoy forwards early CONNECT data in TCP proxy mode
Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, when Envoy is configured in TCP proxy mode to handle CONNECT requests, it accepts client data before issuing a 2xx response and forwards that data to the upstream TCP connection. If a forwardi...
BIT-ENVOY-2025-54588 Envoy: Race condition in Dynamic Forward Proxy leads to use-after-free and segmentation faults
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. Versions 1.34.0 through 1.34.4 and 1.35.0 contain a use-after-free UAF vulnerability in the DNS cache, causing abnormal process termination. The vulnerability is in Envoy's Dynamic...
CVE-2025-54588 Envoy: Race condition in Dynamic Forward Proxy leads to use-after-free and segmentation faults
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. Versions 1.34.0 through 1.34.4 and 1.35.0 contain a use-after-free UAF vulnerability in the DNS cache, causing abnormal process termination. The vulnerability is in Envoy's Dynamic...
PT-2025-35643
Name of the Vulnerable Software and Affected Versions: Envoy versions 1.34.0 through 1.34.4 Envoy version 1.35.0 Description: Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. Affected versions contain a use-after-free UAF vulnerabili...