Lucene search
+L

91 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 6:40 p.m.3 views

CVE-2021-38698

HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2...

6.5CVSS6.7AI score0.01523EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:12 p.m.7 views

CVE-2020-13623

JerryScript 2.2.0 allows attackers to cause a denial of service stack consumption via a proxy operation...

7.5CVSS6.7AI score0.01151EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2025/05/09 12:0 a.m.10 views

The vulnerability affects the FSM component of the software used for traffic management, load balancing, and security protection in BIG-IP Next Service Proxy for Kubernetes (SPK), as well as the access control and remote authentication mechanisms in BIG-IP. This allows attackers to cause service failures.

The vulnerability of the fsm component in BIG-IP Next Service Proxy for Kubernetes SPK, as well as in tools for access control and remote authentication, is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures...

7.8CVSS6.2AI score0.00393EPSS
Exploits0References2Affected Software2
Tenable Nessus
Tenable Nessus
added 2025/04/14 12:0 a.m.10 views

Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2025-926)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-926 advisory. Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy's extproc HTTP filter is at risk of crashing if a local reply is sent to the...

7.5CVSS5.5AI score0.00406EPSS
Exploits0References4
NVD
NVD
added 2024/12/18 8:15 p.m.25 views

CVE-2024-53270

Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions sendOverloadError is going to assume the active request exists when envoy.loadshedpoints.http1serverabortdispatch is configured. If activerequest is nullptr, only onMessageBeginImpl is called. However, the...

7.5CVSS0.007EPSS
Exploits1References2
Amazon
Amazon
added 2024/11/14 12:0 a.m.9 views

Medium: ecs-service-connect-agent

Issue Overview: Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envoy allows external clients to manipulate Envoy headers, potentially leading to unauthorized access or other malicious actions within the mesh. This issue arises due to Envoy's defaul...

7.5CVSS7.6AI score0.17301EPSS
Exploits2
OSV
OSV
added 2024/09/21 7:10 a.m.46 views

BIT-ENVOY-2024-45807 oghttp2 crash on OnBeginHeadersForStream in envoy

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using oghttp as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the oghttp2 by default. The impact of this issue is that envoy wi...

7.5CVSS7.5AI score0.00495EPSS
Exploits0References2
OSV
OSV
added 2024/08/21 3:11 p.m.16 views

GO-2022-0559 HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul...

6.5CVSS6.7AI score0.01523EPSS
Exploits0References6
OSV
OSV
added 2024/07/01 9:10 p.m.16 views

CVE-2024-39305 Envoy Proxy use after free when route hash policy is configured with cookie attributes

Envoy is a cloud-native, open source edge and service proxy. Prior to versions 1.30.4, 1.29.7, 1.28.5, and 1.27.7. Envoy references already freed memory when route hash policy is configured with cookie attributes. Note that this vulnerability has been fixed in the open as the effect would be...

6.5CVSS6.6AI score0.00647EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/06/24 12:0 a.m.30 views

Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2024-037)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.29.5.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2024-037 advisory. Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling...

8.2CVSS7.1AI score0.00693EPSS
Exploits6References18
OSV
OSV
added 2024/06/06 7:18 a.m.41 views

BIT-ENVOY-2024-32976 Envoy can enter an endless loop while decompressing Brotli data with extra input

Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra input...

7.5CVSS7.5AI score0.00674EPSS
Exploits1References2
OSV
OSV
added 2024/06/06 7:17 a.m.35 views

BIT-ENVOY-2024-34362 Envoy affected by a crash (use-after-free) in EnvoyQuicServerStream

Envoy is a cloud-native, open source edge and service proxy. There is a use-after-free in HttpConnectionManager HCM with EnvoyQuicServerStream that can crash Envoy. An attacker can exploit this vulnerability by sending a request without FIN, then a RESETSTREAM frame, and then after receiving the...

5.9CVSS5.9AI score0.00589EPSS
Exploits1References2
NVD
NVD
added 2024/06/04 9:15 p.m.29 views

CVE-2024-32976

Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra input...

7.5CVSS7.6AI score0.00674EPSS
Exploits1References1
NVD
NVD
added 2024/06/04 9:15 p.m.31 views

CVE-2024-34363

Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an uncaught exception from downstream data if incomplete UTF-8 strings were serialized. The uncaught exception would cause Envoy to crash...

7.5CVSS7.5AI score0.00674EPSS
Exploits1References1
NVD
NVD
added 2024/06/04 9:15 p.m.24 views

CVE-2024-34362

Envoy is a cloud-native, open source edge and service proxy. There is a use-after-free in HttpConnectionManager HCM with EnvoyQuicServerStream that can crash Envoy. An attacker can exploit this vulnerability by sending a request without FIN, then a RESETSTREAM frame, and then after receiving the...

5.9CVSS5.7AI score0.00589EPSS
Exploits1References1
NVD
NVD
added 2024/06/04 9:15 p.m.21 views

CVE-2024-23326

Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into a response. Per RFC https://www.rfc-editor.org/rfc/rfc7230section-6.7 a server sends 101 when switching...

8.2CVSS5.7AI score0.00361EPSS
Exploits0References1
NVD
NVD
added 2024/06/04 9:15 p.m.33 views

CVE-2024-32974

Envoy is a cloud-native, open source edge and service proxy. A crash was observed in EnvoyQuicServerStream::OnInitialHeadersComplete with following call stack. It is a use-after-free caused by QUICHE continuing push request headers after StopReading being called on the stream. As after StopReadin...

7.5CVSS5.8AI score0.00693EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/06/04 8:59 p.m.36 views

CVE-2024-32976 Envoy can enter an endless loop while decompressing Brotli data with extra input

Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra input...

7.5CVSS7.6AI score0.00674EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/06/04 8:59 p.m.16 views

CVE-2024-34362 Envoy affected by a crash (use-after-free) in EnvoyQuicServerStream

Envoy is a cloud-native, open source edge and service proxy. There is a use-after-free in HttpConnectionManager HCM with EnvoyQuicServerStream that can crash Envoy. An attacker can exploit this vulnerability by sending a request without FIN, then a RESETSTREAM frame, and then after receiving the...

5.9CVSS5.7AI score0.00589EPSS
Exploits1References1
OSV
OSV
added 2024/06/04 8:59 p.m.10 views

CVE-2024-34362 Envoy affected by a crash (use-after-free) in EnvoyQuicServerStream

Envoy is a cloud-native, open source edge and service proxy. There is a use-after-free in HttpConnectionManager HCM with EnvoyQuicServerStream that can crash Envoy. An attacker can exploit this vulnerability by sending a request without FIN, then a RESETSTREAM frame, and then after receiving the...

5.9CVSS6.1AI score0.00589EPSS
Exploits1References3
Rows per page
Query Builder