25 matches found
EUVD-2020-24833
Malware in sbrugna...
BIT-HUBBLE-UI-2024-37307
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run with the --envoy-dump flag set against Cilium...
BIT-HUBBLE-UI-BACKEND-2024-37307
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run with the --envoy-dump flag set against Cilium...
BIT-CILIUM-PROXY-2024-37307
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run with the --envoy-dump flag set against Cilium...
BIT-HUBBLE-RELAY-2024-37307 Cilium leaks sensitive information in cilium-bugtool
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run with the --envoy-dump flag set against Cilium...
BIT-CILIUM-2024-37307 Cilium leaks sensitive information in cilium-bugtool
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run with the --envoy-dump flag set against Cilium...
BIT-CILIUM-OPERATOR-2024-37307 Cilium leaks sensitive information in cilium-bugtool
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run with the --envoy-dump flag set against Cilium...
GHSA-WH78-7948-358J Cilium leaks sensitive information in cilium-bugtool
Impact The output of cilium-bugtool can contain sensitive data when the tool is run with the --envoy-dump flag set against Cilium deployments with the Envoy proxy enabled. Users of the following features are affected: - TLS inspection - Ingress with TLS termination - Gateway API with TLS...
Cilium leaks sensitive information in cilium-bugtool
Impact The output of cilium-bugtool can contain sensitive data when the tool is run with the --envoy-dump flag set against Cilium deployments with the Envoy proxy enabled. Users of the following features are affected: - TLS inspection - Ingress with TLS termination - Gateway API with TLS...
CVE-2024-37307
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run with the --envoy-dump flag set against Cilium...
CVE-2024-37307 Cilium leaks sensitive information in cilium-bugtool
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run with the --envoy-dump flag set against Cilium...
CVE-2024-37307 Cilium leaks sensitive information in cilium-bugtool
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run with the --envoy-dump flag set against Cilium...
CVE-2024-37307 Cilium leaks sensitive information in cilium-bugtool
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run with the --envoy-dump flag set against Cilium...
CVE-2024-37307
Summary: CVE-2024-37307 affects Cilium’s cilium-bugtool when run with --envoy-dump against deployments with Envoy enabled. Affected versions: prior to 1.13.7, 1.14.12, and 1.15.6 (i.e., versions 1.13.0–1.13.6, 1.14.0–1.14.11, 1.15.0–1.15.5). Root cause/impact: the tool’s output could contain sens...
Cisco Firepower 2100 Series SSL/TLS Inspection DoS (cisco-sa-ftd-ssl-dcrpt-dos-RYEkX4yy)
According to its self-reported version, the SSL/TLS inspection of Cisco Firepower Threat Defense FTD Software for Cisco Firepower 2100 Series firewalls is affected by denial of service vulnerability due to improper input validation for certain fields of specific SSL/TLS messages. An...
Input validation
A vulnerability in the SSL/TLS inspection of Cisco Firepower Threat Defense FTD Software for Cisco Firepower 2100 Series firewalls could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper input validatio...
CVE-2020-3562 Cisco Firepower 2100 Series SSL/TLS Inspection Denial of Service Vulnerability
A vulnerability in the SSL/TLS inspection of Cisco Firepower Threat Defense FTD Software for Cisco Firepower 2100 Series firewalls could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper input validatio...
CVE-2020-3562 Cisco Firepower 2100 Series SSL/TLS Inspection Denial of Service Vulnerability
A vulnerability in the SSL/TLS inspection of Cisco Firepower Threat Defense FTD Software for Cisco Firepower 2100 Series firewalls could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper input validatio...
Cisco Firepower 2100 Series SSL/TLS Inspection Denial of Service Vulnerability
A vulnerability in the SSL/TLS inspection of Cisco Firepower Threat Defense FTD Software for Cisco Firepower 2100 Series firewalls could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper input validatio...
SNIcat - Server Name Indication Concatenator
SNIcat is a proof of concept tool that performs data exfiltration, utilizing a covert channel method via. Server Name Indication , a TLS Client Hello Extension. The tool consists of an agent which resides on the compromised internal host, and a Command &Control Server which controls the agent and...