21
|
- |
|
-
|
-
|
Envoy is a cloud-native high-performance edge/middle/service proxy. A vulnerability has been identified in Envoy that allows malicious attackers to inject unexpected content into access logs. This is…
New
|
CWE-117
Improper Output Neutralization for Logs
|
CVE-2024-45808
|
2024-09-20 09:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
22
|
- |
|
-
|
-
|
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using `oghttp` as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To …
New
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2024-45807
|
2024-09-20 09:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
23
|
- |
|
-
|
-
|
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling `sendLocalReply` under some circumstance, e.g., websocket upgrade, and requ…
New
|
-
|
CVE-2024-45810
|
2024-09-20 09:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
24
|
- |
|
-
|
-
|
Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, whi…
New
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2024-45809
|
2024-09-20 09:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
25
|
- |
|
-
|
-
|
Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envoy allows external clients to manipulate Envoy headers, potentially leading to unauthorized access o…
New
|
-
|
CVE-2024-45806
|
2024-09-20 09:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
26
|
5.9 |
MEDIUM
Network
|
consensys
|
gnark-crypto
|
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.11.0, commitments to private witnesses in Groth16 as implemented break the zero-knowledge property…
Update
|
NVD-CWE-noinfo
|
CVE-2024-45040
|
2024-09-20 09:13 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
27
|
6.2 |
MEDIUM
Local
|
consensys
|
gnark-crypto
|
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Versions prior to 0.11.0 have a soundness issue - in case of multiple commitments used inside the circuit the prover …
Update
|
NVD-CWE-noinfo
|
CVE-2024-45039
|
2024-09-20 09:12 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
28
|
8.8 |
HIGH
Network
|
thimpress
|
wp_events_manager
|
The WP Events Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 2.1.11 due to insufficient escaping on the user su…
Update
|
CWE-89
SQL Injection
|
CVE-2024-7717
|
2024-09-20 09:08 |
2024-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
29
|
5.3 |
MEDIUM
Network
wpcerber
|
cerber_security_antispam_\&_malware_scan
|
The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it …
Update
|
NVD-CWE-noinfo
|
CVE-2022-4100
|
2024-09-20 09:08 |
2024-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
30
|
5.3 |
MEDIUM
Network
youtag
|
ip-vault-wp-firewall
|
The IP Vault – WP Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1. This is due to insufficient restrictions on where the IP Address informatio…
Update
|
NVD-CWE-Other
|
CVE-2022-4536
|
2024-09-20 09:04 |
2024-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|