CyberSecurityBoard
Sponsor Register Login

CVE-2024-34362

Envoy is a cloud-native, open source edge and service proxy. There is a use-after-free in `HttpConnectionManager` (HCM) with `EnvoyQuicServerStream` that can crash Envoy. An attacker can exploit this vulnerability by sending a request without `FIN`, then a `RESET_STREAM` frame, and then after receiving the response, closing the connection.

Publication date: Tue, 04 Jun 2024 21:15:00 +0000


Cyber News related to CVE-2024-34362

MOVEit Transfer Flaws Push Security Defense Into a Race With Attackers - Attackers appear to be pounding away at a couple of critical bugs that Progress Software disclosed this week in its MOVEit file transfer application, with nearly the same ferocity as they did the zero-day flaw the company disclosed almost exactly a ...
1 year ago Darkreading.com CVE-2024-5806 CVE-2024-5805 CVE-2023-34362
AWS LetsEncrypt Lambda: Custom TLS Provider - DZone - Trying to renew ... INFO[0000] Checking certificate for domain 'hackernoon.referrs.me' with arn 'arn:aws:acm:us-east-2:004867756392:certificate/72f872fd-e577-43f4-ae38-6833962630af' INFO[0000] Certificate status is 'ISSUED' INFO[0000] Certificate in ...
1 year ago Feeds.dzone.com
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
1 year ago Cisa.gov
Attackers Automating Vulnerability Exploits with Few Hours of Disclosure - With ransomware collectives and state-backed groups investing heavily in automation, the 2025 Mass Internet Exploitation Report serves as both a warning and a roadmap urging organizations to abandon reactive strategies in favor of real-time, ...
8 months ago Cybersecuritynews.com LockBit CVE-2023-4863
Nation State-Actors Attacking Healthcare Institutions to Sabotage IT & OT Systems - Since early 2024, advanced persistent threat (APT) groups linked to Iran, North Korea, and China have exploited vulnerabilities in healthcare networks to deploy destructive malware, ransomware, and backdoors. These attacks aim to sabotage patient ...
6 months ago Cybersecuritynews.com CVE-2023-34362
CVE-2024-34362 - Envoy is a cloud-native, open source edge and service proxy. There is a use-after-free in `HttpConnectionManager` (HCM) with `EnvoyQuicServerStream` that can crash Envoy. An attacker can exploit this vulnerability by sending a request without `FIN`, ...
1 year ago
Research Reveals That Infostealers Target Healthcare Sector Data - New research by Netskope Threat Labs has revealed that infostealers were the primary malware and ransowmare families used to target the healthcare sector. Healthcare was among the top sectors impacted during 2023 by mega breaches, an attack where ...
1 year ago Itsecurityguru.org CVE-2023-34362
10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
1 year ago Techtarget.com CVE-2023-0669 CVE-2023-34362 CVE-2023-36884 CVE-2023-4863 CVE-2023-41992 CVE-2023-41991 CVE-2023-41993 CVE-2023-22515
ICS Advisory (ICSA-25-254-07) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has released ICS Advisory ICSA-25-254-07 addressing critical vulnerabilities in Schneider Electric's Modicon M580 and M340 Programmable Logic Controllers (PLCs). These vulnerabilities could ...
2 months ago Cisa.gov CVE-2023-34362 CVE-2023-34363 CVE-2023-34364 CVE-2023-34365 CVE-2023-34366
ICS Advisory (ICSA-25-308-03) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) issued ICS Advisory ICSA-25-308-03 addressing critical vulnerabilities in Schneider Electric's EcoStruxure Control Expert software. These vulnerabilities could allow remote attackers to ...
3 weeks ago Cisa.gov CVE-2023-34362 CVE-2023-34363 CVE-2023-34364 CVE-2023-34365
ICS Advisory (ICSA-25-254-04) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has issued ICS Advisory ICSA-25-254-04 addressing critical vulnerabilities in Schneider Electric's EcoStruxure Control Expert software. These vulnerabilities could allow remote attackers to ...
2 months ago Cisa.gov CVE-2023-34362 CVE-2023-34363 CVE-2023-34364 CVE-2023-34365
ICS Advisory (ICSA-25-261-02) - CISA - The Cybersecurity and Infrastructure Security Agency (CISA) has released ICS Advisory ICSA-25-261-02 addressing critical vulnerabilities in Schneider Electric's Modicon M580 and M340 Programmable Logic Controllers (PLCs). These vulnerabilities could ...
2 months ago Cisa.gov CVE-2023-34362 CVE-2023-34363
CVE-2021-34362 - A command injection vulnerability has been reported to affect QNAP device running Media Streaming add-on. If exploited, this vulnerability allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following ...
3 years ago
CVE-2022-34362 - IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, ...
2 years ago
CVE-2023-34362 - In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an ...
11 months ago CVE-2016-20016 CVE-2025-XXXXX
CISA orders patch for Sitecore zero-day exploited by ransomware gang - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive requiring federal agencies to patch a critical zero-day vulnerability in Sitecore, a popular content management system. This vulnerability, actively ...
2 months ago Therecord.media CVE-2023-34362 LockBit
SAP Urges Urgent Patch for Critical S4HANA Vulnerability - SAP has released a critical security patch for its S4HANA platform addressing a severe vulnerability that could allow attackers to execute unauthorized code and compromise enterprise systems. This flaw, identified as CVE-2023-34362, poses significant ...
2 months ago Infosecurity-magazine.com CVE-2023-34362
Delta Dental says data breach exposed info of 7 million people - Delta Dental of California is warning almost seven million patients that they suffered a data breach after personal data was exposed in a MOVEit Transfer software breach. Delta Dental is a dental insurance provider that covers 85 million people ...
1 year ago Bleepingcomputer.com CVE-2023-34362
Delta Dental of California data breach exposed info of 7 million people - Delta Dental of California and its affiliates are warning almost seven million patients that they suffered a data breach after personal data was exposed in a MOVEit Transfer software breach. Delta Dental of California is a dental insurance provider ...
1 year ago Bleepingcomputer.com CVE-2023-34362
Critical SAP S/4HANA vulnerability now exploited in attacks - A critical vulnerability in SAP S/4HANA, a widely used enterprise resource planning software, is now actively exploited by attackers. This vulnerability, identified as CVE-2023-34362, allows unauthorized attackers to execute arbitrary commands on ...
2 months ago Bleepingcomputer.com CVE-2023-34362
Fortra GoAnywhere 0-Day Vulnerability Exploited in the Wild - A critical zero-day vulnerability has been discovered in Fortra's GoAnywhere MFT (Managed File Transfer) software, actively exploited by threat actors. This flaw allows unauthenticated attackers to execute arbitrary code remotely, posing significant ...
2 months ago Cybersecuritynews.com CVE-2023-34362
Maximum severity GoAnywhere MFT flaw exploited as zero-day - A critical zero-day vulnerability in the GoAnywhere Managed File Transfer (MFT) software is currently being exploited in the wild, posing a significant security risk to organizations using this platform. The flaw, rated with maximum severity, allows ...
2 months ago Bleepingcomputer.com CVE-2023-34362
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
1 year ago Cisa.gov
CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
1 year ago Tenable.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)