CVE-2024-27102

CVE-2024-27102 affects Wings (github.com/pterodactyl/wings). It is an improper isolation of server file access vulnerability that enables reading files outside the server’s base directory when an attacker has an existing server controlled by Wings. The public documentation confirms the impact and...

CVE-2024-27102 Improper isolation of server file access in github.com/pterodactyl/wings

Wings is the server control plane for Pterodactyl Panel. This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can potentially be used to access files and directories on the host system. The full scope of impact is exactly unknown, but reading files outside o...

Trust Boundary Violation

Overview Affected versions of this package are vulnerable to Trust Boundary Violation via the creation of a custom PersistentVolume that matches the name of a worker node. An attacker can gain unauthorized access to the root HCP worker node's volume by exploiting this flaw. Note: The name of the...

kubevirt-csi: PersistentVolume allows access to HCP's root node

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane HCP. This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node...

GHSA-FG9Q-5CW2-P6R9 kubevirt-csi: PersistentVolume allows access to HCP's root node

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane HCP. This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node...

CVE-2024-1725

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane HCP. This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node...

CVE-2024-1725 Kubevirt-csi: persistentvolume allows access to hcp's root node

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane HCP. This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node...

CVE-2024-1725 Kubevirt-csi: persistentvolume allows access to hcp's root node

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane HCP. This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node...

CVE-2024-1725

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane HCP. This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node...

K91054692: BIG-IP Appliance mode iAppsLX vulnerability CVE-2024-23976

Security Advisory Description When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing iAppsLX templates on a BIG-IP system. CVE-2024-23976 Impact An authenticated attacker with local system access and th...

K000137522: BIG-IP iControl REST vulnerability CVE-2024-22093

Security Advisory Description When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. A successful exploit can allow the attacker to cross a security boundary. CVE-2024-22093 Impact This...

K32544615: BIG-IP iControl REST API vulnerability CVE-2024-22389

Security Advisory Description When BIG-IP is deployed in high availability HA and an iControl REST API token is updated, the change does not sync to the peer device. CVE-2024-22389 Impact This vulnerability may allow a high privileged remote authenticated attacker to use deleted or updated API...

[NetScaler] Multicast packets may cross members within LA channel on SDX with i40e NICs

On a Fortville NIC SDX platform with i40e driver. When LA channel is configured with 10G or 25G NICs and is assigned to a NetScaler VPX. The VPX may receive unexpected multicast packets that was sent by itself through another member of the LA channel. Such as VRRP control plane messages. The...

Cisco NX-OS Software VXLAN OAM Denial of Service (CVE-2021-1587)

A vulnerability in the VXLAN Operation, Administration, and Maintenance OAM feature of Cisco NX-OS Software, known as NGOAM, could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper handling of specific...

Input Validation Vulnerability in Multiple Huawei Products (huawei-sa-20160713-01-multicast-ldp-fec-stack)

There is an input validation vulnerability in Huawei multiple products. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

ovn: service monitor MAC flow is not rate limited

A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured...

Fedora 39 : golang-github-cncf-xds / golang-github-envoyproxy-control-plane / etc (2023-6b89bc0305)

The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-6b89bc0305 advisory. Contains updates to address CVE-2022-28357,41717 and also NATS: 2023-01 nats-server: Adding accounts for just the system account adds auth bypass Tenable has...

Fedora: Security Advisory for golang-github-envoyproxy-control-plane (FEDORA-2023-6b89bc0305)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: golang-github-envoyproxy-control-plane-0.11.1-1.fc39

Go implementation of data-plane-api...

CVE-2023-5408

A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the clust...