Lucene search
K

606 matches found

Vulnrichment
Vulnrichment
added 2021/08/25 7:10 p.m.17 views

CVE-2021-1523 Cisco Nexus 9000 Series Fabric Switches ACI Mode Queue Wedge Denial of Service Vulnerability

A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI Mode could allow an unauthenticated, remote attacker to cause a queue wedge on a leaf switch, which could result in critical control plane traffic to the device being dropped. This could result in...

8.6CVSS7.1AI score0.01328EPSS
Exploits0References1
NVD
NVD
added 2021/06/22 8:15 p.m.14 views

CVE-2021-32699

Wings is the control plane software for the open source Pterodactyl game management system. All versions of Pterodactyl Wings prior to 1.4.4 are vulnerable to system resource exhaustion due to improper container process limits being defined. A malicious user can consume more resources than intend...

6.5CVSS0.00267EPSS
Exploits0References2
Veracode
Veracode
added 2021/05/24 9:55 a.m.12 views

Information Disclosure

github.com/argoproj/argo-cd is vulnerable to information disclosure. Credentials used for accessing the remote Helm OCI repository are leaked to anyone with access to the pod logs via access with appropriate permissions to the Kubernetes control plane or a third party log management system becaus...

1.2AI score
Exploits0
OSV
OSV
added 2021/05/10 3:15 p.m.4 views

CVE-2021-23009

On BIG-IP version 16.0.x before 16.0.1.1 and 15.1.x before 15.1.3, malformed HTTP/2 requests may cause an infinite loop which causes a Denial of Service for Data Plane traffic. TMM takes the configured HA action when the TMM process is aborted. There is no control plane exposure, this is a data...

7.5CVSS5.8AI score0.00988EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2021/05/04 11:4 p.m.52 views

CVE-2020-8562

A security issue was discovered in Kubernetes where an authorized user may be able to access private networks on the Kubernetes control plane components. Kubernetes clusters are only affected if an untrusted user can create or modify Node objects and proxy to them, or an untrusted user can create...

3.5CVSS3AI score0.01082EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/05/04 12:0 a.m.2 views

PT-2021-12791

Name of the Vulnerable Software and Affected Versions: Kubernetes versions prior to a fixed version no specific fixed version mentioned Description: The issue concerns a mitigation attempt by Kubernetes to prevent proxied connections from accessing link-local or localhost networks. However, a use...

3.5CVSS6.7AI score0.01082EPSS
Exploits0References69
CNNVD
CNNVD
added 2021/05/04 12:0 a.m.4 views

Kubernetes 安全漏洞

Kubernetes is an open source Docker container cluster management system from the Linux Foundation. The system provides resource scheduling, deployment operations, service discovery, and scaling up and down for containerized applications. Kubernetes suffers from a security vulnerability that stems...

3.5CVSS5.7AI score0.01082EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2021/02/24 7:30 p.m.8 views

CVE-2021-1387 Cisco NX-OS Software IPv6 Netstack Denial of Service Vulnerability

A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability exists because the software improperly releases resources when it processes certain IPv6 packets that a...

8.6CVSS7AI score0.01369EPSS
Exploits0References1
OSV
OSV
added 2021/02/12 5:15 p.m.2 views

CVE-2021-22974

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to iControl REST over the control plane may be able to take advantage of a race condition to execute...

7.5CVSS7.2AI score0.00805EPSS
Exploits0References1
Prion
Prion
added 2021/02/12 5:15 p.m.26 views

Race condition

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to iControl REST over the control plane may be able to take advantage of a race condition to execute...

6CVSS7.7AI score0.01062EPSS
Exploits0References1Affected Software15
RedHat Linux
RedHat Linux
added 2020/12/16 12:36 p.m.1 views

kubernetes: compromised node could escalate to cluster level privileges

A flaw was found in the Kubernetes API server, where it allows an attacker to escalate their privileges from a compromised node. This flaw allows an attacker who can intercept requests on a compromised node, to redirect those requests, along with their credentials, to perform actions on other...

6.8CVSS7.2AI score0.061EPSS
Exploits3References5
NVD
NVD
added 2020/10/26 3:15 p.m.12 views

CVE-2020-13100

Arista’s CloudVision eXchange CVX server before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service crash and restart in the ControllerOob agent via a malformed control-plane packet...

7.5CVSS0.01261EPSS
Exploits1References1
OSV
OSV
added 2020/10/26 3:15 p.m.6 views

CVE-2020-13100

Arista’s CloudVision eXchange CVX server before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service crash and restart in the ControllerOob agent via a malformed control-plane packet...

7.5CVSS7.2AI score0.01261EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2020/07/13 12:0 a.m.7 views

Huawei Data Communication: Deploying LDP Authentication

LDP MD5 authentication is deployed to prevent attackers from attempting to use protocols on the control plane to destroy entries on which forwarding depends, such as routes. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are...

7.5AI score
Exploits0
OpenVAS
OpenVAS
added 2020/07/13 12:0 a.m.7 views

Huawei Data Communication: Deploying RSVP Authentication

RSVP MD5 authentication is deployed to prevent attackers from attempting to use protocols on the control plane to destroy entries on which forwarding depends, such as routes. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are...

7.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/07/09 12:0 a.m.30 views

F5 Networks BIG-IP : BIG-IP high availability state mirroring vulnerability (K72540690)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.0.0. It is, therefore, affected by a vulnerability as referenced in the K72540690 advisory. The default deployment mode for BIG-IP high availability HA pair mirroring is insecure. This is a control plane issue that is...

9.1CVSS8.2AI score0.01497EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/07/01 12:0 a.m.30 views

RHEL 8 : Red Hat OpenShift Service Mesh 1.1 servicemesh-operator (RHSA-2020:2795)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2795 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise...

8.8CVSS6.6AI score0.25939EPSS
Exploits2References6
OpenVAS
OpenVAS
added 2020/05/15 12:0 a.m.9 views

Huawei Data Communication: Deploying OSPFv3 Authentication

OSPFv3 HMAC-SHA256 authentication is deployed to prevent attackers from attempting to use control plane protocols to destroy entries on which forwarding depends, such as routes. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2020/05/15 12:0 a.m.4 views

Huawei Data Communication: Deploying IS-IS Authentication

IS-IS authentication is deployed to prevent attackers from attempting to use the control plane protocol to destroy entries on which forwarding depends, such as routes. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright ...

7.5AI score
Exploits0
OSV
OSV
added 2020/04/30 9:15 p.m.4 views

CVE-2020-5885

On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems set up for connection mirroring in a high availability HA pair transfer sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only o...

9.1CVSS5.8AI score0.00809EPSS
Exploits0References1
Rows per page
Query Builder