606 matches found
CVE-2021-1523 Cisco Nexus 9000 Series Fabric Switches ACI Mode Queue Wedge Denial of Service Vulnerability
A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI Mode could allow an unauthenticated, remote attacker to cause a queue wedge on a leaf switch, which could result in critical control plane traffic to the device being dropped. This could result in...
CVE-2021-32699
Wings is the control plane software for the open source Pterodactyl game management system. All versions of Pterodactyl Wings prior to 1.4.4 are vulnerable to system resource exhaustion due to improper container process limits being defined. A malicious user can consume more resources than intend...
Information Disclosure
github.com/argoproj/argo-cd is vulnerable to information disclosure. Credentials used for accessing the remote Helm OCI repository are leaked to anyone with access to the pod logs via access with appropriate permissions to the Kubernetes control plane or a third party log management system becaus...
CVE-2021-23009
On BIG-IP version 16.0.x before 16.0.1.1 and 15.1.x before 15.1.3, malformed HTTP/2 requests may cause an infinite loop which causes a Denial of Service for Data Plane traffic. TMM takes the configured HA action when the TMM process is aborted. There is no control plane exposure, this is a data...
CVE-2020-8562
A security issue was discovered in Kubernetes where an authorized user may be able to access private networks on the Kubernetes control plane components. Kubernetes clusters are only affected if an untrusted user can create or modify Node objects and proxy to them, or an untrusted user can create...
PT-2021-12791
Name of the Vulnerable Software and Affected Versions: Kubernetes versions prior to a fixed version no specific fixed version mentioned Description: The issue concerns a mitigation attempt by Kubernetes to prevent proxied connections from accessing link-local or localhost networks. However, a use...
Kubernetes 安全漏洞
Kubernetes is an open source Docker container cluster management system from the Linux Foundation. The system provides resource scheduling, deployment operations, service discovery, and scaling up and down for containerized applications. Kubernetes suffers from a security vulnerability that stems...
CVE-2021-1387 Cisco NX-OS Software IPv6 Netstack Denial of Service Vulnerability
A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability exists because the software improperly releases resources when it processes certain IPv6 packets that a...
CVE-2021-22974
On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to iControl REST over the control plane may be able to take advantage of a race condition to execute...
Race condition
On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to iControl REST over the control plane may be able to take advantage of a race condition to execute...
kubernetes: compromised node could escalate to cluster level privileges
A flaw was found in the Kubernetes API server, where it allows an attacker to escalate their privileges from a compromised node. This flaw allows an attacker who can intercept requests on a compromised node, to redirect those requests, along with their credentials, to perform actions on other...
CVE-2020-13100
Arista’s CloudVision eXchange CVX server before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service crash and restart in the ControllerOob agent via a malformed control-plane packet...
CVE-2020-13100
Arista’s CloudVision eXchange CVX server before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service crash and restart in the ControllerOob agent via a malformed control-plane packet...
Huawei Data Communication: Deploying LDP Authentication
LDP MD5 authentication is deployed to prevent attackers from attempting to use protocols on the control plane to destroy entries on which forwarding depends, such as routes. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are...
Huawei Data Communication: Deploying RSVP Authentication
RSVP MD5 authentication is deployed to prevent attackers from attempting to use protocols on the control plane to destroy entries on which forwarding depends, such as routes. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are...
F5 Networks BIG-IP : BIG-IP high availability state mirroring vulnerability (K72540690)
The version of F5 Networks BIG-IP installed on the remote host is prior to 16.0.0. It is, therefore, affected by a vulnerability as referenced in the K72540690 advisory. The default deployment mode for BIG-IP high availability HA pair mirroring is insecure. This is a control plane issue that is...
RHEL 8 : Red Hat OpenShift Service Mesh 1.1 servicemesh-operator (RHSA-2020:2795)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2795 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise...
Huawei Data Communication: Deploying OSPFv3 Authentication
OSPFv3 HMAC-SHA256 authentication is deployed to prevent attackers from attempting to use control plane protocols to destroy entries on which forwarding depends, such as routes. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...
Huawei Data Communication: Deploying IS-IS Authentication
IS-IS authentication is deployed to prevent attackers from attempting to use the control plane protocol to destroy entries on which forwarding depends, such as routes. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright ...
CVE-2020-5885
On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems set up for connection mirroring in a high availability HA pair transfer sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only o...