Lucene search
K

443 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Keepalived

In Keepalived versions up to 2.2.4, the D-Bus mechanism does not sufficiently restrict the destination of messages, allowing any user to inspect and manipulate any property. This leads to bypasses of access controls in some situations, where a unrelated D-Bus system service has a settable writabl...

5.5CVSS6.3AI score0.01159EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Keepalived

The vulnerability of the Keepalived network traffic balancing system is related to unvalidated array indexing. Exploiting this vulnerability allows an attacker to cause service failures...

1.9CVSS5.5AI score
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Keepalived

The vulnerability of the readline function in the parser.c component of the Keepalived network traffic balancing system is related to reading data beyond the allowed buffer limits. Exploiting this vulnerability allows an attacker to cause a service failure...

6.2CVSS5.7AI score
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Keepalived

The vulnerability of the parser.c component in the Keepalived network traffic balancing system is related to the use of memory after it is freed. Exploiting this vulnerability allows an attacker to cause a service failure...

6.2CVSS5.5AI score
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Keepalived

The vulnerability of the parser.c component in the Keepalived network traffic balancing system is related to pointer dereferencing errors. Exploiting this vulnerability allows an attacker to cause service failures...

6.2CVSS5.5AI score
Exploits0References1
NVD
NVD
added 2026/06/10 4:17 p.m.7 views

CVE-2026-45565

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, EscapedString app/modules/roxywi/classmodels.py:16-30 is the centralised Pydantic validator used on dozens of fields including SSH credential name, username, description, etc. Its...

8.1CVSS0.00304EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 3:38 p.m.28 views

CVE-2026-45569 Roxy-WI: Path-traversal patch in commit d4d10006 is a no-op (tuple-membership bug)

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, ommit d4d10006 "Expand validation to block .. in configfilename and configver for improved security" added a line in app/modules/config/config.py:462. This is tuple-membership, no...

8.1CVSS0.00316EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 3:37 p.m.9 views

EUVD-2026-36064

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, there is an authentication bypass vulnerability via 'api' substring in URL + unauthenticated /api/gpt. At time of publication, there are no publicly available patches...

8.3CVSS5.5AI score0.00244EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 3:16 p.m.11 views

CVE-2026-45561

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the /smon/agent/version,uptime,status,checks/ family of routes takes the URL path component verbatim into requests.getf'http://serverip:agentport/...'. The path component is...

6.5CVSS0.00218EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 2:4 p.m.8 views

EUVD-2026-36044

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /config/versions////save interpolates the URL-path configver parameter directly into a config-version path that ends up at os.systemf"dos2unix -q cfg". configver is not run...

8.8CVSS5.5AI score0.00304EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 2:3 p.m.11 views

EUVD-2026-36043

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, GET /history// re-uses the serverip path parameter as a user-id when service == 'user', with no authorization check. Any authenticated user — even a guest in an unrelated group —...

4.3CVSS5.5AI score0.00176EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.27 views

PT-2026-48436

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf///rule//save accepts a config file name form field that is passed straight through to config mod.master slave upload and restart... as the destination path. The validati...

9.9CVSS5.5AI score0.00372EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.11 views

PT-2026-48459

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, there is an authentication bypass vulnerability via 'api' substring in URL + unauthenticated /api/gpt. At time of publication, there are no publicly available patches...

8.3CVSS5.5AI score0.00244EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48460

Name of the Vulnerable Software and Affected Versions Roxy-WI versions prior to 8.2.6.5 Description A path-traversal issue exists in the web interface used for managing Haproxy, Nginx, Apache, and Keepalived servers. A security check implemented in the config.py file within the app/modules/config...

8.1CVSS5.2AI score0.00316EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.13 views

Roxy-WI 路径遍历漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier contain a path traversal vulnerability. This vulnerability stems from the use of metagroup tests instead of substring containment in path traversal checks,...

8.1CVSS5.3AI score0.00316EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.10 views

Roxy-WI 代码问题漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier have a code vulnerability. This vulnerability stems from the /smon/agent/route function directly passing URL path components to requests.get, which may all...

6.5CVSS5.4AI score0.00218EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.6 views

Unity Linux 20.1070e Security Update: keepalived (UTSA-2026-016728)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016728 advisory. In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This...

5.5CVSS6.4AI score0.01159EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/24 2:5 a.m.4 views

EUVD-2026-25377

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 8.2.6.4 have a SQL injection vulnerability in the haproxysectionsave function in app/routes/config/routes.py. The serverip parameter, sourced from the URL path, is passed unsanitized through...

9.3CVSS6.2AI score0.00352EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/24 1:55 a.m.5 views

EUVD-2026-25376

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the oldconfig parameter in the haproxysectionsave interface has an arbitrary file read vulnerability. Version 8.2.6.4 fixes the issue...

8.7CVSS5.8AI score0.00428EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/24 1:52 a.m.5 views

EUVD-2026-25375

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the haproxysectionsave interface presents a vulnerability that could lead to remote code execution due to path traversal and writing into scheduled tasks. Version 8.2.6.4 fixes the iss...

9.3CVSS6.4AI score0.0082EPSS
Exploits1References2
Rows per page
Query Builder