443 matches found
Astra Linux – Vulnerability in Keepalived
In Keepalived versions up to 2.2.4, the D-Bus mechanism does not sufficiently restrict the destination of messages, allowing any user to inspect and manipulate any property. This leads to bypasses of access controls in some situations, where a unrelated D-Bus system service has a settable writabl...
Astra Linux – Vulnerability in Keepalived
The vulnerability of the Keepalived network traffic balancing system is related to unvalidated array indexing. Exploiting this vulnerability allows an attacker to cause service failures...
Astra Linux – Vulnerability in Keepalived
The vulnerability of the readline function in the parser.c component of the Keepalived network traffic balancing system is related to reading data beyond the allowed buffer limits. Exploiting this vulnerability allows an attacker to cause a service failure...
Astra Linux – Vulnerability in Keepalived
The vulnerability of the parser.c component in the Keepalived network traffic balancing system is related to the use of memory after it is freed. Exploiting this vulnerability allows an attacker to cause a service failure...
Astra Linux – Vulnerability in Keepalived
The vulnerability of the parser.c component in the Keepalived network traffic balancing system is related to pointer dereferencing errors. Exploiting this vulnerability allows an attacker to cause service failures...
CVE-2026-45565
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, EscapedString app/modules/roxywi/classmodels.py:16-30 is the centralised Pydantic validator used on dozens of fields including SSH credential name, username, description, etc. Its...
CVE-2026-45569 Roxy-WI: Path-traversal patch in commit d4d10006 is a no-op (tuple-membership bug)
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, ommit d4d10006 "Expand validation to block .. in configfilename and configver for improved security" added a line in app/modules/config/config.py:462. This is tuple-membership, no...
EUVD-2026-36064
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, there is an authentication bypass vulnerability via 'api' substring in URL + unauthenticated /api/gpt. At time of publication, there are no publicly available patches...
CVE-2026-45561
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the /smon/agent/version,uptime,status,checks/ family of routes takes the URL path component verbatim into requests.getf'http://serverip:agentport/...'. The path component is...
EUVD-2026-36044
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /config/versions////save interpolates the URL-path configver parameter directly into a config-version path that ends up at os.systemf"dos2unix -q cfg". configver is not run...
EUVD-2026-36043
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, GET /history// re-uses the serverip path parameter as a user-id when service == 'user', with no authorization check. Any authenticated user — even a guest in an unrelated group —...
PT-2026-48436
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf///rule//save accepts a config file name form field that is passed straight through to config mod.master slave upload and restart... as the destination path. The validati...
PT-2026-48459
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, there is an authentication bypass vulnerability via 'api' substring in URL + unauthenticated /api/gpt. At time of publication, there are no publicly available patches...
PT-2026-48460
Name of the Vulnerable Software and Affected Versions Roxy-WI versions prior to 8.2.6.5 Description A path-traversal issue exists in the web interface used for managing Haproxy, Nginx, Apache, and Keepalived servers. A security check implemented in the config.py file within the app/modules/config...
Roxy-WI 路径遍历漏洞
Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier contain a path traversal vulnerability. This vulnerability stems from the use of metagroup tests instead of substring containment in path traversal checks,...
Roxy-WI 代码问题漏洞
Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier have a code vulnerability. This vulnerability stems from the /smon/agent/route function directly passing URL path components to requests.get, which may all...
Unity Linux 20.1070e Security Update: keepalived (UTSA-2026-016728)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016728 advisory. In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This...
EUVD-2026-25377
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 8.2.6.4 have a SQL injection vulnerability in the haproxysectionsave function in app/routes/config/routes.py. The serverip parameter, sourced from the URL path, is passed unsanitized through...
EUVD-2026-25376
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the oldconfig parameter in the haproxysectionsave interface has an arbitrary file read vulnerability. Version 8.2.6.4 fixes the issue...
EUVD-2026-25375
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the haproxysectionsave interface presents a vulnerability that could lead to remote code execution due to path traversal and writing into scheduled tasks. Version 8.2.6.4 fixes the iss...