759 matches found
ROS-20250911-01
A vulnerability in the DNS load balancer and proxy for DNS traffic DNSdist is related to the assertion of availability when support for inbound DNS over HTTPS is enabled using the nghttp2 provider, and requests are are routed to a TCP-only backend or DNS over TLS. Exploitation of the vulnerabilit...
CVE-2025-57816
CVE-2025-57816 concerns the Fides Webserver API rate limiting. The issue arises in deployments that rely on the built‑in IP‑based rate limiter in proxied environments (CDNs, proxies, load balancers): limits are applied to the immediate connection IP rather than the client IP, and counters are sto...
Security Bulletin: Astronomer with IBM is vulnerable to unintentional traffic forwarding due to kube-proxy (CVE-2021-25736)
Summary Kube-proxy is used by Astronomer with IBM as part of Kubernetes functionality. Vulnerability Details CVEID:CVE-2021-25736 DESCRIPTION: Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port “spec.ports.port” as a LoadBalancer Service when t...
ROS-20250904-05
Vulnerability of DNS load balancer and proxy for DNS traffic DNSdist is related to insufficient checking of incoming TCP connections from the client. of incoming TCP connections from the client. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
MAL-2025-37773 Malicious code in uniform-alb-project (npm)
The package uniform-alb-project was found to contain malicious code...
CVE-2012-10039
ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2-2.cgi. The filelog parameter is passed directly into a backtick-delimited exec call without sanitation. An authenticated attacker can inject arbitrary shell commands, resulting in remote code executio...
CVE-2012-10039
CVE-2012-10039 affects ZEN Load Balancer versions 2.0 and 3.0-rc1. A command injection exists in content2-2.cgi where the filelog parameter is passed directly to a backtick-delimited exec() call without sanitization, allowing an authenticated attacker to execute arbitrary shell commands and achie...
CVE-2012-10039 ZEN Load Balancer Filelog Command Execution
ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2-2.cgi. The filelog parameter is passed directly into a backtick-delimited exec call without sanitation. An authenticated attacker can inject arbitrary shell commands, resulting in remote code executio...
CVE-2012-10039 ZEN Load Balancer Filelog Command Execution
ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2-2.cgi. The filelog parameter is passed directly into a backtick-delimited exec call without sanitation. An authenticated attacker can inject arbitrary shell commands, resulting in remote code executio...
Zevenet Zen Load Balancer 安全漏洞
Zevenet Zen Load Balancer is an application delivery controller from Zevenet, Spain. A security vulnerability exists in Zevenet Zen Load Balancer version 2.0 and 3.0-rc1, which stems from an unvalidated filelog parameter being passed directly to the exec function, which could lead to remote code...
PT-2025-32552 · Unknown +1 · Zen Load Balancer +2
Name of the Vulnerable Software and Affected Versions: ZEN Load Balancer versions 2.0 ZEN Load Balancer version 3.0-rc1 Description: ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection issue in the content2-2.cgi file. The filelog parameter is passed directly to an exec call...
GHSA-J5PM-7495-QMR3 vulnerabilities
Vulnerabilities for packages: kubebuilder, nginx-prometheus-exporter, nemo, mongo-tools, dive, azuredisk-csi-fips, volume-modifier-for-k8s, grafana-pyroscope, crossplane-provider-sql, eks-distro-fips, fixuid, rclone, rke2-runtime, flux-image-reflector-controller, karpenter-fips,...
A10 Networks AX Loadbalancer 安全漏洞
A10 Networks AX Loadbalancer is a load balancer appliance from A10 Networks, USA. A security vulnerability exists in A10 Networks AX Loadbalancer 2.6.1-GR1-P5 and 2.7.0 and earlier versions, which stems from an unvalidated filename parameter that could lead to path traversal and information...
mod_proxy_cluster bug fix update
An update is available for modproxycluster. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The modproxycluster module is a plugin for the Apache HTTP Server tha...
MongoDB 6.0.x < 6.0.23 / 7.0.x < 7.0.20 / 8.0.x < 8.0.9 Incorrect Handling of Incomplete Data (SERVER-106753)
The version of MongoDB installed on the remote host is 6.0 prior to 6.0.23, 7.0 prior to 7.0.20 and 8.0 prior to 8.0.9. It is, therefore, affected by a vulnerability as referenced in the SERVER-106753 advisory. - MongoDB Server's mongos component can become unresponsive to new connections due to...
CVE-2025-6714
MongoDB Server's mongos component can become unresponsive to new connections due to incorrect handling of incomplete data. This affects MongoDB when configured with load balancer support. This issue affects MongoDB Server v6.0 prior to 6.0.23, MongoDB Server v7.0 prior to 7.0.20 and MongoDB Serve...
FreeBSD : MongoDB -- Incorrect Handling of incomplete data may prevent mongoS from Accepting New Connections (79251dc8-5bc5-11f0-834f-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 79251dc8-5bc5-11f0-834f-b42e991fc52e advisory. [email protected] reports: MongoDB Server's mongos component can become unresponsive to new connections d...
MongoDB Server Resource Management Error Vulnerability
MongoDB Server is the United States MongoDB company's set of open source NoSQL database . The database provides collection-oriented storage , dynamic query , data replication and automatic failover and other functions . A security vulnerability exists in MongoDB Server versions prior to 6.0.23,...
CVE-2025-6714
MongoDB Server's mongos component can become unresponsive to new connections due to incorrect handling of incomplete data. This affects MongoDB when configured with load balancer support. This issue affects MongoDB Server v6.0 prior to 6.0.23, MongoDB Server v7.0 prior to 7.0.20 and MongoDB Serve...
CVE-2025-6714
MongoDB Server's mongos component can become unresponsive to new connections due to incorrect handling of incomplete data. This affects MongoDB when configured with load balancer support. This issue affects MongoDB Server v6.0 prior to 6.0.23, MongoDB Server v7.0 prior to 7.0.20 and MongoDB Serve...