Lucene search
K

759 matches found

CVE
CVE
added 2025/05/16 1:47 p.m.44 views

CVE-2025-4600

CVE-2025-4600 concerns Google Cloud Classic Application Load Balancer. The issue is a HTTP request smuggling vulnerability caused by improper handling of chunked-encoded requests. The root cause is mishandling of chunked data, allowing backend misinterpretation. The fix disallowed stray data afte...

8.7CVSS6.3AI score0.00187EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/16 1:47 p.m.8 views

CVE-2025-4600 HTTP Request Smuggling in Google Cloud Classic Application Load Balancer due to Improper Chunked Encoding Validation

A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer due to improper handling of chunked-encoded HTTP requests. This allowed attackers to craft requests that could be misinterpreted by backend servers. The issue was fixed by disallowing stray data after ...

8.7CVSS6.9AI score0.00187EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/16 1:47 p.m.13 views

CVE-2025-4600 HTTP Request Smuggling in Google Cloud Classic Application Load Balancer due to Improper Chunked Encoding Validation

A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer due to improper handling of chunked-encoded HTTP requests. This allowed attackers to craft requests that could be misinterpreted by backend servers. The issue was fixed by disallowing stray data after ...

8.7CVSS0.00187EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/16 12:0 a.m.9 views

PT-2025-21652 · Google · Google Cloud Classic Application Load Balancer

Name of the Vulnerable Software and Affected Versions: Google Cloud Classic Application Load Balancer versions prior to 2025-04-26 Description: A request smuggling issue existed due to improper handling of chunked-encoded HTTP requests, allowing attackers to craft requests that could be...

8.7CVSS6AI score0.00187EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/05/16 12:0 a.m.3 views

Google Cloud Classic Application Load Balancer 输入验证错误漏洞

Google Cloud Classic Application Load Balancer is a legacy application load balancing service from Google, Inc. that is used to automatically distribute traffic to back-end service instances in a cloud environment. An input validation error vulnerability exists in Google Cloud Classic Application...

8.7CVSS6.7AI score0.00187EPSS
Exploits0References3
Fedora
Fedora
added 2025/05/15 2:13 a.m.9 views

[SECURITY] Fedora 41 Update: dnsdist-1.9.9-1.fc41

dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in life is to route traffic to the best server, delivering top performance to legitimate users while shunting or blocking abusive traffic...

7.5CVSS7.6AI score0.02068EPSS
Exploits0
Fedora
Fedora
added 2025/05/15 1:56 a.m.9 views

[SECURITY] Fedora 42 Update: dnsdist-1.9.9-1.fc42

dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in life is to route traffic to the best server, delivering top performance to legitimate users while shunting or blocking abusive traffic...

7.5CVSS7.6AI score0.02068EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/05/14 12:0 a.m.5 views

The vulnerability of software for managing traffic in hybrid and multi-cloud environments, such as VMware Avi Load Balancer, stems from insecure management of privileges. This allows attackers to escalate their privileges and gain access to create, modify, or delete files.

The vulnerability of the software for managing traffic in hybrid and multi-cloud environments in VMware Avi Load Balancer is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to increase their privileges and gain access to create, modify, or delete...

9CVSS5.5AI score0.00549EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/14 12:0 a.m.4 views

The vulnerability of software for managing traffic in hybrid and multi-cloud environments, such as VMware Avi Load Balancer, stems from insufficient protection of registration data. This allows attackers to exploit the vulnerabilities to disclose sensitive information.

The vulnerability of the software for managing traffic in hybrid and multi-cloud environments of VMware Avi Load Balancer is related to insufficient protection of registration data. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...

6.8CVSS5.5AI score0.00399EPSS
Exploits0References3Affected Software1
Citrix
Citrix
added 2025/05/06 12:0 a.m.14 views

Domain passthrough with ZeroTrust VPN users get "cannot start your session" via Azure load balancer

When you access Store URL and click on "Log on" you see the error - cannot start your session. wait a few minutes and try to logon again. If you still experience problems, contact your help desk. When you click on the "OK" button multiple times, eventually it goes away. More details on deployment...

7.2AI score
Exploits0
Citrix
Citrix
added 2025/05/01 12:0 a.m.15 views

NetScaler Responder Policy not working as expected when LB is configured to use AAA

Having defined a Responder Policy for use and binding it to a Load Balancing virtual server, you find that Policy Hits are seen and Responder Action used only when no Authentication Host is configured on the Load Balancer. When using the Load Balancer with an Authentication Host configured for us...

7.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/04/25 5:31 p.m.11 views

CVE-2025-32431

Traefik pronounced traffic is an HTTP reverse proxy and load balancer. In versions prior to 2.11.24, 3.3.6, and 3.4.0-rc2. There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backe...

9.3CVSS6.7AI score0.00768EPSS
Exploits0References1
NVD
NVD
added 2025/04/21 4:15 p.m.28 views

CVE-2025-32431

Traefik pronounced traffic is an HTTP reverse proxy and load balancer. In versions prior to 2.11.24, 3.3.6, and 3.4.0-rc2. There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backe...

9.3CVSS0.00768EPSS
Exploits0References5
OSV
OSV
added 2025/04/21 3:34 p.m.3 views

CVE-2025-32431 Traefik has a possible vulnerability with the path matchers

Traefik pronounced traffic is an HTTP reverse proxy and load balancer. In versions prior to 2.11.24, 3.3.6, and 3.4.0-rc2. There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backe...

9.3CVSS3.9AI score0.00768EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2025/03/25 4:0 p.m.1 views

SUSE CVE-2025-30162

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service implementation and use network policies to block egress traffic from workloads in a namespace to...

4.3CVSS6.7AI score0.0021EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/03/24 6:44 p.m.14 views

CVE-2025-30162 East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service implementation and use network policies to block egress traffic from workloads in a namespace to...

3.2CVSS0.0021EPSS
Exploits0References3
OSV
OSV
added 2025/03/24 6:44 p.m.3 views

CVE-2025-30162 East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service implementation and use network policies to block egress traffic from workloads in a namespace to...

3.2CVSS4.9AI score0.0021EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/03/24 12:0 a.m.4 views

Cilium 安全漏洞

Cilium is an open source software from Cilium Open Source. It is used to provide and transparently secure network connectivity and load balancing between application workloads such as application containers or processes. A security vulnerability exists in Cilium versions v1.15.0 through v1.15.14,...

4.3CVSS5AI score0.0021EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/03/24 12:0 a.m.5 views

PT-2025-12672

Name of the Vulnerable Software and Affected Versions Cilium versions 1.15.0 through 1.15.14 Cilium versions 1.16.0 through 1.16.7 Cilium versions 1.17.0 through 1.17.1 Description The issue affects Cilium users who use Gateway API for Ingress and LB-IPAM or BGP for LoadBalancer Service...

9.8CVSS6.9AI score0.99098EPSS
Exploits23References49
RedHat Linux
RedHat Linux
added 2025/03/18 12:36 a.m.9 views

Moderate: Red Hat Bug Fix Advisory: mod_proxy_cluster bug fix update

An update for modproxycluster is now available for Red Hat Enterprise Linux 9. The modproxycluster module is a plugin for the Apache HTTP Server that provides load-balancer functionality. Bug Fixes: Rebuild modproxycluster against httpd 2.4.62 JIRA:RHEL-70140 Rebase modproxycluster to upstream...

5.4CVSS6.1AI score0.0026EPSS
Exploits0
Rows per page
Query Builder