759 matches found
CVE-2025-4600
CVE-2025-4600 concerns Google Cloud Classic Application Load Balancer. The issue is a HTTP request smuggling vulnerability caused by improper handling of chunked-encoded requests. The root cause is mishandling of chunked data, allowing backend misinterpretation. The fix disallowed stray data afte...
CVE-2025-4600 HTTP Request Smuggling in Google Cloud Classic Application Load Balancer due to Improper Chunked Encoding Validation
A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer due to improper handling of chunked-encoded HTTP requests. This allowed attackers to craft requests that could be misinterpreted by backend servers. The issue was fixed by disallowing stray data after ...
CVE-2025-4600 HTTP Request Smuggling in Google Cloud Classic Application Load Balancer due to Improper Chunked Encoding Validation
A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer due to improper handling of chunked-encoded HTTP requests. This allowed attackers to craft requests that could be misinterpreted by backend servers. The issue was fixed by disallowing stray data after ...
PT-2025-21652 · Google · Google Cloud Classic Application Load Balancer
Name of the Vulnerable Software and Affected Versions: Google Cloud Classic Application Load Balancer versions prior to 2025-04-26 Description: A request smuggling issue existed due to improper handling of chunked-encoded HTTP requests, allowing attackers to craft requests that could be...
Google Cloud Classic Application Load Balancer 输入验证错误漏洞
Google Cloud Classic Application Load Balancer is a legacy application load balancing service from Google, Inc. that is used to automatically distribute traffic to back-end service instances in a cloud environment. An input validation error vulnerability exists in Google Cloud Classic Application...
[SECURITY] Fedora 41 Update: dnsdist-1.9.9-1.fc41
dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in life is to route traffic to the best server, delivering top performance to legitimate users while shunting or blocking abusive traffic...
[SECURITY] Fedora 42 Update: dnsdist-1.9.9-1.fc42
dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in life is to route traffic to the best server, delivering top performance to legitimate users while shunting or blocking abusive traffic...
The vulnerability of software for managing traffic in hybrid and multi-cloud environments, such as VMware Avi Load Balancer, stems from insecure management of privileges. This allows attackers to escalate their privileges and gain access to create, modify, or delete files.
The vulnerability of the software for managing traffic in hybrid and multi-cloud environments in VMware Avi Load Balancer is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to increase their privileges and gain access to create, modify, or delete...
The vulnerability of software for managing traffic in hybrid and multi-cloud environments, such as VMware Avi Load Balancer, stems from insufficient protection of registration data. This allows attackers to exploit the vulnerabilities to disclose sensitive information.
The vulnerability of the software for managing traffic in hybrid and multi-cloud environments of VMware Avi Load Balancer is related to insufficient protection of registration data. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...
Domain passthrough with ZeroTrust VPN users get "cannot start your session" via Azure load balancer
When you access Store URL and click on "Log on" you see the error - cannot start your session. wait a few minutes and try to logon again. If you still experience problems, contact your help desk. When you click on the "OK" button multiple times, eventually it goes away. More details on deployment...
NetScaler Responder Policy not working as expected when LB is configured to use AAA
Having defined a Responder Policy for use and binding it to a Load Balancing virtual server, you find that Policy Hits are seen and Responder Action used only when no Authentication Host is configured on the Load Balancer. When using the Load Balancer with an Authentication Host configured for us...
CVE-2025-32431
Traefik pronounced traffic is an HTTP reverse proxy and load balancer. In versions prior to 2.11.24, 3.3.6, and 3.4.0-rc2. There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backe...
CVE-2025-32431
Traefik pronounced traffic is an HTTP reverse proxy and load balancer. In versions prior to 2.11.24, 3.3.6, and 3.4.0-rc2. There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backe...
CVE-2025-32431 Traefik has a possible vulnerability with the path matchers
Traefik pronounced traffic is an HTTP reverse proxy and load balancer. In versions prior to 2.11.24, 3.3.6, and 3.4.0-rc2. There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backe...
SUSE CVE-2025-30162
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service implementation and use network policies to block egress traffic from workloads in a namespace to...
CVE-2025-30162 East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service implementation and use network policies to block egress traffic from workloads in a namespace to...
CVE-2025-30162 East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service implementation and use network policies to block egress traffic from workloads in a namespace to...
Cilium 安全漏洞
Cilium is an open source software from Cilium Open Source. It is used to provide and transparently secure network connectivity and load balancing between application workloads such as application containers or processes. A security vulnerability exists in Cilium versions v1.15.0 through v1.15.14,...
PT-2025-12672
Name of the Vulnerable Software and Affected Versions Cilium versions 1.15.0 through 1.15.14 Cilium versions 1.16.0 through 1.16.7 Cilium versions 1.17.0 through 1.17.1 Description The issue affects Cilium users who use Gateway API for Ingress and LB-IPAM or BGP for LoadBalancer Service...
Moderate: Red Hat Bug Fix Advisory: mod_proxy_cluster bug fix update
An update for modproxycluster is now available for Red Hat Enterprise Linux 9. The modproxycluster module is a plugin for the Apache HTTP Server that provides load-balancer functionality. Bug Fixes: Rebuild modproxycluster against httpd 2.4.62 JIRA:RHEL-70140 Rebase modproxycluster to upstream...