Lucene search
K

759 matches found

Rockylinux
Rockylinux
added 2025/03/17 8:16 p.m.6 views

haproxy bug fix and enhancement update

An update is available for haproxy. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The haproxy packages provide a reliable, high-performance network load balanc...

7.3AI score
Exploits0
SUSE CVE
SUSE CVE
added 2025/03/14 2:59 a.m.2 views

SUSE CVE-2025-1293

Hermes versions up to 0.4.0 improperly validated the JWT provided when using the AWS ALB authentication mode, potentially allowing for authentication bypass. This vulnerability, CVE-2025-1293, was fixed in Hermes 0.5.0...

8.2CVSS7AI score0.00321EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/20 12:0 a.m.6 views

HashiCorp Hermes 安全漏洞

HashiCorp Hermes is a document management system from HashiCorp Inc. in the United States. A security vulnerability exists in HashiCorp Hermes version 0.4.0 and prior versions that stems from incorrect authentication of the supplied JWT when using the AWS ALB authentication mode...

8.2CVSS6.7AI score0.00321EPSS
Exploits0References1
Qualys Blog
Qualys Blog
added 2025/02/18 4:0 p.m.12 views

Securing Dynamic Cloud Environments: Best Practices for Comprehensive Scanning

As organizations increasingly adopt cloud-native development, the complexity of securing dynamic environments continues to grow. Vulnerability scanning remains a cornerstone of cloud security, enabling organizations to identify and address risks effectively. However, with the increasing prevalenc...

8AI score
Exploits0
SUSE CVE
SUSE CVE
added 2025/02/14 5:38 a.m.2 views

SUSE CVE-2024-8901

The AWS ALB Route Directive Adapter For Istio repo https://github.com/awslabs/aws-alb-route-directive-adapter-for-istio/tree/master provides an OIDC authentication mechanism that was integrated into the open source Kubeflow project. The adapter uses JWT for authentication, but lacks proper signer...

7.5CVSS8.1AI score0.00358EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/02/12 4:16 p.m.14 views

CVE-2025-25182 Stroom Authentication/Authorization Bypass when using AWS ALB

Stroom is a data processing, storage and analysis platform. A vulnerability exists starting in version 7.2-beta.53 and prior to versions 7.2.24, 7.3-beta.22, 7.4.4, and 7.5-beta.2 that allows authentication bypass to a Stroom system when configured with ALB and installed in a way that the...

9.4CVSS0.00643EPSS
Exploits0References2
OSV
OSV
added 2025/02/12 4:16 p.m.3 views

CVE-2025-25182 Stroom Authentication/Authorization Bypass when using AWS ALB

Stroom is a data processing, storage and analysis platform. A vulnerability exists starting in version 7.2-beta.53 and prior to versions 7.2.24, 7.3-beta.22, 7.4.4, and 7.5-beta.2 that allows authentication bypass to a Stroom system when configured with ALB and installed in a way that the...

9.4CVSS7.8AI score0.00643EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.2 views

stroom 安全漏洞

stroom is a highly scalable data storage, processing, and analytics platform open-sourced by GCHQ. A security vulnerability exists in stroom that stems from a vulnerability that allows bypassing the authentication of the stroom system when the ALB is configured and installed in a way that the...

9.4CVSS6.9AI score0.00643EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/06 2:28 a.m.13 views

CVE-2025-22217

Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products. A malicious user with network access may be able to use specially crafted SQL queries to gain...

8.6CVSS8.4AI score0.00633EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:4 a.m.9 views

CVE-2024-10125

The Amazon.ApplicationLoadBalancer.Identity.AspNetCore repo https://github.com/awslabs/aws-alb-identity-aspnetcorevalidatetokensignature contains Middleware that can be used in conjunction with the Application Load Balancer ALB OpenId Connect integration and can be used in any ASP.NET...

7.5CVSS7.6AI score0.00319EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/04 11:6 p.m.14 views

CVE-2024-0252

ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability...

8.8CVSS7.9AI score0.07814EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/01/30 12:0 a.m.6 views

The vulnerability of the software for managing traffic in hybrid and multi-cloud environments, such as VMware Avi Load Balancer, stems from insufficient measures taken to protect the SQL query structure. This allows attackers to gain access to the internal database.

The vulnerability of the software for managing traffic in hybrid and multi-cloud environments of VMware Avi Load Balancer is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow a malicious actor to gain access to the internal database...

8.6CVSS8.1AI score0.00633EPSS
Exploits0References2Affected Software1
The Hacker News
The Hacker News
added 2025/01/29 5:29 a.m.28 views

Broadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load Balancer

Broadcom has alerted of a high-severity security flaw in VMware Avi Load Balancer that could be weaponized by malicious actors to gain entrenched database access. The vulnerability, tracked as CVE-2025-22217 CVSS score: 8.6, has been described as an unauthenticated blind SQL injection. "A malicio...

8.6CVSS8.1AI score0.00633EPSS
Exploits0
NVD
NVD
added 2025/01/28 7:15 p.m.19 views

CVE-2025-22217

Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products. A malicious user with network access may be able to use specially crafted SQL queries to gain...

8.6CVSS0.00633EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/28 6:33 p.m.18 views

CVE-2025-22217

Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products. A malicious user with network access may be able to use specially crafted SQL queries to gain...

8.6CVSS0.00633EPSS
Exploits0References1
CVE
CVE
added 2025/01/28 6:33 p.m.148 views

CVE-2025-22217

CVE-2025-22217 affects VMware Avi Load Balancer and is an unauthenticated blind SQL injection. A remote attacker with network access can craft queries to potentially gain database access. Public sources identify affected product families and versions, with patches available to remediate in VMware...

8.6CVSS8.6AI score0.00633EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/28 6:33 p.m.14 views

CVE-2025-22217

Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products. A malicious user with network access may be able to use specially crafted SQL queries to gain...

8.6CVSS9AI score0.00633EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/28 12:0 a.m.3 views

PT-2025-1305 · Avi · Avi Load Balancer

Name of the Vulnerable Software and Affected Versions: Avi Load Balancer versions 30.1.1 through 30.2.2 Description: The Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability. A malicious user with network access may be able to use specially crafted SQL queries to gain...

8.6CVSS10AI score0.00633EPSS
Exploits0References37
CNNVD
CNNVD
added 2025/01/28 12:0 a.m.3 views

VMware Avi Load Balancer 安全漏洞

VMware Avi Load Balancer is a load balancing platform from VMware. A security vulnerability exists in VMware Avi Load Balancer. An attacker could exploit the vulnerability to gain database access using specially crafted SQL queries...

8.6CVSS9.2AI score0.00633EPSS
Exploits0References1
Wolfi
Wolfi
added 2024/12/18 9:59 p.m.109 views

GHSA-W32M-9786-JP63 vulnerabilities

Vulnerabilities for packages: coredns, vault-benchmark, terraform, gke-gcloud-auth-plugin, minio, ko, buildah, kuberlr, kube-fluentd-operator, prometheus-blackbox-exporter, kyverno-policy-reporter, cosign, gitea, cloudnative-pg, velero, local-static-provisioner, nri-discovery-kubernetes, kine,...

5.8AI score
Exploits0
Rows per page
Query Builder