759 matches found
haproxy bug fix and enhancement update
An update is available for haproxy. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The haproxy packages provide a reliable, high-performance network load balanc...
SUSE CVE-2025-1293
Hermes versions up to 0.4.0 improperly validated the JWT provided when using the AWS ALB authentication mode, potentially allowing for authentication bypass. This vulnerability, CVE-2025-1293, was fixed in Hermes 0.5.0...
HashiCorp Hermes 安全漏洞
HashiCorp Hermes is a document management system from HashiCorp Inc. in the United States. A security vulnerability exists in HashiCorp Hermes version 0.4.0 and prior versions that stems from incorrect authentication of the supplied JWT when using the AWS ALB authentication mode...
Securing Dynamic Cloud Environments: Best Practices for Comprehensive Scanning
As organizations increasingly adopt cloud-native development, the complexity of securing dynamic environments continues to grow. Vulnerability scanning remains a cornerstone of cloud security, enabling organizations to identify and address risks effectively. However, with the increasing prevalenc...
SUSE CVE-2024-8901
The AWS ALB Route Directive Adapter For Istio repo https://github.com/awslabs/aws-alb-route-directive-adapter-for-istio/tree/master provides an OIDC authentication mechanism that was integrated into the open source Kubeflow project. The adapter uses JWT for authentication, but lacks proper signer...
CVE-2025-25182 Stroom Authentication/Authorization Bypass when using AWS ALB
Stroom is a data processing, storage and analysis platform. A vulnerability exists starting in version 7.2-beta.53 and prior to versions 7.2.24, 7.3-beta.22, 7.4.4, and 7.5-beta.2 that allows authentication bypass to a Stroom system when configured with ALB and installed in a way that the...
CVE-2025-25182 Stroom Authentication/Authorization Bypass when using AWS ALB
Stroom is a data processing, storage and analysis platform. A vulnerability exists starting in version 7.2-beta.53 and prior to versions 7.2.24, 7.3-beta.22, 7.4.4, and 7.5-beta.2 that allows authentication bypass to a Stroom system when configured with ALB and installed in a way that the...
stroom 安全漏洞
stroom is a highly scalable data storage, processing, and analytics platform open-sourced by GCHQ. A security vulnerability exists in stroom that stems from a vulnerability that allows bypassing the authentication of the stroom system when the ALB is configured and installed in a way that the...
CVE-2025-22217
Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products. A malicious user with network access may be able to use specially crafted SQL queries to gain...
CVE-2024-10125
The Amazon.ApplicationLoadBalancer.Identity.AspNetCore repo https://github.com/awslabs/aws-alb-identity-aspnetcorevalidatetokensignature contains Middleware that can be used in conjunction with the Application Load Balancer ALB OpenId Connect integration and can be used in any ASP.NET...
CVE-2024-0252
ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability...
The vulnerability of the software for managing traffic in hybrid and multi-cloud environments, such as VMware Avi Load Balancer, stems from insufficient measures taken to protect the SQL query structure. This allows attackers to gain access to the internal database.
The vulnerability of the software for managing traffic in hybrid and multi-cloud environments of VMware Avi Load Balancer is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow a malicious actor to gain access to the internal database...
Broadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load Balancer
Broadcom has alerted of a high-severity security flaw in VMware Avi Load Balancer that could be weaponized by malicious actors to gain entrenched database access. The vulnerability, tracked as CVE-2025-22217 CVSS score: 8.6, has been described as an unauthenticated blind SQL injection. "A malicio...
CVE-2025-22217
Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products. A malicious user with network access may be able to use specially crafted SQL queries to gain...
CVE-2025-22217
Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products. A malicious user with network access may be able to use specially crafted SQL queries to gain...
CVE-2025-22217
CVE-2025-22217 affects VMware Avi Load Balancer and is an unauthenticated blind SQL injection. A remote attacker with network access can craft queries to potentially gain database access. Public sources identify affected product families and versions, with patches available to remediate in VMware...
CVE-2025-22217
Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products. A malicious user with network access may be able to use specially crafted SQL queries to gain...
PT-2025-1305 · Avi · Avi Load Balancer
Name of the Vulnerable Software and Affected Versions: Avi Load Balancer versions 30.1.1 through 30.2.2 Description: The Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability. A malicious user with network access may be able to use specially crafted SQL queries to gain...
VMware Avi Load Balancer 安全漏洞
VMware Avi Load Balancer is a load balancing platform from VMware. A security vulnerability exists in VMware Avi Load Balancer. An attacker could exploit the vulnerability to gain database access using specially crafted SQL queries...
GHSA-W32M-9786-JP63 vulnerabilities
Vulnerabilities for packages: coredns, vault-benchmark, terraform, gke-gcloud-auth-plugin, minio, ko, buildah, kuberlr, kube-fluentd-operator, prometheus-blackbox-exporter, kyverno-policy-reporter, cosign, gitea, cloudnative-pg, velero, local-static-provisioner, nri-discovery-kubernetes, kine,...