758 matches found
GHSA-QXQC-27PR-WGC8 GoAuthentik vulnerable to Insufficient Authorization for several API endpoints
Summary Several API endpoints can be accessed by users without correct authentication/authorization. The main API endpoints affected by this: - /api/v3/crypto/certificatekeypairs//viewcertificate/ - /api/v3/crypto/certificatekeypairs//viewprivatekey/ - /api/v3/.../usedby/ Note that all of the...
New 'ALBeast' Misconfiguration Exposes Weakness in AWS Application Load Balancer
As many as 15,000 applications using Amazon Web Services' AWS Application Load Balancer ALB for authentication are potentially susceptible to a configuration-based issue that could expose them to sidestep access controls and compromise applications. That's according to findings from Israeli...
An AWS Configuration Issue Could Expose Thousands of Web Apps
Amazon has updated its instructions for how customers should more securely implement AWS's traffic-routing service known as Application Load Balancer, but it's not clear everyone will get the memo...
PT-2024-28672 · F5 · Big-Ip
Name of the Vulnerable Software and Affected Versions: BIG-IP affected versions not specified Description: The issue occurs when a stateless virtual server is configured on a BIG-IP system with a High-Speed Bridge HSB, allowing undisclosed requests to cause the TMM to terminate. Recommendations: ...
Virtuozzo Hybrid Infrastructure 6.2 Hotfix 2 (6.2.0-142)
This update provides security and stability fixes. Vulnerability id: VSTOR-75009, VSTOR-76816, VSTOR-87057 Stability fixes for the hypervisor. Vulnerability id: VSTOR-87588 Fixed an issue with storage space calculation for the "Other" category in the "Logical space" chart in the admin panel...
CVE-2024-39321
An authorization bypass vulnerability was found in Traefik. This flaw allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Mitigation Mitigation for this issue is either not available or the currently available options do not meet...
CVE-2024-39321 Traefik vulnerable to bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes
Traefik is an HTTP reverse proxy and load balancer. Versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3 have a vulnerability that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Versions 2.11.6, 3.0.4, and 3.1.0-rc3 contain a patc...
Virtuozzo Hybrid Infrastructure 6.2 (6.2.0-136)
In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover the compute service, high availability of the management node, object storage management, networking, and monitoring. Additionally, this release delivers stability improvements and addresses issues found ...
PT-2024-19157 · Intel · Intel Dlb Driver
Name of the Vulnerable Software and Affected Versions: IntelR DLB driver software versions prior to 8.5.0 Description: The issue is related to improper input validation, which may allow an authenticated user to potentially cause a denial of service via local access. Recommendations: For versions...
Intel Dynamic Load Balancer 安全漏洞
Intel Dynamic Load Balancer is a dynamic load balancer technology from Intel Corporation. A security vulnerability exists in Intel Dynamic Load Balancer prior to version 8.5.0, which stems from an incorrect input validation issue. The vulnerability could allow an authenticated user to potentially...
CVE-2024-22266
VMware Avi Load Balancer contains an information disclosure vulnerability. A malicious actor with access to the system logs can view cloud connection credentials in plaintext...
CVE-2024-22264
VMware Avi Load Balancer contains a privilege escalation vulnerability. A malicious actor with admin privileges on VMware Avi Load Balancer can create, modify, execute and delete files as a root user on the host system...
CVE-2024-22266 VMware Avi Load Balancer updates address multiple vulnerabilities
VMware Avi Load Balancer contains an information disclosure vulnerability. A malicious actor with access to the system logs can view cloud connection credentials in plaintext...
CVE-2024-22266 VMware Avi Load Balancer updates address multiple vulnerabilities
VMware Avi Load Balancer contains an information disclosure vulnerability. A malicious actor with access to the system logs can view cloud connection credentials in plaintext...
CVE-2024-22266
CVE-2024-22266 concerns VMware Avi Load Balancer. An information disclosure vulnerability allows a malicious actor with access to system logs to view cloud connection credentials in plaintext. The CVSS 3.1 base score is 6.5 (Network, Low attack complexity, Privileges Required: Low; Confidentialit...
CVE-2024-22264
CVE-2024-22264 affects VMware Avi Load Balancer. The available connected documents describe a privilege escalation where an administrator on the appliance can create, modify, execute, and delete files as root on the host system, indicating a local-privilege escalation vulnerability. The CVSS v3.1...
CVE-2024-22264 VMware Avi Load Balancer updates address multiple vulnerabilities
VMware Avi Load Balancer contains a privilege escalation vulnerability. A malicious actor with admin privileges on VMware Avi Load Balancer can create, modify, execute and delete files as a root user on the host system...
CVE-2024-22264 VMware Avi Load Balancer updates address multiple vulnerabilities
VMware Avi Load Balancer contains a privilege escalation vulnerability. A malicious actor with admin privileges on VMware Avi Load Balancer can create, modify, execute and delete files as a root user on the host system...
VMware Avi Load Balancer 安全漏洞
VMware Avi Load Balancer is a load balancing platform from VMware. A security vulnerability exists in VMware Avi Load Balancer that originates from a malicious actor with access to system logs being able to view cloud connection credentials in plaintext...
PT-2024-19295 · Vmware · Vmware Avi Load Balancer
Name of the Vulnerable Software and Affected Versions: VMware Avi Load Balancer affected versions not specified Description: The issue allows a malicious actor with admin privileges on VMware Avi Load Balancer to create, modify, execute, and delete files as a root user on the host system. This is...