CVE-2021-34417

The CVE-2021-34417 entry affects multiple Zoom On‑Premise components: Controller, MMR, Recording Connector, Virtual Room Connector, and Load Balancer, with vulnerable versions prior to 4.6.365.20210703 (Controller/MMR/Recording Connector) or 4.4.6868.20210703 (Virtual Room Connector) and 2.5.5496...

Zoom 多款产品输入验证错误漏洞

ZOOM Zoom Call Recording is a scalable session recording management solution.ZOOM on-premise Meeting Connector is a meeting connector.Zoom On- Premise Meeting Connector Controller and others are products of Zoom USA.Zoom On-Premise Meeting Connector Controller is an on-premise meeting connector. ...

ZOOM 多款产品代码问题漏洞

ZOOM Zoom Call Recording is a scalable session recording management solution.ZOOM on-premise Meeting Connector is a meeting connector.Zoom On- Premise Meeting Connector Controller and others are products of Zoom USA.Zoom On-Premise Meeting Connector Controller is an on-premise meeting connector. ...

Deploy Layered Security with Azure GWLB & Trend Micro

Looking to deploy broad network layer protection that integrates with your Azure services? You’re in the right place. Learn more about our latest launch partnership with Azure Gateway Load Balancer...

Domain-Protect - Protect Against Subdomain Takeover

Protect Against Subdomain Takeover scans Amazon Route53 across an AWS Organization for domain records vulnerable to takeover vulnerable domains in Google Cloud DNS can be detected by Domain Protect for GCP deploy to security audit account scan your entire AWS Organization receive alerts by Slack ...

CVE-2021-22960

An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. During the parsing of chunked messages, the chunk size parameter was not validated properly. In situations where HTTP conversations are being proxied such as proxy, reverse-proxy, load-balancer, an...

CVE-2021-34414

The network proxy page on the web portal for the Zoom on-premise Meeting Connector Controller before version 4.6.348.20201217, Zoom on-premise Meeting Connector MMR before version 4.6.348.20201217, Zoom on-premise Recording Connector before version 3.8.42.20200905, Zoom on-premise Virtual Room...

CVE-2021-34414

The network proxy page on the web portal for the Zoom on-premise Meeting Connector Controller before version 4.6.348.20201217, Zoom on-premise Meeting Connector MMR before version 4.6.348.20201217, Zoom on-premise Recording Connector before version 3.8.42.20200905, Zoom on-premise Virtual Room...

Virtuozzo Hybrid Infrastructure 4.6 Update 2

This update provides bug fixes and improvements. Vulnerability id: VSTOR-45618 Incorrect storage usage values are reported. Vulnerability id: VSTOR-45724 Some users cannot access S3 via the user panel. Vulnerability id: VSTOR-44252 Detection of slow disks works inside virtual environments...

CVE-2021-32813

Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation,...

CVE-2021-32813

Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation,...

Design/Logic Flaw

Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation,...

CVE-2021-32813

The CVE-2021-32813 issue affects Traefik (HTTP reverse proxy/load balancer). Before v2.4.13, Traefik’s handling of the Connection header can remove a request header if a middleware chain sets a header and the request uses a specific Connection header, potentially preventing the backend from seein...

Virtuozzo Hybrid Infrastructure 4.6 Update 1

This update provides new features, as well as bug fixes and improvements. Vulnerability id: VSTOR-45315 The MDS service may be unstable under a high load condition. Vulnerability id: VSTOR-43126 A deadlock is possible between atomic and non-atomic commands in the iSCSI kernel module. Vulnerabilit...

Kubernetes: AWS Load Balancer Controller can be used by an attacker to modify rules of any Security Group that they are able to tag

Report Submission Form Summary: The IAM Policy of AWS Load Balancer Controller allows it to modify rules of any SG on the AWS Account. This is legitimately used to manage Security Groups created by the controller when an Ingress resource doesn’t explicit a SG. Annotations can be added to the...

Kubernetes: AWS Load Balancer Controller Managed Security Groups can be replaced by an unprivileged attacker

Report Submission Form Summary: When creating an Ingress of class alb, by default, AWS Load Balancer Controller creates a managed SG and attaches it to the created ALB. This SG limits which ports of the ALB are accessible by whom. An attacker is able to craft another SG that can be used to trick...

Node.js: All versions prior to Node.js 6.15.0 8.14.0 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection) and carefully timed completion of the headers it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.

...

In Node.js including 6.x before 6.17.0 8.x before 8.15.1 10.x before 10.15.2 and 11.x before 11.10.1 an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. This keeps the connection and associated resources alive for a long period of time. Potential attacks are mitigated by the use of a load balancer or other proxy layer. This vulnerability is an extension of CVE-2018-12121 addressed in November and impacts all active Node.js release lines including 6.x before 6.17.0 8.x before 8.15.1 10.x before 10.15.2 and 11.x before 11.10.1.

...

pfSense cross-site scripting vulnerability (CNVD-2021-43531)

pfsense is an open source routing and firewall software, customized and developed based on freebsd system. A stored cross-site scripting vulnerability exists in the loadbalancermonitor.php function in pfSense version 2.4.5-p1. An attacker can exploit this vulnerability to execute arbitrary web...

CVE-2020-26693

A stored cross-site scripting XSS vulnerability was discovered in pfSense 2.4.5-p1 which allows an authenticated attacker to execute arbitrary web scripts via exploitation of the loadbalancermonitor.php function...