756 matches found
pfSense 跨站脚本漏洞
pfsense is an open source routing and firewall software, customized and developed based on freebsd system. A stored cross-site scripting vulnerability exists in the loadbalancermonitor.php function in pfSense version 2.4.5-p1. An attacker can exploit this vulnerability to execute arbitrary web...
Virtuozzo Hybrid Infrastructure 4.5 Update 1 Hotfix 3 (4.5.1-42)
This update provides fixes for the storage and compute services. Vulnerability id: VSTOR-43250 Load balancer members are not displayed in the self-service panel. Vulnerability id: VSTOR-43236 A Kubernetes VM's system disk may be out of space due to Podman logs. Vulnerability id: VSTOR-41499...
CVE-2021-20238
It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint port 22623 provides ignition configuration used for bootstrapping Nodes and can include some sensitive data,...
Virtuozzo Hybrid Infrastructure 4.5 (4.5.0-284)
In this release, Virtuozzo Hybrid Infrastructure provides a wide range of new features that enhance the end-user experience and service providers' interoperability. The improvements cover compute services, networking, storage core, monitoring, and the administrative user interface. Additionally,...
BIG-IP 安全漏洞
F5 BIG-IP is a popular load balancing solution. The F5 BIG-IP TMM handles oversized communications with a security vulnerability that allows remote attackers to exploit the vulnerability to submit special requests that can crash applications...
UBUNTU-CVE-2020-8554
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...
kubernetes: MITM using LoadBalancer or ExternalIPs
A flaw was found in kubernetes. If a potential attacker can already create or edit services and pods, then they may be able to intercept traffic from other pods or nodes in the cluster...
Vulnerability found in Kubernetes
A vulnerability has been found in Kubernetes that allows a malicious person capable of performing a man-in-the-middle attack on the traffic within a cluster. By advertising an external IP address or by claiming a load balancer IP, traffic can be redirected to the attacker. However, the malicious...
Oracle Linux 8 : nginx:1.16 (ELSA-2020-5495)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5495 advisory. 1:1.16.1-1.0.1.1 - Remove Red Hat references Orabug: 29498217 1:1.16.1-1.1 - Resolves: 1898952 - CVE 2019-20372 nginx:1.16/nginx: HTTP request smuggling via err...
Product update: Virtuozzo Hybrid Infrastructure 4.0 Update 1
This update provides a new feature, as well as bug fixes and improvements. Vulnerability id: VSTOR-38583 A non-admin user is unable to create volumes from the command line. Vulnerability id: VSTOR-38785 Enabled geo-replication on Backup Gateway with an S3 backend may result in a deadlock...
nginx: HTTP request smuggling in configurations with URL redirect used as error_page
NGINX before 1.17.7, with certain errorpage configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer...
Red Hat OpenShift cluster-ingress-operator security vulnerability
Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying, and running applications. A security vulnerability exists in Red Hat Openshift cluster-ingress-operator, which stems from a change to the...
Kubernetes Security Vulnerabilities
Kubernetes is an open source Docker container cluster management system from the Linux Foundation. The system provides resource scheduling, deployment and operation, service discovery, and scaling up and down for containerized applications. Kubernetes suffers from a security vulnerability that ca...
Command Execution Vulnerability in Vigor2960
Vigor2960 is a load balancing router and VPN gateway appliance from DrayTek Taiwan, China. The Vigor2960 suffers from a command execution vulnerability that can be exploited by an attacker to gain control of a server...
NGINX before 1.17.7 with certain error_page configurations allows HTTP request smuggling as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
...
Microsoft Guidance for Enabling Request Smuggling Filter on IIS Servers
Executive Summary Microsoft is aware of a tampering vulnerability in the way that HTTP proxies front-end and web servers back-end that do not strictly adhere to RFC standards handle sequences of HTTP requests received from multiple sources. An attacker who successfully exploited the vulnerability...
Barracuda Load Balancer Remote Code Execution (CVE-2017-6320)
A remote code execution vulnerability exists in Barracuda load balancer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
nginx: HTTP request smuggling in configurations with URL redirect used as error_page
NGINX before 1.17.7, with certain errorpage configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer...
EulerOS 2.0 SP2 : nginx (EulerOS-SA-2020-1644)
According to the version of the nginx package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - NGINX before 1.17.7, with certain errorpage configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read...
Radancy: [www.werkenbijbakertilly.nl] Information Disclosure
the 50x status code server responded with an html page containing the nginx version. an update of the loadbalancer fixed the issue. Summary When the web server encountered a 502 GateWay error, I discovered a strange bug in which internal information was exposed. Description When web server 502...