Incorrect Authorization

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...

PT-2020-20205

Name of the Vulnerable Software and Affected Versions Kubernetes API server versions prior to a fixed version the fixed version is not specified Description The issue allows an attacker who can create a ClusterIP service and set the spec.externalIPs field to intercept traffic to that IP address...

CVE-2020-8554

A flaw was found in kubernetes. If a potential attacker can already create or edit services and pods, then they may be able to intercept traffic from other pods or nodes in the cluster. Mitigation ExternalIP addresses ranges can be configured as described below. OCP 4 is secure by default, though...

Multi-Juicer - Run Capture The Flags And Security Trainings With OWASP Juice Shop

Running CTFs and Security Trainings with OWASP Juice Shop is usually quite tricky, Juice Shop just isn't intended to be used by multiple users at a time. Instructing everybody how to start Juice Shop on their own machine works ok, but takes away too much valuable time. MultiJuicer gives you the...

Kubernetes: Man in the middle using LoadBalancer or ExternalIPs services

I rated this vulnerability as high because trying to rate it with CVSS v3.0 Calculator gives me 9.9 which seems way too high as you do require to be able to create services in the K8S cluster. Summary: This report details 2 ways to man in the middle traffic by: a creating a LoadBalancer service a...

Fedora Update for dnsdist FEDORA-2018-9f375c6c01

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2019:0716-1 Security update for openstack-cinder, openstack-horizon-plugin-designate-ui, openstack-neutron, openstack-neutron-lbaas

This update for openstack-cinder, openstack-horizon-plugin-designate-ui, openstack-neutron, openstack-neutron-lbaas fixes the following issues: Security vulnerabity fixed in openstack-cinder: - CVE-2017-15139: Fixed a leakage of sensitive information between tenants in certain storage volume...

[SECURITY] Fedora 29 Update: dnsdist-1.3.3-1.fc29

dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in li fe is to route traffic to the best server, delivering top performance to legitimate users while shunting or blocking abusive traffic...

[SECURITY] Fedora 28 Update: dnsdist-1.3.3-1.fc28

dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in li fe is to route traffic to the best server, delivering top performance to legitimate users while shunting or blocking abusive traffic...

CVE-2018-18864

Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed...

Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution Exploit Authors: Jakub Palaczynski Vendor Homepage: https://www.loadbalancer.org/ Version: . Such JavaScript is stored in "Apache User Log". This way attacker can...

Atlassian Floodlight Controller LoadBalancer Module Denial of Service Vulnerability

Atlassian Floodlight Controller is a Floodlight Controller product from Atlassian Australia.LoadBalancer module is one of the load balancing modules. A contention condition vulnerability exists in the LoadBalancer module in Atlassian Floodlight Controller versions prior to 1.2. A remote attacker...

Race condition

Race condition in the LoadBalancer module in the Atlassian Floodlight Controller before 1.2 allows remote attackers to cause a denial of service NULL pointer dereference and thread crash via a state manipulation attack...

CVE-2015-6569

Race condition in the LoadBalancer module in the Atlassian Floodlight Controller before 1.2 allows remote attackers to cause a denial of service NULL pointer dereference and thread crash via a state manipulation attack...

CVE-2015-6569

The vulnerability CVE-2015-6569 affects Atlassian Floodlight Controller’s LoadBalancer module. The issue is a race condition in the LoadBalancer component present in Floodlight Controller versions before 1.2, which can be triggered remotely by an attacker via standard network interaction to cause...

[SECURITY] Fedora 25 Update: dnsdist-1.2.0-1.fc25

dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in li fe is to route traffic to the best server, delivering top performance to legitimate users while shunting or blocking abusive traffic...

[SECURITY] Fedora 26 Update: dnsdist-1.2.0-1.fc26

dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in li fe is to route traffic to the best server, delivering top performance to legitimate users while shunting or blocking abusive traffic...

A10 Networks Loadbalancer - Directory Traversal

No description provided by source. ----------- Author: ----------- xistence xistenceat0x90.nl ------------------------- Affected products: ------------------------- A10 Networks Loadbalancer SoftAX =2.6.1-GR1-P5 & =2.7.0 build 217 ------------------------- Affected vendors:...

Loadbalancer Enterprise VA静态SSH密钥安全绕过漏洞

Bugtraq ID:66268 Loadbalancer Enterprise VA是一个负载均衡应用设备。 Loadbalancer Enterprise VA设备存在静态公钥和私钥，当密钥重生成后，没有把公钥从authorizedkeys2文件中删除，允许任意用户使用默认私钥访问。 0 Loadbalancer Enterprise VA 7.5.2 Loadbalancer Enterprise VA 7.5.3已经修复该漏洞，建议用户下载更新： http://www.loadbalancer.org/...

A10 Networks Loadbalancer - Directory Traversal

A10 Networks Loadbalancer - Directory Traversal ----------- Author: ----------- xistence ------------------------- Affected products: ------------------------- A10 Networks Loadbalancer SoftAX /xml/downloads/?filename=/a10data/tmp/. By sending a GET request to...