9 matches found
CVE-2025-54470
This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server. In affected versions, NeuVector does not enforce TLS certificate verification when...
CVE-2025-54470 NeuVector telemetry sender is vulnerable to MITM and DoS
This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server. In affected versions, NeuVector does not enforce TLS certificate verification when...
CVE-2025-54470 NeuVector telemetry sender is vulnerable to MITM and DoS
This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server. In affected versions, NeuVector does not enforce TLS certificate verification when...
CVE-2025-54470
Summary: CVE-2025-54470 affects NeuVector telemetry sender when the “Report anonymous cluster data” option is enabled. The root cause is failure to verify the telemetry server’s TLS certificate and hostname, enabling MITM attacks, and unbounded in-memory loading of the server response, enabling p...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation in transmission of telemetry data. An attacker can perform a man-in-the-middle attack to intercept or modify data in transit. Additionally, they can exhaust system memory by returning oversized responses...
GHSA-QQJ3-G7MX-5P4W NeuVector telemetry sender is vulnerable to MITM and DoS
Impact This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server at https://upgrades.neuvector-upgrade-responder.livestock.rancher.io. In affected...
PT-2024-40453 · Typo3 · Typo3
Name of the Vulnerable Software and Affected Versions: TYPO3 affected versions not specified Description: The issue allows attackers to exploit session fixation. When a user authenticates while there is existing anonymous session data, the session id remains unchanged. This enables attackers to...
Google Chrome Blink Denial of Service Vulnerability (CNVD-2016-01503)
Blink is the United States Google Google Inc. and Norway Opens Opera Software company jointly developed a set of browser layout engine rendering engine. A security vulnerability exists in the WebKit/Source/core/layout/LayoutBlock.cpp file in Blink, used in versions of Google Chrome prior to...
Researchers can ID anonymous Twitterers
By Robert McMillan, IDG News Service Researchers at the University of Texas at Austin have taken a close look at the way anonymous data can be analyzed and have come to some troubling conclusions infoworld.com. In a paper 33bits.org set to be delivered at an upcoming security conference, they...