19 matches found
EUVD-2021-10136
Malware in sbrugna...
EUVD-2020-19365
Malware in sbrugna...
PT-2025-32264
Name of the Vulnerable Software and Affected Versions OpenVPN Access Server affected versions not specified Description The vulnerability allows an attacker to perform JavaScript injection via the SAML relaystate. This could potentially lead to Remote Code Execution RCE. Recommendations At the...
CVE-2021-23018
Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before 3.4.0 namespace are using cleartext protocols inside the cluster...
The authfile directive in the booth config file is ignored preventing use of authentication in communications from node to node. As a result nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster.
...
Design/Logic Flaw
A vulnerability exists in the ClearPass Policy Manager cluster communications that allow for an attacker in a privileged network position to potentially obtain sensitive information. A successful exploit could allow an attacker to retrieve information that allows for unauthorized actions as a...
CVE-2022-2553
The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster...
Exploit for Uncontrolled Resource Consumption in Apache Tomcat
CVE-2022-29885 The tool is only used for security research...
GHSA-WC4X-4GM2-74J8 Apache Geode SSL endpoint verification vulnerability
When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. This could compromise intra-cluster communication using a man-in-the-middle attack...
CVE-2021-23018
Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before 3.4.0 namespace are using cleartext protocols inside the cluster...
Design/Logic Flaw
Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before 3.4.0 namespace are using cleartext protocols inside the cluster...
CVE-2021-23018
The CVE-2021-23018 issue affects NGINX Controller 3.x deployments where intra-cluster communication does not use TLS, leaving cleartext traffic between services inside the cluster. Affected versions are 3.x prior to 3.4.0. Root cause is unencrypted intra-cluster channels, enabling potential read/...
CVE-2021-23018
Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before 3.4.0 namespace are using cleartext protocols inside the cluster...
Authentication flaw
SAP NetWeaver AS JAVA P2P Cluster Communication, versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside the cluster and even outside the network segment dedicated for the internal cluster communication. ...
CVE-2020-26829
SAP NetWeaver AS JAVA P2P Cluster Communication, versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside the cluster and even outside the network segment dedicated for the internal cluster communication. ...
CVE-2020-26829
SAP NetWeaver AS JAVA P2P Cluster Communication (versions 7.11–7.50) is affected by CVE-2020-26829 due to a missing authentication check, enabling an unauthenticated attacker to initiate privileged actions that are normally restricted to administrators, including access to system administration f...
CVE-2019-10091
When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. This could compromise intra-cluster communication using a man-in-the-middle attack...
CVE-2019-10091
CVE-2019-10091 affects Apache Geode. When TLS is enabled and ssl-endpoint-identification-enabled is true, Geode may fail to verify hostnames in the certificate SAN during the SSL handshake, enabling potential man-in-the-middle scenarios and compromising intra-cluster communications. The issue is ...
CVE-2017-15535
A memory corruption flaw was found in the way MongoDB handled wire protocol compression for intra-cluster communication. A privileged network attacker could potentially use this flaw to crash the MongoDB server under certain circumstances...