20 matches found
SUSE CVE-2024-8185
Vault Community and Vault Enterprise “Vault” clusters using Vault's Integrated Storage backend are vulnerable to a denial-of-service DoS attack through memory exhaustion through a Raft cluster join API endpoint . An attacker may send a large volume of requests to the endpoint which may cause Vaul...
CVE-2026-4370
Summary. CVE-2026-4370 affects Juju (variants: 3.2.0–3.6.19 and 4.0–4.0.4). The issue is in the internal Dqlite database cluster where TLS client/server authentication is not properly performed; the Juju controller’s database endpoint does not validate client certificates when a new node joins th...
CVE-2026-20073 Cisco Secure Firewall Adaptive Security Appliance Software and Cisco Secure Firewall Threat Defense Software Access Control List Bypass Vulnerability
A vulnerability in Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to send traffic that should be denied through an affected device. This vulnerability is due to improper error...
CVE-2026-20073 Cisco Secure Firewall Adaptive Security Appliance Software and Cisco Secure Firewall Threat Defense Software Access Control List Bypass Vulnerability
A vulnerability in Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to send traffic that should be denied through an affected device. This vulnerability is due to improper error...
Virtuozzo Hybrid Infrastructure 7.0 Hotfix 4 (7.0.0-269)
This update provides stability fixes. Vulnerability id: VSTOR-106269, VSTOR-108984, VSTOR-116630 Stability fixes for the storage service. Vulnerability id: VSTOR-111693 A stability fix for QEMU. Vulnerability id: VSTOR-116184 kRPC failed to connect to certain chunk services. Vulnerability id:...
EUVD-2022-4434
Malicious code in bioql PyPI...
BIT-NIFI-2020-1942
In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated flow fingerprints which included sensitive property descriptor values. In the event a node attempted to join a cluster and the cluster flow was not inheritable, the flow fingerprint of both the cluster and local flow was...
PT-2024-7644
Name of the Vulnerable Software and Affected Versions Vault Community versions prior to 1.18.1 Vault Enterprise versions prior to 1.18.1, 1.17.8, and 1.16.12 Description The issue is related to the Raft Consensus Algorithm in the Integrated Storage of HashiCorp Vault and Vault Enterprise, which c...
PT-2024-32292 · Opendaylight · Opendaylight Authentication
Name of the Vulnerable Software and Affected Versions: OpenDaylight Authentication, Authorization and Accounting AAA versions through 0.19.3 Description: An issue was discovered in OpenDaylight Authentication, Authorization and Accounting AAA. A rogue controller can join a cluster to impersonate ...
Joining Server Group failed with error "Exception attempting to authorize, TCP error code 10060"
Joining the Server Group failed with the following errors. Studio UI: Please refer to the Windows Event Log on the Authorizer details. Windows Event Log: Citrix Cluster Join Service,1,2201,"Join failed. Exception attempting to authorize. Could not connect to...
Cannot join Server Group - Error occurred running the command: Start-DSClusterJoinService
When trying to add Storefront server to existing group, getting error: When checking event viewer logs on Storefront server, we see: An error occurred running the command: 'Start-DSClusterJoinService' Exception of type...
GHSA-JV65-PF7V-F7P8 Deserialization of Untrusted Data in Hazelcast
In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrary code...
CVE-2020-35209
An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to join a target cluster via providing configuration information...
Atomix 安全漏洞
Atomix is a fault-tolerant distributed orchestration framework for JAVA 8. An unspecified vulnerability exists in Atomix version 3.1.5. The vulnerability allows an unauthorized Atomix node to join the target cluster by providing configuration information. No detailed vulnerability details are...
CVE-2016-10750
In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrary code...
CVE-2016-10750
In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrary code...
Remote code execution
In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrary code...
CVE-2016-10750
In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrary code...
CVE-2017-8445
An error was found in the X-Pack Security TLS trust manager for versions 5.0.0 to 5.5.1. If reloading the trust material fails the trust manager will be replaced with an instance that trusts all certificates. This could allow any node using any certificate to join a cluster. The proper behavior i...
qpid-cpp: cluster authentication ignores cluster-* settings
Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username...