16 matches found
CVE-2026-5944
An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP port 7373 that is accessible within the network scope of the deployment environment without authentication. An unauthenticated...
Nutanix Prism Central 访问控制错误漏洞
Nutanix Prism Central is a centralized management console provided by the American company Nutanix. Nutanix Prism Central has an access control vulnerability, which stems from improper access controls. This vulnerability allows unauthenticated attackers to access the system via the network, send...
PT-2026-35723
An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP port 7373 that is accessible within the network scope of the deployment environment without authentication. An unauthenticated...
Authentication Bypass
github.com/kgateway-dev/kgateway is vulnerable to Authentication Bypass. The vulnerability is due to lack of authentication on the xDS port, which allows an attacker with network access to retrieve sensitive configuration data such as certificates, backend services, routing rules, and cluster...
Missing Authentication
Overview Affected versions of this package are vulnerable to Missing Authentication in the xDS interface. An attacker can access sensitive configuration data, including certificate information, backend service details, routing rules, and cluster metadata, by connecting to the exposed port without...
Missing Authentication
Overview Affected versions of this package are vulnerable to Missing Authentication in the xDS interface. An attacker can access sensitive configuration data, including certificate information, backend service details, routing rules, and cluster metadata, by connecting to the exposed port without...
kgateway is missing xDS authorization
Summary The xDS interface in Kgateway versions 2.0.0 through 2.0.4 lacks authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration data including certificate data, backend service information, routing rules, and cluster...
Missing Authentication
Overview Affected versions of this package are vulnerable to Missing Authentication in the xDS interface. An attacker can access sensitive configuration data, including certificate information, backend service details, routing rules, and cluster metadata, by connecting to the exposed port without...
EUVD-2019-0553
Malware in sbrugna...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from cluster metadata not being automatically updated...
GHSA-P426-QW2P-V95V Argument Injection in Apache Geode server
When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. A malicious user could modify this data in a way that affects the operation of the cluster...
Argument Injection in Apache Geode server
When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. A malicious user could modify this data in a way that affects the operation of the cluster...
CVE-2017-15694
When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. A malicious user could modify this data in a way that affects the operation of the cluster...
Design/Logic Flaw
When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. A malicious user could modify this data in a way that affects the operation of the cluster...
CVE-2017-15694
When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. A malicious user could modify this data in a way that affects the operation of the cluster...
CVE-2017-15694
CVE-2017-15694 affects Apache Geode server versions 1.0.0–1.8.0 when operating in secure mode. A user with write permissions for specific data regions can modify internal cluster metadata, with the malicious action potentially affecting cluster operation. The root cause is described as unauthoriz...