CVE-2026-44015

Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can perform Server-Side Request Forgery SSRF by creating a cluster node pointing to an arbitrary internal URL and then sending API requests with the X-Node-ID header. The Proxy middleware forwar...

CVE-2026-44015

Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can perform Server-Side Request Forgery SSRF by creating a cluster node pointing to an arbitrary internal URL and then sending API requests with the X-Node-ID header. The Proxy middleware forwar...

CVE-2026-44015 Nginx UI: Server-Side Request Forgery (SSRF) via Cluster Proxy Middleware Allows Access to Internal Services

Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can perform Server-Side Request Forgery SSRF by creating a cluster node pointing to an arbitrary internal URL and then sending API requests with the X-Node-ID header. The Proxy middleware forwar...

CVE-2026-44015

CVE-2026-44015 describes SSRF in Nginx UI prior to 2.3.5 where an authenticated user can create a cluster node with an internal URL and trigger the Proxy middleware to forward requests using the X-Node-ID header, bypassing network segmentation and reaching localhost/internal services (including c...

Nginx-UI Settings API Exposes Protected Secrets

The GetSettings API handler api/settings/settings.go:24-65 serializes all settings structs to JSON and returns them to authenticated users. Many sensitive fields are tagged with protected:"true" - however, this tag is only enforced during writes via ProtectedFill in SaveSettings and is completely...

Virtuozzo Hybrid Infrastructure 7.1 Hotfix 2 (7.1.0-190)

This update provides important stability fixes. Vulnerability id: VSTOR-115013 A stability fix for libvirt. Vulnerability id: VSTOR-115455 Failed to add a node to the compute cluster. Vulnerability id: VSTOR-118628 Fixed missing FUA write processing on dm-qcow2 and dm-ploop devices...

EUVD-2018-0796

Malware in sbrugna...

GO-2024-3221 Rancher Remote Code Execution via Cluster/Node Drivers in github.com/rancher/rancher

Rancher Remote Code Execution via Cluster/Node Drivers in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners...

Virtuozzo Hybrid Infrastructure 6.1 (6.1.0-238)

In this release, Virtuozzo Hybrid Infrastructure introduces a new service---Backup and Restore as a Service---as well as provides a range of new features that cover improvements in the compute services and object storage. Additionally, this release delivers stability and security improvements, an...

SUSE CVE-2022-0811

A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deploy...

CVE-2022-3499

An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized disclosure of agent logs and data is present...

Design/Logic Flaw

An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized disclosure of agent logs and data is present...

CVE-2022-3499

An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized disclosure of agent logs and data is present...

CVE-2022-3499

An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized disclosure of agent logs and data is present...

Nessus 日志信息泄露漏洞

Tenable Network Security Nessus is an open source system vulnerability scanner from Tenable Network Security, USA. Nessus suffers from a security vulnerability that stems from the fact that an authenticated attacker can leverage the same proxy and cluster node link keys, potentially allowing...

Tenable Nessus 10.x < 10.4.0 Multiple Vulnerabilities (TNS-2022-21)

According to its self-reported version, the Tenable Nessus application running on the remote host is 10.x prior to 10.4.0. It is, therefore, affected by multiple vulnerabilities, including: - An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially...

PT-2022-22966 · Microsoft · Azure Service Fabric Explorer

Name of the Vulnerable Software and Affected Versions: Azure Service Fabric Explorer versions 8.1.316 and earlier Description: The issue allows an attacker to potentially gain administrator rights in a cluster. It affects the Azure Service Fabric Explorer, a tool used for managing Azure Service...

etcd having a negative value for cluster node size results in an index out-of-bound panic during service discovery

When an etcd instance attempts to perform service discovery, if a cluster size is provided as a negative value, the etcd instance will panic without recovery...

Security Bulletin: IBM Netezza for Cloud Pak for Data is vulnerable to CVE-2022-0811

Summary IBM Netezza for Cloud Pak for Data is vulnerable to arbitrary code execution as root on the cluster node due to CVE-2022-0811 although severity is low. Vulnerability is addressed by upgrading OCP version to 4.8.42. Vulnerability Details CVEID:CVE-2022-0811 DESCRIPTION: CRI-O could allow a...

Security Bulletin: IBM Netezza as a Service is vulnerable to CVE-2022-0811

Summary IBM Netezza as a Service is vulnerable to arbitrary code execution as root on the cluster node due to CVE-2022-0811 although severity is low. Vulnerability is addressed by upgrading OCP version to 4.8.42. Vulnerability Details CVEID: CVE-2022-0811 DESCRIPTION: CRI-O could allow a remote...