Oracle Linux 7 / 8 : cri-o (ELSA-2022-9228)

The remote Oracle Linux 7 / 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2022-9228 advisory. 1.20.7-1 - Added Oracle Specifile Files for cri-o Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. No...

CVE-2022-0811

A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deploy...

CVE-2021-26994

Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are susceptible to a vulnerability which could allow single workloads to cause a Denial of Service DoS on a cluster node...

GaussDB Kernel: Configuring Node Connections in the pg_hba.conf File of DNs in the Cluster

Cluster nodes are deployed on the secure intranet. A DN allows communications only within the cluster. The pghba.conf file of a DN stores only configurations of intra-cluster node connections and trusted internal security connections. Copyright C 2020 Greenbone Networks GmbH Some text description...

Denial Of Service (DoS)

nifi-web-api is vulnerable to denial of service attacks. The vulnerability exists because there is a flaw in OkHttpReplicationClient.java which leads to missing content-Length check for DELETE requests and non-zero Content-Length header values when a client request to a cluster node was replicate...

CVE-2018-17194

When a client request to a cluster node was replicated to other nodes in the cluster for verification, the Content-Length was forwarded. On a DELETE request, the body was ignored, but if the initial request had a Content-Length value other than 0, the receiving nodes would wait for the body and...

CVE-2018-17194

When a client request to a cluster node was replicated to other nodes in the cluster for verification, the Content-Length was forwarded. On a DELETE request, the body was ignored, but if the initial request had a Content-Length value other than 0, the receiving nodes would wait for the body and...

MariaDB and Percona XtraDB Cluster Denial of Service Vulnerability

MariaDB is a free and open source database management system developed by Monty Program Ab, Inc. and the MariaDB Foundation, Inc. and a forked version of MySQL using the Maria storage engine.Percona XtraDB Cluster is a package for creating MySQL clusters. A security vulnerability exists in the...

XenMobile - Unable to access the GUI console of XMS server over 4443

After building new node to add to cluster, the console address for administration is listed as https://ipaddress/uw which cannot be connected to...

XenMobile Server is in recovery mode "application failed to start"

Could be observed in multiple scenarios 1. Unable to access one of the node in the cluster. 2. Server went into recovery mode while upgrading or applying patch 3. Server went into recovery mode when the database is not accessible 4. SQLserverran out of space for log drive Node in recovery mode an...

Open Source Security Incident and Event Management: SIEMonster

Open Source Security Incident and Event Management SIEMonster is free, documented open source Security Incident and Event Management SIEM designed and engineering with stable, supported open source products developed for security, scalability and functionality. The product was developed by...

Scientific Linux Security Update : conga on SL5.x i386/x86_64

A flaw was found in ricci during a code audit. A remote attacker who is able to connect to ricci could cause ricci to temporarily refuse additional connections, a denial of service CVE-2007-4136. Fixes in this updated package include : - The nodename is now set for manual fencing. - The node log ...