612 matches found
UBUNTU-CVE-2020-8562
As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a...
CVE-2022-21679
Istio 1.12.0/1.12.1 contains a bug in the authorization policy that uses the new Envoy API with the 1.11 data plane. This causes hosts and notHosts in authorization policies to be matched regardless of header values when mixing 1.12 control plane with 1.11 data plane, potentially bypassing ALLOW ...
The vulnerability in the processing of Control Plane protocols and the provisioning of CAPWAP points allows a attacker to induce a service failure.
The vulnerability of the CAPWAP management protocol and wireless access point services in the Cisco IOS XE operating system is related to insufficient checking of CAPWAP packets. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...
CVE-2021-1523
A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI Mode could allow an unauthenticated, remote attacker to cause a queue wedge on a leaf switch, which could result in critical control plane traffic to the device being dropped. This could result in...
CVE-2021-1587 Cisco NX-OS Software VXLAN OAM (NGOAM) Denial of Service Vulnerability
A vulnerability in the VXLAN Operation, Administration, and Maintenance OAM feature of Cisco NX-OS Software, known as NGOAM, could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper handling of specific...
CVE-2021-1523 Cisco Nexus 9000 Series Fabric Switches ACI Mode Queue Wedge Denial of Service Vulnerability
A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI Mode could allow an unauthenticated, remote attacker to cause a queue wedge on a leaf switch, which could result in critical control plane traffic to the device being dropped. This could result in...
CVE-2021-1523 Cisco Nexus 9000 Series Fabric Switches ACI Mode Queue Wedge Denial of Service Vulnerability
A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI Mode could allow an unauthenticated, remote attacker to cause a queue wedge on a leaf switch, which could result in critical control plane traffic to the device being dropped. This could result in...
CVE-2021-32699
Wings is the control plane software for the open source Pterodactyl game management system. All versions of Pterodactyl Wings prior to 1.4.4 are vulnerable to system resource exhaustion due to improper container process limits being defined. A malicious user can consume more resources than intend...
Information Disclosure
github.com/argoproj/argo-cd is vulnerable to information disclosure. Credentials used for accessing the remote Helm OCI repository are leaked to anyone with access to the pod logs via access with appropriate permissions to the Kubernetes control plane or a third party log management system becaus...
CVE-2021-23009
On BIG-IP version 16.0.x before 16.0.1.1 and 15.1.x before 15.1.3, malformed HTTP/2 requests may cause an infinite loop which causes a Denial of Service for Data Plane traffic. TMM takes the configured HA action when the TMM process is aborted. There is no control plane exposure, this is a data...
CVE-2020-8562
A security issue was discovered in Kubernetes where an authorized user may be able to access private networks on the Kubernetes control plane components. Kubernetes clusters are only affected if an untrusted user can create or modify Node objects and proxy to them, or an untrusted user can create...
PT-2021-12791
Name of the Vulnerable Software and Affected Versions: Kubernetes versions prior to a fixed version no specific fixed version mentioned Description: The issue concerns a mitigation attempt by Kubernetes to prevent proxied connections from accessing link-local or localhost networks. However, a use...
Kubernetes 安全漏洞
Kubernetes is an open source Docker container cluster management system from the Linux Foundation. The system provides resource scheduling, deployment operations, service discovery, and scaling up and down for containerized applications. Kubernetes suffers from a security vulnerability that stems...
CVE-2021-1387 Cisco NX-OS Software IPv6 Netstack Denial of Service Vulnerability
A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability exists because the software improperly releases resources when it processes certain IPv6 packets that a...
CVE-2021-22974
On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to iControl REST over the control plane may be able to take advantage of a race condition to execute...
Race condition
On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to iControl REST over the control plane may be able to take advantage of a race condition to execute...
kubernetes: compromised node could escalate to cluster level privileges
A flaw was found in the Kubernetes API server, where it allows an attacker to escalate their privileges from a compromised node. This flaw allows an attacker who can intercept requests on a compromised node, to redirect those requests, along with their credentials, to perform actions on other...
CVE-2020-13100
Arista’s CloudVision eXchange CVX server before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service crash and restart in the ControllerOob agent via a malformed control-plane packet...
CVE-2020-13100
Arista’s CloudVision eXchange CVX server before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service crash and restart in the ControllerOob agent via a malformed control-plane packet...
Huawei Data Communication: Deploying LDP Authentication
LDP MD5 authentication is deployed to prevent attackers from attempting to use protocols on the control plane to destroy entries on which forwarding depends, such as routes. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are...