412 matches found
BIT-ENVOY-2026-48090 Envoy HTTP: OAuth2 filter late async token completion after stream teardown (UAF / crash risk)
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, the HTTP OAuth2 filter envoy.filters.http.oauth2 can leave an in-flight async token exchange attached to a downstream stream that has already been torn down. A late...
PT-2026-52895
Name of the Vulnerable Software and Affected Versions Envoy versions 1.37.0 through 1.37.4 Envoy versions 1.38.0 through 1.38.2 Description The HTTP OAuth2 filter envoy.filters.http.oauth2 can leave an in-flight async token exchange attached to a downstream stream that has already been torn down....
[SECURITY] Fedora 44 Update: grout-0.16.0-1.fc44
grout stands for Graph Router. In English, "grout" refers to thin mortar that hardens to fill gaps between tiles. grout is a DPDK based network processing application. It uses the rtegraph library for data path processing. Its main purpose is to simulate a network function or a physical router fo...
CVE-2026-54762
Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to fail open. When an Ingress explicitly enables BasicAuth or DigestAuth through the supported...
CVE-2026-54761
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlis...
CVE-2026-54761 Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlis...
CVE-2026-11752
A vulnerability has been identified in armeria-xds versions 1.38.0 through 1.39.0, where DataSourceStream in the xDS module can resolve control-plane-supplied filenames and environment variables without restriction, allowing a compromised or semi-trusted xDS control plane to read arbitrary local...
UBUNTU-CVE-2026-11311
When NGINX Plus is configured as the data plane for NGINX Gateway Fabr...
PT-2026-46407
On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control plane may detect this condition, and attempt to reset the IPsec processing pipeline. After reset traffic may not resume being...
Arista EOS 安全漏洞
Arista EOS is a fully programmable, highly modular Linux-based network operating system developed by the American company Arista. There is a security vulnerability in Arista EOS. This vulnerability arises when configuring IPsec, where specially crafted packets may cause the data plane to stop...
Securing High-Performance Data Transfers: Implementing AES Encryption in RDMA Systems
Remote Direct Memory Access RDMA is a key enabler of high-performance systems, offering low latency, high throughput, and reduced CPU overhead by allowing direct memory-to-memory transfers between machines. However, its design bypasses traditional CPU-mediated security mechanisms, introducing...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: Do not update the checksum in bnxtxdpbuildskb. The bnxtrxpkt function updates the ipsummed value at the end if the checksum offload is enabled. When the XDP-MB program is executed and returns XDPPASS, the bnxtxdpbuilds...
Astra Linux – Vulnerability in dpdk
A flaw was discovered in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as auxiliary data to VHOSTUSERGETINFLIGHTFD / VHOSTUSERSETINFLIGHTFD messages that are not closed by the vhost-user slave. By continuously sending such messages, the malicious...
Astra Linux – Vulnerability in dpdk
A flaw in the permissive list of allowed inputs was discovered in DPDK. This issue allows a remote attacker to trigger a denial of service by sending a crafted Vhost header to DPDK...
Astra Linux – Vulnerability in dpdk
NVIDIA’s distribution of the Data Plane Development Kit MLNXDPDK contains a vulnerability in the network stack, where error recovery is not handled properly. This vulnerability can allow a remote attacker to cause denial of service, as well as affect data integrity and confidentiality...
K000161107: BIG-IP tmsh vulnerability CVE-2026-41217
Security Advisory Description A vulnerability exists in an undisclosed BIG-IP TMOS Shell tmsh command that may allow an authenticated attacker with resource administrator or administrator role to execute arbitrary system commands with higher privileges. In Appliance mode deployments, a successful...
K000158978: BIG-IP SSL/TLS vulnerability CVE-2026-40629
Security Advisory Description When SSL profiles are configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections. CVE-2026-40629 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote,...
K000160857: Appliance mode iControl REST vulnerability CVE-2026-34176
Security Advisory Description When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. CVE-2026-34176 Impact In Appliance mode, this...
K000161027: NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability CVE-2026-42946
Security Advisory Description A vulnerability exists in the ngxhttpscgimodule and ngxhttpuwsgimodule modules that may result in excessive memory allocation or an over-read of data. When scgipass or uwsgipass is configured, an unauthenticated attacker with man-in-the-middle MITM ability to control...
K000150508: BIG-IP BFD vulnerability CVE-2026-34019
Security Advisory Description When Bidirectional Forwarding Detection BFD is configured in Static and Dynamic routing protocols, undisclosed traffic can cause the Traffic Management Microkernel TMM to stop processing BFD packets and cause the configured routing protocol to fail over. CVE-2026-340...