18 matches found
EUVD-2017-15195
Malware in sbrugna...
EUVD-2025-7997
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-30162
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services an...
How to Use Veeam Data Cloud Vault with ExpressRoute with Private Peering
Purpose This article documents the usage of Veeam Data Cloud Vault within environments that use Azure ExpressRoute with private peering. Solution Software Prerequisites Veeam Backup & Replication v12.3 or higher Veeam Data Cloud Vault Configuration Notes This article covers customers using...
Incorrect Authorization
github.com/cilium/cilium is vulnerable to Incorrect Authorization. The vulnerability is due to improper enforcement of egress restrictions due to a misconfiguration where egress traffic to LoadBalancers deployed via Gateway API is incorrectly allowed, despite network policies blocking such traffi...
BIT-HUBBLE-RELAY-2025-30162 East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service implementation and use network policies to block egress traffic from workloads in a namespace to...
BIT-CILIUM-OPERATOR-2025-30162 East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service implementation and use network policies to block egress traffic from workloads in a namespace to...
CVE-2025-30162
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service implementation and use network policies to block egress traffic from workloads in a namespace to...
GHSA-24QP-4XX8-3JVJ Cilium East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers
Impact For Cilium users who: - Use Gateway API for Ingress for some services AND - Use LB-IPAM or BGP for LB Service implementation AND - Use network policies to block egress traffic from workloads in a namespace to workloads in other namespaces Egress traffic from workloads covered by such netwo...
Cilium East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers
Impact For Cilium users who: - Use Gateway API for Ingress for some services AND - Use LB-IPAM or BGP for LB Service implementation AND - Use network policies to block egress traffic from workloads in a namespace to workloads in other namespaces Egress traffic from workloads covered by such netwo...
CVE-2025-30162 East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service implementation and use network policies to block egress traffic from workloads in a namespace to...
PT-2025-12672
Name of the Vulnerable Software and Affected Versions Cilium versions 1.15.0 through 1.15.14 Cilium versions 1.16.0 through 1.16.7 Cilium versions 1.17.0 through 1.17.1 Description The issue affects Cilium users who use Gateway API for Ingress and LB-IPAM or BGP for LoadBalancer Service...
CrushFTP Unauthenticated Arbitrary File Read
This module leverages an unauthenticated server-side template injection vulnerability in CrushFTP use auxiliary/gather/crushftpfilereadcve20244040 msf auxiliarycrushftpfilereadcve20244040 show actions ...actions... msf auxiliarycrushftpfilereadcve20244040 set ACTION msf...
CVE-2024-30389 Junos OS: EX4300 Series: Firewall filter not blocking egress traffic
An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on EX4300 Series allows an unauthenticated, network-based attacker to cause an integrity impact to networks downstream of the vulnerable device. When an output firewall filter is applied to ...
Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration
The cryptojacking group known as TeamTNT is suspected to be behind a previously undiscovered strain of malware used to mine Monero cryptocurrency on compromised systems. That's according to Cado Security, which found the sample after Sysdig detailed a sophisticated attack known as SCARLETEEL aime...
CVE-2021-0222
A vulnerability in Juniper Networks Junos OS allows an attacker to cause a Denial of Service DoS to the device by sending certain crafted protocol packets from an adjacent device with invalid payloads to the device. These crafted packets, which should be discarded, are instead replicated and sent...
CVE-2017-6130
F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery SSRF attack when deployed using the Dynamic Domain Bypass DDB feature feature plus SNAT Auto Map option for egress traffic...
CVE-2017-0305
F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature...