33 matches found
CVE-2026-45039
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the internode RPC layer authenticates every request with an HMAC-SHA256 signature using a shared secret. The function that produces this secret, getsharedsecret in crates/ecstore/src/rpc/httpauth.rs, falls back to...
CVE-2026-45039
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the internode RPC layer authenticates every request with an HMAC-SHA256 signature using a shared secret. The function that produces this secret, getsharedsecret in crates/ecstore/src/rpc/httpauth.rs, falls back to...
CVE-2026-34992
Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to 2.4.5 and 2.5.2, a missing encryption vulnerability affects inter-Node Pod traffic. In Antrea clusters configured for dual-stack networking with IPsec encryption enabled trafficEncryptionMode: ipsec, Antrea fail...
Missing Encryption of Sensitive Data
Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data in the handling of inter-Node Pod traffic when dual-stack networking is configured with IPsec encryption enabled. An attacker can intercept and read sensitive IPv6 Pod traffic by monitoring network...
PT-2026-30013
Name of the Vulnerable Software and Affected Versions Antrea versions prior to 2.4.5 and 2.5.2 Description Antrea, a Kubernetes networking solution, has a missing encryption issue affecting inter-Node Pod traffic. In dual-stack networking clusters with IPsec encryption enabled...
Antrea has Missing Encryption of Sensitive Data
This is a missing encryption vulnerability CWE-311 affecting inter-Node Pod traffic. In Antrea clusters configured for dual-stack networking with IPsec encryption enabled trafficEncryptionMode: ipsec, Antrea fails to apply encryption for IPv6 Pod traffic. While the IPv4 traffic is correctly...
Apache Spark Encryption Problem Vulnerability (CNVD-2025-25376)
Apache Spark is a large-scale data processing engine that supports acyclic data streaming and in-memory computing from the Apache Foundation. Apache Spark suffers from a cryptographic issue vulnerability that stems from the use of insecure default network encryption ciphers for inter-node RPC...
Apache Spark 安全漏洞
Apache Spark is a large-scale data processing engine that supports acyclic data streaming and in-memory computing from the Apache Foundation. Apache Spark suffers from a cryptographic issue vulnerability that stems from the use of insecure default network encryption ciphers for inter-node RPC...
Cilium Security Vulnerabilities
Cilium is an open source software. It is used to provide and transparently protect network connectivity and load balancing between application workloads such as application containers or processes. Cilium has a security vulnerability that stems from the possibility of unencrypted traffic between...
Cilium Security Vulnerabilities
Cilium is an open source software. It is used to provide and transparently protect network connectivity and load balancing between application workloads such as application containers or processes. Cilium suffers from a security vulnerability that stems from the possibility of unencrypted traffic...
booth: authfile directive in booth config file is completely ignored.
A flaw was found in booth in the way it handles the authfile directive in configuration files, which causes authentication to be skipped between nodes. As a result, an attacker-controlled node that does not have the correct authentication key does not prevent communication with other nodes in the...
booth: authfile directive in booth config file is completely ignored.
A flaw was found in booth in the way it handles the authfile directive in configuration files, which causes authentication to be skipped between nodes. As a result, an attacker-controlled node that does not have the correct authentication key does not prevent communication with other nodes in the...
booth: authfile directive in booth config file is completely ignored.
A flaw was found in booth in the way it handles the authfile directive in configuration files, which causes authentication to be skipped between nodes. As a result, an attacker-controlled node that does not have the correct authentication key does not prevent communication with other nodes in the...
Apache Solr insecure inter-node communication
Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious...
GHSA-C82R-QG3W-Q5MV Apache Solr insecure inter-node communication
Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious...
PT-2021-5118 · Cisco · Cisco Identity Services Engine
Name of the Vulnerable Software and Affected Versions: Cisco Identity Services Engine affected versions not specified Description: The issue is related to insufficient input validation for specific API endpoints in the REST API of Cisco Identity Services Engine. This could allow a remote attacker...
Cisco Identity Services Engine 操作系统命令注入漏洞
Cisco Identity Services Engine ISE is an environment-aware platform ISE Identity Services Engine from Cisco. The ISE collects real-time information from the network, users, and devices to develop and enforce policies to regulate the network. The Cisco Identity Services Engine ISE suffers from an...
Apache Cassandra 安全漏洞
Apache Cassandra is a distributed Nosql database from the Apache Foundation.Cassandra is a hybrid non-relational database, similar to Google's BigTable.Its main features are richer than Dynamo a distributed Key-Value storage system, but the support is not as good as a document store. MongoDB...
The vulnerability of the software-hardware protection system VipNet Coordinator, which allows a perpetrator to trigger a service failure.
The vulnerability of the VipNet Coordinator HW software architecture related to information protection is linked to memory overflow in the hard drive. Exploiting this vulnerability allows a malicious actor to disrupt the MFTP protocol-based information exchange between all nodes of the ViPNet...
CVE-2019-6525
AVEVA Wonderware System Platform 2017 Update 2 and prior uses an ArchestrA network user account for authentication of system processes and inter-node communications. A user with low privileges could make use of an API to obtain the credentials for this account...