10 matches found
EUVD-2021-10136
Malware in sbrugna...
CVE-2021-23018
Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before 3.4.0 namespace are using cleartext protocols inside the cluster...
GHSA-WC4X-4GM2-74J8 Apache Geode SSL endpoint verification vulnerability
When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. This could compromise intra-cluster communication using a man-in-the-middle attack...
CVE-2021-23018
Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before 3.4.0 namespace are using cleartext protocols inside the cluster...
Design/Logic Flaw
Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before 3.4.0 namespace are using cleartext protocols inside the cluster...
CVE-2021-23018
Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before 3.4.0 namespace are using cleartext protocols inside the cluster...
CVE-2021-23018
The CVE-2021-23018 issue affects NGINX Controller 3.x deployments where intra-cluster communication does not use TLS, leaving cleartext traffic between services inside the cluster. Affected versions are 3.x prior to 3.4.0. Root cause is unencrypted intra-cluster channels, enabling potential read/...
CVE-2019-10091
When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. This could compromise intra-cluster communication using a man-in-the-middle attack...
CVE-2019-10091
CVE-2019-10091 affects Apache Geode. When TLS is enabled and ssl-endpoint-identification-enabled is true, Geode may fail to verify hostnames in the certificate SAN during the SSL handshake, enabling potential man-in-the-middle scenarios and compromising intra-cluster communications. The issue is ...
CVE-2017-15535
A memory corruption flaw was found in the way MongoDB handled wire protocol compression for intra-cluster communication. A privileged network attacker could potentially use this flaw to crash the MongoDB server under certain circumstances...