Lucene search
K

10 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-10136

Malware in sbrugna...

7.4CVSS7.4AI score0.00544EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 6:22 p.m.11 views

CVE-2021-23018

Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before 3.4.0 namespace are using cleartext protocols inside the cluster...

7.4CVSS6.9AI score0.00544EPSS
Exploits0References1
OSV
OSV
added 2022/02/10 8:51 p.m.21 views

GHSA-WC4X-4GM2-74J8 Apache Geode SSL endpoint verification vulnerability

When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. This could compromise intra-cluster communication using a man-in-the-middle attack...

7.4CVSS7.2AI score0.01383EPSS
Exploits0References6
NVD
NVD
added 2021/06/01 12:15 p.m.31 views

CVE-2021-23018

Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before 3.4.0 namespace are using cleartext protocols inside the cluster...

7.4CVSS0.00544EPSS
Exploits0References1
Prion
Prion
added 2021/06/01 12:15 p.m.21 views

Design/Logic Flaw

Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before 3.4.0 namespace are using cleartext protocols inside the cluster...

5.8CVSS7.4AI score0.00544EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/06/01 11:51 a.m.38 views

CVE-2021-23018

Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before 3.4.0 namespace are using cleartext protocols inside the cluster...

7.6AI score0.00544EPSS
Exploits0References1
CVE
CVE
added 2021/06/01 11:51 a.m.72 views

CVE-2021-23018

The CVE-2021-23018 issue affects NGINX Controller 3.x deployments where intra-cluster communication does not use TLS, leaving cleartext traffic between services inside the cluster. Affected versions are 3.x prior to 3.4.0. Root cause is unencrypted intra-cluster channels, enabling potential read/...

7.4CVSS7.4AI score0.00544EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2020/03/16 2:15 p.m.19 views

CVE-2019-10091

When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. This could compromise intra-cluster communication using a man-in-the-middle attack...

7.4CVSS6.7AI score
Exploits0References1
CVE
CVE
added 2020/03/16 1:5 p.m.90 views

CVE-2019-10091

CVE-2019-10091 affects Apache Geode. When TLS is enabled and ssl-endpoint-identification-enabled is true, Geode may fail to verify hostnames in the certificate SAN during the SSL handshake, enabling potential man-in-the-middle scenarios and compromising intra-cluster communications. The issue is ...

7.4CVSS7.2AI score0.01383EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2017/11/22 9:19 a.m.35 views

CVE-2017-15535

A memory corruption flaw was found in the way MongoDB handled wire protocol compression for intra-cluster communication. A privileged network attacker could potentially use this flaw to crash the MongoDB server under certain circumstances...

9.1CVSS3.1AI score0.01567EPSS
Exploits0References1
Rows per page
Query Builder