Unity Linux 20.1070e Security Update: keepalived (UTSA-2026-016728)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016728 advisory. In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This...

Astra Linux - уязвимость в keepalived

In Keepalived versions up to 2.2.4, the D-Bus mechanism does not sufficiently restrict the destination of messages, allowing any user to inspect and manipulate any property. This leads to bypasses of access controls in some situations, where a unrelated D-Bus system service has a settable writabl...

Astra Linux - уязвимость в keepalived

The vulnerability of the parser.c component in the Keepalived network traffic balancing system is related to pointer dereferencing errors. Exploiting this vulnerability allows an attacker to cause service failures...

Astra Linux - уязвимость в keepalived

The vulnerability of the readline function in the parser.c component of the Keepalived network traffic balancing system is related to reading data beyond the allowed buffer limits. Exploiting this vulnerability allows an attacker to cause a service failure...

Astra Linux - уязвимость в keepalived

The vulnerability of the parser.c component in the Keepalived network traffic balancing system is related to the use of memory after it is freed. Exploiting this vulnerability allows an attacker to cause a service failure...

Astra Linux - уязвимость в keepalived

The vulnerability of the Keepalived network traffic balancing system is related to unvalidated array indexing. Exploiting this vulnerability allows an attacker to cause service failures...

EUVD-2026-25377

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 8.2.6.4 have a SQL injection vulnerability in the haproxysectionsave function in app/routes/config/routes.py. The serverip parameter, sourced from the URL path, is passed unsanitized through...

EUVD-2026-25376

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the oldconfig parameter in the haproxysectionsave interface has an arbitrary file read vulnerability. Version 8.2.6.4 fixes the issue...

EUVD-2026-25375

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the haproxysectionsave interface presents a vulnerability that could lead to remote code execution due to path traversal and writing into scheduled tasks. Version 8.2.6.4 fixes the iss...

PT-2026-34833

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the haproxy section save interface presents a vulnerability that could lead to remote code execution due to path traversal and writing into scheduled tasks. Version 8.2.6.4 fixes the...

PT-2026-34834

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the oldconfig parameter in the haproxy section save interface has an arbitrary file read vulnerability. Version 8.2.6.4 fixes the issue...

PT-2026-33846

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions up to and including 8.2.8.2, when LDAP authentication is enabled, Roxy-WI constructs an LDAP search filter by directly concatenating the user-supplied login username into the filter string without...

Roxy-WI 安全漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Roxy-WI versions 8.2.8.2 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of escaping special characters in usernames during LDAP authentication, which could...

PT-2026-33845

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the POST /config//show API endpoint accepts a configver parameter that is directly appended to a base directory path to construct a local file path, which is subsequently opened and it...

Azure Linux 3.0 Security Update: keepalived (CVE-2024-41184)

The version of keepalived installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-41184 advisory. - In the vrrpipsetshandler handler fglobalparser.c of keepalived through 2.3.1, an integer overflow can...

MiracleLinux 8 : keepalived-2.1.5-8.el8.ML.1 (AXSA:2022-3396:02)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2022-3396:02 advisory. keepalived: dbus access control bypass CVE-2021-44225 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

MiracleLinux 7 : keepalived-1.3.5-16.el7 (AXSA:2019-4318:03)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2019-4318:03 advisory. keepalived: Improper pathname validation allows for overwrite of arbitrary filenames via symlinks CVE-2018-19044 Tenable has extracted the preceding...

MiracleLinux 7 : keepalived-1.3.5-8.el7 (AXSA:2019-3747:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2019-3747:01 advisory. Security Fix - keepalived DoSCVE-2018-19115 CVEJVNhttp://jvndb.jvn.jp/ Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 8 : keepalived-2.1.5-10.el8_10 (AXSA:2025-9597:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-9597:01 advisory. keepalived: Integer overflow vulnerability in vrrpipsetshandler CVE-2024-41184 Tenable has extracted the preceding description block directly from the...

MiracleLinux 9 : keepalived-2.2.8-4.el9_5 (AXSA:2025-9635:02)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-9635:02 advisory. keepalived: Integer overflow vulnerability in vrrpipsetshandler CVE-2024-41184 Tenable has extracted the preceding description block directly from the...