23 matches found
CVE-2026-45039
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the internode RPC layer authenticates every request with an HMAC-SHA256 signature using a shared secret. The function that produces this secret, getsharedsecret in crates/ecstore/src/rpc/httpauth.rs, falls back to...
EUVD-2022-34807
Malicious code in bioql PyPI...
CVE-2019-11495
In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. Couchbase Server uses erlang:now to seed the PRNG which results in a small search space for potential random seeds that could then be used to brute force the cookie and execute code against a remot...
Fedora 36 : booth (2022-6744980220)
The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-6744980220 advisory. Remove Alias directive from [email protected] unit file ---- Security fix for CVE-2022-2553 Tenable has extracted the preceding description block...
Fedora 35 : booth (2022-e0a87993b8)
The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-e0a87993b8 advisory. Remove Alias directive from [email protected] unit file ---- Security fix for CVE-2022-2553 Tenable has extracted the preceding description block...
booth: authfile directive in booth config file is completely ignored.
A flaw was found in booth in the way it handles the authfile directive in configuration files, which causes authentication to be skipped between nodes. As a result, an attacker-controlled node that does not have the correct authentication key does not prevent communication with other nodes in the...
Debian: Security Advisory (DSA-5194-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 5194-1] booth security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5194-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 29, 2022 https://www.debian.org/security/faq -...
DEBIAN-CVE-2022-2553
The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster...
booth 授权问题漏洞
Both is an open source ticket manager from ClusterLabs. A security vulnerability exists in booth that stems from the authfile directive in the booth configuration file being ignored, preventing the use of authentication in node-to-node communication. As a result, a node without the correct...
Apache Solr insecure inter-node communication
Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious...
CVE-2019-11495
In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. Couchbase Server uses erlang:now to seed the PRNG which results in a small search space for potential random seeds that could then be used to brute force the cookie and execute code against a remot...
CVE-2019-11495
In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. Couchbase Server uses erlang:now to seed the PRNG which results in a small search space for potential random seeds that could then be used to brute force the cookie and execute code against a remot...
PT-2019-12335 · Couchbase · Couchbase Server
Name of the Vulnerable Software and Affected Versions: Couchbase Server versions prior to 6.0.0 Description: The issue arises from the insecure generation of a cookie used for intra-node communication in Couchbase Server. Specifically, the erlang:now function is used to seed the PRNG, resulting i...
Security Bulletin: CVE-2017-7660: Security Vulnerability in secure inter-node communication in Apache Solr
Summary A potential security vulnerability has been identified for systems that are set up to use basic authentication. The version of Solr that is included with both IBM i2 Enterprise Insight Analysis and IBM i2 Analyze is affected, and has been patched in the latest fix pack. Vulnerability...
CVE-2017-7660
Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious...
Apache Solr Inter-Node Communication Vulnerability (SOLR-10624) - Linux
Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node i...
Apache Solar 5.5.4 / 6.5.1 Member Spoofing Vulnerability
Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious...
CVE-2017-7660
Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious...
Authentication flaw
Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious...