Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the proxy module due to blindly trusting ExternalIPs/LoadBalancer IPs. An attacker can redirect cluster-wide network traffic or disrupt DNS services by assigning arbitrary external IPs or loadBalancer IPs withou...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the proxy module due to blindly trusting ExternalIPs/LoadBalancer IPs. An attacker can redirect cluster-wide network traffic or disrupt DNS services by assigning arbitrary external IPs or loadBalancer IPs withou...

CVE-2026-32254

Kube-router is a turnkey solution for Kubernetes networking. Prior to version 2.8.0, Kube-router's proxy module does not validate externalIPs or loadBalancer IPs before programming them into the node's network configuration. Version 2.8.0 contains a patch for the issue. Available workarounds...

CVE-2026-32254 Kube-router Proxy Module Blindly Trusts ExternalIPs/LoadBalancer IPs Enabling Cluster-Wide Traffic Hijacking and DNS DoS

Kube-router is a turnkey solution for Kubernetes networking. Prior to version 2.8.0, Kube-router's proxy module does not validate externalIPs or loadBalancer IPs before programming them into the node's network configuration. Version 2.8.0 contains a patch for the issue. Available workarounds...

CVE-2026-32254 Kube-router Proxy Module Blindly Trusts ExternalIPs/LoadBalancer IPs Enabling Cluster-Wide Traffic Hijacking and DNS DoS

Kube-router is a turnkey solution for Kubernetes networking. Prior to version 2.8.0, Kube-router's proxy module does not validate externalIPs or loadBalancer IPs before programming them into the node's network configuration. Version 2.8.0 contains a patch for the issue. Available workarounds...

kube-router 安全漏洞

Kube-router is a Kubernetes networking solution open sourced by CloudNative Labs. Versions of Kube-router prior to 2.8.0 contained security vulnerabilities. These vulnerabilities stemmed from the proxy module not verifying the externalIPs or loadBalancer IPs, which could lead to improper network...

MiracleLinux 8 : httpd:2.4 (AXSA:2022-3749:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3749:01 advisory. httpd: modproxy NULL pointer dereference CVE-2020-13950 Tenable has extracted the preceding description block directly from the MiracleLinux security advisor...

EulerOS Virtualization 2.13.1 : httpd (EulerOS-SA-2025-2543)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of...

[SECURITY] Fedora 42 Update: python-kdcproxy-1.1.0-1.fc42

This package contains a Python WSGI module for proxying KDC requests over HTTP by following the MS-KKDCP protocol. It aims to be simple to deploy, with minimal configuration...

EUVD-2006-3219

Malware in sbrugna...

EUVD-2022-1607

Malicious code in bioql PyPI...

CVE-2025-6947

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the SIP Proxy module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox...

httpd: mod_proxy_http2: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module

An assertion failure flaw was found in Apache httpd. Untrusted clients can send inputs that trigger an assertion failure in the modproxyhttp2 module, which likely results in an Apache HTTP server crash or denial of service DoS...

httpd: mod_proxy_http2: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module

An assertion failure flaw was found in Apache httpd. Untrusted clients can send inputs that trigger an assertion failure in the modproxyhttp2 module, which likely results in an Apache HTTP server crash or denial of service DoS...

httpd: mod_proxy_http2: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module

An assertion failure flaw was found in Apache httpd. Untrusted clients can send inputs that trigger an assertion failure in the modproxyhttp2 module, which likely results in an Apache HTTP server crash or denial of service DoS...

RHEL 10 : mod_http2 (RHSA-2025:14625)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:14625 advisory. The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: modproxyhttp2...

Linux Distros Unpatched Vulnerability : CVE-2011-4968

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nginx http proxy module does not verify peer identity of https origin server which could facilitate man- in-the-middle attack MITM CVE-2011-4968 Note that Nessu...

USN-7639-2: Apache HTTP Server vulnerabilities

USN-7639-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and addressed a regression fix LP: 2119395. CVE-2025-49630 and CVE-2025-53020 only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original...

USN-7639-2 apache2 vulnerabilities

USN-7639-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and addressed a regression fix LP: 2119395. CVE-2025-49630 and CVE-2025-53020 only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original...

httpd: mod_proxy_http2: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module

An assertion failure flaw was found in Apache httpd. Untrusted clients can send inputs that trigger an assertion failure in the modproxyhttp2 module, which likely results in an Apache HTTP server crash or denial of service DoS...