Kgateway transformation policy template can emit files from the container

Summary The transformation policy template feature in Kgateway versions through 2.0.4 allows users with TrafficPolicy creation permissions to craft transformations that read and expose arbitrary files from the dataplane container filesystem. Description Impact Users with permissions to create a...

EUVD-2023-45105

Malicious code in bioql PyPI...

EUVD-2024-48006

Malicious code in bioql PyPI...

Palo Alto GlobalProtect App Windows 6.x < 6.2.8-h2 / 6.3.x < 6.3.3-650-650 Improper Access Control (CVE-2025-4227)

The version of Palo Alto GlobalProtect App installed on the remote Windows host is 6.x prior to 6.2.8-h2 or 6.3.x prior to 6.3.3-650. It is, therefore, affected by a improper access control vulnerability: - An improper access control vulnerability in the Endpoint Traffic Policy Enforcement featur...

CVE-2025-4227 GlobalProtect App: Interception in Endpoint Traffic Policy Enforcement

An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement feature of the Palo Alto Networks GlobalProtect™ app allows...

PT-2025-25385 · Palo Alto Networks · Palo Alto Networks Globalprotect

Name of the Vulnerable Software and Affected Versions: Palo Alto Networks GlobalProtect app affected versions not specified Description: The issue is related to an improper access control vulnerability in the Endpoint Traffic Policy Enforcement feature. This allows certain packets to remain...

CVE-2024-9448 On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will not be dropp

On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will not be dropped and instead will be forwarded as if th...

PT-2025-20409 · Arista · Arista Eos

Name of the Vulnerable Software and Affected Versions: Arista EOS affected versions not specified Description: The issue affects Arista EOS platforms with Traffic Policies configured, causing received untagged packets to bypass Traffic Policy rules. As a result, packets that should be dropped...

GHSA-24QP-4XX8-3JVJ Cilium East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers

Impact For Cilium users who: - Use Gateway API for Ingress for some services AND - Use LB-IPAM or BGP for LB Service implementation AND - Use network policies to block egress traffic from workloads in a namespace to workloads in other namespaces Egress traffic from workloads covered by such netwo...

CVE-2024-6437 On affected platforms running Arista EOS with one of the following features configured to redirect IP traffic to a next hop: policy-based routing (PBR), BGP Flowspec, or interface traffic policy -- certain IP traffic such as IPv4 packets with IP options ma

On affected platforms running Arista EOS with one of the following features configured to redirect IP traffic to a next hop: policy-based routing PBR, BGP Flowspec, or interface traffic policy -- certain IP traffic such as IPv4 packets with IP options may bypass the feature's set nexthop action a...

CVE-2024-6437

CVE-2024-6437 affects Arista EOS when policy-based routing (PBR), BGP Flowspec, or interface traffic policy is configured to redirect traffic to a next hop. The issue causes certain IPv4 packets (e.g., with IP options) to bypass the configured nexthop and be slow-path forwarded by the kernel to t...

PT-2025-3683 · Arista · Arista Eos

Name of the Vulnerable Software and Affected Versions: Arista EOS versions prior to 4.32.1F Description: The issue affects Arista EOS platforms with features like policy-based routing PBR, BGP Flowspec, or interface traffic policy configured to redirect IP traffic to a next hop. Certain IP traffi...

Impact of TunnelVision Vulnerability

The Palo Alto Networks Product Security Assurance team has evaluated the TunnelVision vulnerability as it relates to our products. This issue allows an attacker with the ability to send DHCP messages on the same local area network, such as a rogue Wi-Fi network, to leak traffic outside of the...

Design/Logic Flaw

When a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, and an iRule using the HTTPREQUEST event or Local Traffic Policy are associated with the virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached...

CVE-2023-40534

CVE-2023-40534 affects F5 BIG-IP HTTP/2 in multiple branches. When a client-side HTTP/2 profile and the HTTP MRF Router option are enabled on a virtual server, and an iRule using HTTP_REQUEST or a Local Traffic Policy is attached, undisclosed requests can cause the Traffic Management Microkernel ...

K56715231: TMM buffer-overflow vulnerability CVE-2021-22991

Security Advisory Description Undisclosed requests to a virtual server may be incorrectly handled by Traffic Management Microkernel TMM URI normalization, which may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it theoretically may allow bypass of URL based access...

K22216037: TMM vulnerability CVE-2016-9245

Security Advisory Description Malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default "Normalize URI" configuration options used in iRules...