Security Bulletin: Multiple Vulnerabilities affect InfoSphere Data Replication Dashboard (CVE-2013-2999, CVE-2013-3001, CVE-2013-3000)

Abstract The InfoSphere Data Replication Dashboard has been affected by multiple vulnerabilities. See description of CVE-2013-2999, CVE-2013-3001, and CVE-2013-3000 below. Content VULNERABILITY DETAILS: CVE ID: CVE-2013-2999 DESCRIPTION: The Infosphere Data Replication Dashboard for mobile device...

The vulnerability of the Illumina Local Run Manager software lies in the absence of an authentication process, which allows attackers to infiltrate, replicate, modify, and/or intercept confidential data.

The vulnerability of the Illumina Local Run Manager software lies in the absence of an authentication process. Exploiting this vulnerability allows a malicious actor to remotely infiltrate, replicate, modify, and/or intercept sensitive data...

Detecting malicious key extractions by compromised identities for Azure Cosmos DB

Azure Cosmos DB is a fully managed NoSQL cloud database service for modern app development. It offers a variety of advanced built-in features, such as automatic worldwide data replication, lightning-fast response types, and a variety of APIs. In this blog post, we describe security practices for...

Malicious code in amazon-s3-data-replication-hub-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e4ca6ae6edf3790eb5efb9ad36e153e033bf826c074090d9d9cb473b1c56b5d0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-957 Malicious code in amazon-s3-data-replication-hub-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e4ca6ae6edf3790eb5efb9ad36e153e033bf826c074090d9d9cb473b1c56b5d0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1195 Malicious code in aws-data-replication-hub (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3144f2bcaaeb7484fb947374032c2b2444a2450702d11f3ed47cbb0e18706cf1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in aws-data-replication-hub (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3144f2bcaaeb7484fb947374032c2b2444a2450702d11f3ed47cbb0e18706cf1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in amazon-ecr-data-replication-hub-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a32deab8300fe35db0ea930f79cccefb774d8da37e8bb3cd231a3658cd492189 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-953 Malicious code in amazon-ecr-data-replication-hub-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a32deab8300fe35db0ea930f79cccefb774d8da37e8bb3cd231a3658cd492189 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-32560

An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings...

Improper Control of Generation of Code in Apache Kafka

In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss...

Cross-Regional Disaster Recovery with Elasticsearch

Unsurprisingly, here at Rewind, we've got a lot of data to protect over 2 petabytes worth. One of the databases we use is called Elasticsearch ES or Opensearch, as it is currently known in AWS. To put it simply, ES is a document database that facilitates lightning-fast search results. Speed is...

Security Bulletin: IBM InfoSphere Change Data Capture is affected by a Jackson 2.3.3 and 2.4.4 open source library vulnerabilities

Summary IBM Data Replication has addressed the following vulnerabilities: CVE-2017-17485 CVE-2018-5968 CVE-2017-15095 CVE-2017-7525 CVE-2018-7489 Vulnerability Details CVEID: CVE-2017-17485 DESCRIPTION: Jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused...

Apache Pulsar Input Validation Error Vulnerability

Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenant, persistent storage, multi-machine room cross-region data replication,...

SentryPeer - A Distributed Peer To Peer List Of Bad Actor IP Addresses And Phone Numbers Collected Via A SIP Honeypot

A distributed list of bad actor IP addresses and phone numbers collected via a SIP Honeypot. Introduction This is basically a fraud detection tool. It lets bad actors try to make phone calls and saves the IP address they came from and number they tried to call. Those details are then used to bloc...

MongoDB Server Denial of Service Vulnerability (CNVD-2021-101988)

Mongodb Server is an open source NoSQL database from Mongodb, Inc. The database provides collection-oriented storage, dynamic query, data replication and automatic failover, etc. A denial-of-service vulnerability exists in MongoDB Server, which can be exploited by an attacker with basic CRUD...

Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-4104) affects InfoSphere Data Replication

Summary There is a vulnerability in the version of Log4j that was included in InfoSphere Data Replication. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data wh...

Design/Logic Flaw

DISPUTED Styra Open Policy Agent OPA Gatekeeper through 3.7.0 mishandles concurrency, sometimes resulting in incorrect access control. The data replication mechanism allows policies to access the Kubernetes cluster state. During data replication, OPA/Gatekeeper does not wait for the replication t...

CVE-2021-43979

Styra Open Policy Agent OPA Gatekeeper through 3.7.0 mishandles concurrency, sometimes resulting in incorrect access control. The data replication mechanism allows policies to access the Kubernetes cluster state. During data replication, OPA/Gatekeeper does not wait for the replication to finish...

CVE-2021-43979

CVE-2021-43979 affects Styra Open Policy Agent (OPA) Gatekeeper up to version 3.7.0. The issue stems from mishandled concurrency during data replication, where OPA/Gatekeeper does not wait for replication to finish before processing requests. This can cause inconsistencies between replicated reso...