154 matches found
CVE-2022-21656
Envoy is an open source edge and service proxy, designed for cloud-native applications. The defaultvalidator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This processing allows, for example, an rfc822Na...
CVE-2021-43825
Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered dat...
CVE-2021-43824
Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions a crafted request crashes Envoy when a CONNECT request is sent to JWT filter configured with regex match. This provides a denial of service attack vector. The only workaround is to not use...
Type confusion
Envoy is an open source edge and service proxy, designed for cloud-native applications. The defaultvalidator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This processing allows, for example, an rfc822Na...
Buffer overflow
Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered dat...
CVE-2021-30358
Mobile Access Portal Native Applications who's path is defined by the administrator with environment variables may run applications from other locations by the Mobile Access Portal Agent...
CVE-2021-30358
CVE-2021-30358 affects Check Point Mobile Access Portal Native Applications when the administrator configures a path with environment variables; the Mobile Access Portal Agent may run an arbitrary application from a crafted location. The issue arises due to how the agent handles environment-varia...
Apple iOS和Apple iPadOS 授权问题漏洞
Apple iOS and Apple iPadOS are products of Apple Inc.Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for iPad tablets.Apple iOS 14.7 and iPadOS 14.7 are vulnerable to an authorization issue in the OS Kernel subsystem logic. Apple iOS 14.7 and iPad...
Apple macOS 安全漏洞
Apple macOS is a specialized operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS that stems from a vulnerability due to improper security restrictions, where a sandboxed process may be able to bypass the sandbox restrictions. The vulnerabilit...
CVE-2021-24037
A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of...
Apple tvOS 权限许可和访问控制问题漏洞
Apple tvOS is an operating system for Smart TVs from Apple. A vulnerability exists in Apple tvOS due to a permissions licensing and access control issue, which arises from an application not properly imposing security restrictions in the "crash report" component. The vulnerability allows native...
NATS Server Access Control Error Vulnerability
NATS Server is an open source messaging system. The system is mainly used for cloud-native applications, IoT messaging and microservices architecture. An access control error vulnerability exists in NATS Server 2.x before 2.2.0 and JWT library before 2.0.1, which stems from improper handling of...
Can security and compliance for managed database services be simple?
Actual Tech Media recently released a new entry in its Gorilla Guide series for IT professionals, focused on simplifying security and compliance for Database as a Service DBaaS. The Gorilla Guide To® Securing Database as a Service DBaaS features Imperva Cloud Data Security as a solution to help...
CVE-2020-1896
A stack overflow vulnerability in Facebook Hermes 'builtin apply' prior to commit 86543ac47e59c522976b5632b8bf9a2a4583c7d2 https://github.com/facebook/hermes/commit/86543ac47e59c522976b5632b8bf9a2a4583c7d2 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that th...
CVE-2020-1896
A stack overflow vulnerability in Facebook Hermes 'builtin apply' prior to commit 86543ac47e59c522976b5632b8bf9a2a4583c7d2 https://github.com/facebook/hermes/commit/86543ac47e59c522976b5632b8bf9a2a4583c7d2 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that th...
Stack overflow
A stack overflow vulnerability in Facebook Hermes 'builtin apply' prior to commit 86543ac47e59c522976b5632b8bf9a2a4583c7d2 https://github.com/facebook/hermes/commit/86543ac47e59c522976b5632b8bf9a2a4583c7d2 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that th...
The Origin Is No More
Over the last 15 years, there's been a paradigm shift. Long gone are the days when you built and managed your own data center, were responsible for the physical hardware and the management overhead, and endured the high capital investment of the build and maintenance. As soon as central cloud...
CVE-2020-1915
An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application...
Memory corruption
An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application...
CVE-2020-1915
An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application...