Lucene search
K

154 matches found

CNNVD
CNNVD
added 2025/05/02 12:0 a.m.2 views

IBM Concert 路径遍历漏洞

IBM Concert Software is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. A path traversal vulnerability exists in IBM Concert Software that stems from improperly handling URL requests that contain point sequences, a...

5.3CVSS6.7AI score0.00414EPSS
Exploits0References2
Akamai Blog
Akamai Blog
added 2025/03/27 10:20 a.m.4 views

AI Inference on Akamai Cloud: Enabling Developers to Accelerate Edge Native Applications

...

7AI score
Exploits0
CNVD
CNVD
added 2025/03/13 12:0 a.m.7 views

IBM Concert Brute Force Exploit

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. A brute force vulnerability exists in IBM Concert version 1.0.5 that stems from insufficient account lockout settings and can be exploited by an attack...

7.5CVSS6.8AI score0.00398EPSS
Exploits0References1
CNVD
CNVD
added 2025/01/16 12:0 a.m.7 views

IBM Concert Input Validation Error Vulnerability (CNVD-2025-02547)

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. An input validation error vulnerability exists in IBM Concert versions 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3, which stems from incorrect log...

5.4CVSS6.2AI score0.00251EPSS
Exploits0References1
CNVD
CNVD
added 2025/01/16 12:0 a.m.7 views

IBM Concert Information Disclosure Vulnerability (CNVD-2025-02548)

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. An information disclosure vulnerability exists in IBM Concert versions 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3, which stems from a detailed technical...

5.3CVSS6.1AI score0.00375EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/03 4:11 p.m.7 views

CVE-2024-56513 Karmada PULL Mode Cluster Privilege Escalation

Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, the PULL mode clusters registered with the karmadactl register command have excessive privileges to access control plane resources...

8.7CVSS6.8AI score0.00476EPSS
Exploits0References4
CNVD
CNVD
added 2024/11/21 12:0 a.m.7 views

IBM Concert Access Control Error Vulnerability

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. An Access Control Error vulnerability exists in versions prior to IBM Concert 1.0.3 that stems from improper access control and can be exploited by an...

8.8CVSS6.5AI score0.00302EPSS
Exploits0References1
CNVD
CNVD
added 2024/11/07 12:0 a.m.10 views

IBM Concert Trust Management Issues Vulnerability (CNVD-2024-49175)

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. A trust management issue vulnerability exists in IBM Concert versions 1.0.0 and 1.0.1 that stems from vulnerability to attacks that rely on the use of...

9.8CVSS6.4AI score0.00316EPSS
Exploits0References1
Trend Micro Simply Security
Trend Micro Simply Security
added 2024/10/18 12:0 a.m.2 views

Gartner 2024 CNAPP Market Guide Insights for Leaders

As businesses increasingly pivot to cloud-native applications, the landscape of cybersecurity becomes ever more challenging...

7.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/09/24 3:0 p.m.13 views

Enhancing Cloud-Native Security: Qualys Introduces Scanning for Container-Optimized OS in Google Kubernetes Engine

As organizations move from traditional workloads to containerized environments, they encounter new security challenges. Containers bring added complexity that traditional security tools often struggle to manage, largely because of their transient nature and the shared responsibility between the...

7.5AI score
Exploits0
CNVD
CNVD
added 2024/09/13 12:0 a.m.7 views

IBM Concert Information Disclosure Vulnerability

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. A security vulnerability exists in IBM Concert version 1.0 that stems from not setting a security attribute on an authorization token or session cookie...

4.3CVSS6.3AI score0.0022EPSS
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2024/08/19 3:25 p.m.11 views

5 Key Insights from the Gartner® Market Guide for Cloud-Native Application Protection Platforms (CNAPP)

As the cloud landscape continues to evolve, organizations face the growing challenge of securing their cloud-native applications. We feel the 2024 Gartner Market Guide for Cloud-Native Application Protection Platforms CNAPP provides invaluable insights into the latest trends and technologies that...

7.6AI score
Exploits0
NVD
NVD
added 2024/07/17 6:15 p.m.16 views

CVE-2024-40636

Steeltoe is an open source project that provides a collection of libraries that helps users build production-grade cloud-native applications using externalized configuration, service discovery, distributed tracing, application management, and more. When utilizing multiple Eureka server service UR...

5.3CVSS0.00414EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/03/16 12:33 a.m.32 views

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

9CVSS7.2AI score0.00654EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 10:56 a.m.20 views

BIT-ENVOY-2021-43825 Use-after-free in Envoy

Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered dat...

7.5CVSS7AI score0.00864EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 10:56 a.m.18 views

BIT-ENVOY-2022-21656 X.509 subjectAltName matching bypass in Envoy

Envoy is an open source edge and service proxy, designed for cloud-native applications. The defaultvalidator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This processing allows, for example, an rfc822Na...

7.4CVSS6.4AI score0.00768EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 10:55 a.m.31 views

BIT-ENVOY-2022-21657 X.509 Extended Key Usage and Trust Purposes bypass in Envoy

Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions Envoy does not restrict the set of certificates it accepts from the peer, either as a TLS client or a TLS server, to only those certificates that contain the necessary extendedKeyUsage...

6.8CVSS6.5AI score0.00509EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 10:54 a.m.15 views

BIT-ENVOY-2023-27491 Envoy forwards invalid Http2/Http3 downstream headers

Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, There is a possibility that non compliant HTTP/1 service may allow malformed request...

9.1CVSS6.9AI score0.00869EPSS
Exploits1References5
OSV
OSV
added 2024/03/06 10:53 a.m.18 views

BIT-ENVOY-2023-35942 Envoy's gRPC access log crash caused by the listener draining

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, gRPC access loggers using listener's global scope can cause a use-after-free crash when the listener is drained. Versions 1.27.0, 1.26.4, 1.25.9,...

6.5CVSS7.7AI score0.00735EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2023/10/30 11:24 a.m.4 views

google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization

PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...

9.1CVSS5.9AI score0.01587EPSS
Exploits1References4
Rows per page
Query Builder