CVE-2024-56513 Karmada PULL Mode Cluster Privilege Escalation

Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, the PULL mode clusters registered with the karmadactl register command have excessive privileges to access control plane resources...

Malicious code in twilio-voice-react-native-reference-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d9657ad82a767c729a41687ce64fc66b8d9727da18bc576e49a6c362582772d0 The OpenSSF Package Analysis project identified 'twilio-voice-react-native-reference-server' @ 1.1.0 npm as malicious. It is considered maliciou...

Malicious code in react-native-simpl (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c97d735ebc317ac72a7551682b1498e38aa84ed2e3be90fc979c8c7fedeb8b8f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-12089 Malicious code in react-native-simpl (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c97d735ebc317ac72a7551682b1498e38aa84ed2e3be90fc979c8c7fedeb8b8f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

BIT-ENVOY-2024-53269 Happy Eyeballs: Validate that additional_address are IP addresses instead of crashing when sorting in envoy

Envoy is a cloud-native high-performance edge/middle/service proxy. When additional address are not ip addresses, then the Happy Eyeballs sorting algorithm will crash in data plane. This issue has been addressed in releases 1.32.2, 1.31.4, and 1.30.8. Users are advised to upgrade. Users unable to...

CVE-2024-2201

A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent FineIBT, and to leak arbitrary Linux kernel memory on Intel systems...

CVE-2024-53270

Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions sendOverloadError is going to assume the active request exists when envoy.loadshedpoints.http1serverabortdispatch is configured. If activerequest is nullptr, only onMessageBeginImpl is called. However, the...

Envoy Proxy 安全漏洞

Envoy Proxy is a cloud-native, high-performance edge/intermediate/service proxy open-sourced by Envoy Proxy. A security vulnerability exists in Envoy Proxy that stems from the fact that sending a payload when resetting a request early could lead to a crash...

Malicious code in snap-kit-react-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 591274c196648c43d806cc38ac33a04319ff82c5c4c9b1028590552c1fe4a841 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Quarkus 环境问题漏洞

Quarkus is a cloud-native Linux container-first framework for writing Java applications. An environmental issue vulnerability exists in Quarkus that stems from the inclusion of an HTTP cookie smuggling issue...

IBM Cloud Pak for Data Resource Management Error Vulnerability

IBM Cloud Pak for Data is a cloud-native solution from International Business Machines IBM that allows customers to use data and analyze it quickly and efficiently. A resource management error vulnerability exists in IBM Cloud Pak for Data versions 4.0.0 through 5.0.2, which stems from not proper...

Lorex 2K Indoor Wi-Fi Security Camera 安全漏洞

Lorex 2K Indoor Wi-Fi Security Camera is a series of security cameras from Lorex Canada. A security vulnerability previously existed in Lorex 2K Indoor Wi-Fi Security Camera version 2.800.0000000.8.R.20241111. An attacker exploiting this vulnerability could execute arbitrary operating system...

The vulnerability of the Native Client component of the Microsoft SQL Server database management system allows a hacker to execute arbitrary code.

The vulnerability of the Native Client component in the Microsoft SQL Server database management system is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of the Native Client component of the Microsoft SQL Server database management system allows a hacker to execute arbitrary code.

The vulnerability of the Native Client component in the Microsoft SQL Server database management system is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of the Native Client component of the Microsoft SQL Server database management system allows a hacker to execute arbitrary code.

The vulnerability of the Native Client component in the Microsoft SQL Server database management system is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of the Native Client component of the Microsoft SQL Server database management system allows a hacker to execute arbitrary code.

The vulnerability of the Native Client component in the Microsoft SQL Server database management system is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of the Native Client component of the Microsoft SQL Server database management system allows a hacker to execute arbitrary code.

The vulnerability of the Native Client component in the Microsoft SQL Server database management system is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of the Native Client component of the Microsoft SQL Server database management system allows a hacker to execute arbitrary code.

The vulnerability of Native Client components in Microsoft SQL Server databases relates to the use of memory after it is freed. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of the Native Client component of the Microsoft SQL Server database management system allows a hacker to execute arbitrary code.

The vulnerability of Native Client components in the Microsoft SQL Server database management system is related to numerical truncation errors. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of the Native Client component of the Microsoft SQL Server database management system allows a hacker to execute arbitrary code.

The vulnerability of the Native Client component in the Microsoft SQL Server database management system is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...