5879 matches found
SUSE-SU-2024:3423-1 Security update for xen
This update for xen fixes the following issues: - CVE-2024-2201: Mitigation for Native Branch History Injection XSA-456, bsc1222453 - CVE-2024-31143: Fixed double unlock in x86 guest IRQ handling XSA-458, bsc1227355 - CVE-2024-31145: Fixed error handling in x86 IOMMU identity mapping XSA-460,...
Enhancing Cloud-Native Security: Qualys Introduces Scanning for Container-Optimized OS in Google Kubernetes Engine
As organizations move from traditional workloads to containerized environments, they encounter new security challenges. Containers bring added complexity that traditional security tools often struggle to manage, largely because of their transient nature and the shared responsibility between the...
The vulnerability of the Native Scoring component of the Microsoft SQL Server database management system allows a hacker to execute arbitrary code.
The vulnerability of the Native Scoring component of the Microsoft SQL Server database management system is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
The vulnerability of the Native Scoring component of the Microsoft SQL Server database management system allows a hacker to execute arbitrary code.
The vulnerability of the Native Scoring component of the Microsoft SQL Server database management system is related to the dereferencing of an unreliable pointer. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Native Scoring component of the Microsoft SQL Server database management system allows a hacker to execute arbitrary code.
The vulnerability of the Native Scoring component of the Microsoft SQL Server database management system relates to reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code remotely...
The vulnerability of the Native Scoring component of the Microsoft SQL Server database management system allows a hacker to execute arbitrary code.
The vulnerability of the Native Scoring component of the Microsoft SQL Server database management system is related to the use of memory after it is freed. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
The vulnerability of the Native Scoring component of the Microsoft SQL Server database management system allows a hacker to execute arbitrary code.
The vulnerability of the Native Scoring component of the Microsoft SQL Server database management system is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
The vulnerability of the Native Scoring component of the Microsoft SQL Server database management system allows a hacker to execute arbitrary code.
The vulnerability of the Native Scoring component of the Microsoft SQL Server database management system is related to the dereferencing of an unreliable pointer. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
Expanding the Security Horizon: Introducing Rapid7 MDR for the Extended Ecosystem
As the cybersecurity landscape gets more complex, the stakes for keeping organizations safe have never been higher. Security teams are tasked with keeping ahead of new ransomware groups, rapidly evolving adversary tactics, and their dynamic attack surface as their business grows. Security...
BIT-ENVOY-2024-45807 oghttp2 crash on OnBeginHeadersForStream in envoy
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using oghttp as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the oghttp2 by default. The impact of this issue is that envoy wi...
BIT-ENVOY-2024-45809 Jwt filter crash in the clear route cache with remote JWKs in envoy
Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, which requires async header processing; 2. clearroutecache is enabled on the provider; 3. header...
BIT-ENVOY-2024-45810 Envoy crashes for LocalReply in http async client
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling sendLocalReply under some circumstance, e.g., websocket upgrade, and requests mirroring. The http async client will crash during the sendLocalReply in http async client, one...
CVE-2024-45807
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using oghttp as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the oghttp2 by default. The impact of this issue is that envoy wi...
CVE-2024-45807
CVE-2024-45807 affects Envoy 1.31.x where the default HTTP/2 codec is the oghttp implementation. The issue stems from bugs in stream management within oghttp2, which can cause Envoy to crash. A fix is available: upgrade to 1.31.2 (addressed in multiple advisories). Workarounds include disabling o...
CVE-2023-27584
CVE-2023-27584 affects Dragonfly2, an open-source P2P file distribution system. The vulnerability is caused by a hard-coded JWT secret key, "Secret Key", which enables authentication bypass. An attacker can perform actions with admin privileges by crafting a valid JWT token, potentially accessing...
CVE-2024-45410
Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modif...
RHSA-2012:0039 Red Hat Security Advisory: mod_cluster-native security update
Bulletin has no description...
RHSA-2012:0037 Red Hat Security Advisory: mod_cluster-native security update
Bulletin has no description...
RHSA-2012:0035 Red Hat Security Advisory: mod_cluster-native security update
Bulletin has no description...
IBM Concert Information Disclosure Vulnerability
IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. A security vulnerability exists in IBM Concert version 1.0 that stems from not setting a security attribute on an authorization token or session cookie...