5834 matches found
Fortanix EnclaveOS Confidential Computing Manager Platform Security Vulnerability
Fortanix EnclaveOS Confidential Computing Manager Platform is a cloud-native service from Fortanix, Inc. that provides a complete solution for confidential computing in the cloud and in local workloads. A security vulnerability exists in Fortanix EnclaveOS Confidential Computing Manager Platform...
This Year in Spring - 2023
Welcome to another installment of This Week in Spring! It's December 26th, 2023, and we're staring down the new year! And you know what that means, right? It's time for our annual roundup, looking at all the latest and greatest in the wild and wonderful world of Springdom. This is This Year in...
CVE-2023-48704
ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on...
A Bootiful Podcast: Cloud Native Whitney Lee
Hi, Spring fans! In this installment, I talk to legendary Cloud Native Whitney Lee about cloud infrastructure, that one trick every dev must know, her new operations-centric gameshow, and more. Happy holidays to y'all!...
UBUNTU-CVE-2023-47118
ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on...
Malicious user can still native tokens of MoneyMarketHook caller
Lines of code Vulnerability details Proof of Concept MoneyMarketHook allows user to chain some actions into one multicall to the InitCore. In the end user can get all wrapped native tokens that he withdrew in a form of native token. Note, that this part of code withdraws all balance from wrapped...
org.typelevel:grackle-circe_native0.4_2.13 (>=0.15.0 <=0.17.2), org.typelevel:grackle-generic_native0.4_2.13 (>=0.15.0 <=0.17.2) +2 more potentially affected by CVE-2023-50730 via org.typelevel:grackle-core_native0.4_2.13 (>=0.15.0 <=0.17.2)
org.typelevel:grackle-corenative0.42.13 MAVEN version =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.17.2 Source cves: CVE-2023-50730 Source advisory: OSV:GHSA-G56X-7J6W-G8R8...
Rescan of Cloud Native Machines in Azure Fails After Credentials Change
Challenge After the Azure Storage account is changed, rescan of Cloud Native Agents e.g., Veeam Agent for Microsoft Windows , Veeam Agent for Linux fails with the error: Warning Failed to connect to Details: Azure REST API error. HTTP code: 403. Azure error: AuthenticationFailed. Full error:...
CVE-2023-46727
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, GLPI inventory endpoint can be used to drive a SQL injection attack. Version 10.0.11 contains a patch for the issue. As a workaround, disable native inventory...
CVE-2023-46727 GLPI SQL injection through inventory agent request
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, GLPI inventory endpoint can be used to drive a SQL injection attack. Version 10.0.11 contains a patch for the issue. As a workaround, disable native inventory...
CVE-2023-46727 GLPI SQL injection through inventory agent request
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, GLPI inventory endpoint can be used to drive a SQL injection attack. Version 10.0.11 contains a patch for the issue. As a workaround, disable native inventory...
Security Bulletin: Multiple vulnerabilities in IBM Storage Scale Container Native could allow access to container outside the current namespace
Summary Multipe security vulnerabilities have been identified in IBM Storage Scale Container Native that could allow access to container outside the current namespace. A fix for these vulnerabilities is available. Vulnerability Details CVEID:CVE-2022-41738 DESCRIPTION: IBM Spectrum Scale could...
Malicious code in react-native-dual-pedometer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9acd69705b8c10caa5420e37e485d6406deb1e7006761f8316bdc7972c7cec69 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-8679 Malicious code in react-native-dual-pedometer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9acd69705b8c10caa5420e37e485d6406deb1e7006761f8316bdc7972c7cec69 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Going Cloud Native, and What “Portability” Really Means
...
Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.7 release and security update
Red Hat JBoss Web Server 5.7.7 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVS...
Quarkus Security Vulnerabilities
Quarkus is a cloud-native Linux container-first framework for writing Java applications. A security vulnerability exists in Quarkus. An attacker could exploit this vulnerability to gain access to sensitive data...
Wiz recognized by Frost and Sullivan as a leading Cloud Native Application Protection Platform for 2023
Learn why Frost & Sullivan's Frost Radar Report describes the Wiz platform "as one of the market’s most powerful cloud infrastructure security platforms."...
3 reasons why now is the time to go cloud native for device management
The post 3 reasons why now is the time to go cloud native for device management appeared first on Microsoft Security Blog...
3 reasons why now is the time to go cloud native for device management
The post 3 reasons why now is the time to go cloud native for device management appeared first on Microsoft Security Blog...