CVE-2022-23509

CVE-2022-23509 concerns insecure, unencrypted communication between Weave GitOps’ GitOps Run and its local S3 bucket. This allows privileged users or processes to tap traffic and obtain information enabling access to the S3 bucket, potentially leading to bucket content modification and unintended...

CVE-2022-23509 Weave Gitops Run vulnerable to insecure communication

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. The communication between GitOps...

SUSE-SU-2023:0010-1 Security update for saphanabootstrap-formula

This update for saphanabootstrap-formula fixes the following issues: - Version bump 0.13.1 revert changes to spec file to re-enable SLES RPM builds CVE-2022-45153: Fixed privilege escalation for arbitrary users in hana/hacluster.sls bsc1205990 - Version bump 0.13.0 pass sid to sudoers in a SLES12...

CVE-2019-19030

Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal via the HTTP status code whether a resource exists...

CVE-2019-19030

Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal via the HTTP status code whether a resource exists...

CVE-2019-19030

The CVE-2019-19030 issue affects Harbor (Cloud Native Computing Foundation Harbor) prior to 1.10.3 and 2.x prior to 2.0.1. Root cause: unauthenticated API calls allow resource existence checks, enabling resource enumeration via HTTP status responses. Impact: information disclosure by revealing wh...

CVE-2022-41999

A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and v2.4.4.2. A specially-crafted .dds can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability...

Denial of service

A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and v2.4.4.2. A specially-crafted .dds can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability...

Forrester names Microsoft a Leader in Q4 2022 Security Analytics Platforms Wave report

We’re excited to announce that Microsoft is named a Leader in The Forrester Wave: Security Analytics Platforms, Q4 2022. Microsoft achieved the highest possible score in 17 different criteria, including partner ecosystem, innovation roadmap, product security, case management, and architecture. Wi...

Forrester names Microsoft a Leader in Q4 2022 Security Analytics Platforms Wave report

We’re excited to announce that Microsoft is named a Leader in The Forrester Wave: Security Analytics Platforms, Q4 2022. Microsoft achieved the highest possible score in 17 different criteria, including partner ecosystem, innovation roadmap, product security, case management, and architecture. Wi...

Pair.sol : baseTokenReserves() can be manipulatable if the base token is native token

Lines of code Vulnerability details Impact Price manipulation in following functions wherever the baseTokenReserves; is called. buyQuote, sellQuote, addQuote, removeQuote Proof of Concept function baseTokenReserves internal view returns uint256 return baseToken == address0 ? addressthis.balance -...

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.1 release and security update

Red Hat JBoss Web Server 5.7.1 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which give...

ASB-A-222166527

In GetResolvedMethod of entrypointutils-inl.h, there is a possible use after free due to a stale cache. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

This Week in Spring - November 29th, 2022 (Spring Boot 3 has arrived)

Hi, Spring fans! Its here! Its finally here, at long last! Spring Boot 3!! And of course with Spring Boot 3.0 comes a whole portfolio of integrated projects that have also been updated! Remember, a huge theme in this release is support for GraalVM native images, and thats now supported across the...

Wiz and BigID expand partnership to extend visibility and control for enterprise data to prevent breaches

Deeper partnership accelerates end-to-end cloud-native data protection from discovery to enforcement...

Quarkus has an unspecified vulnerability

Quarkus is a cloud-native Linux container-first framework for writing Java applications. A security vulnerability exists in Quarkus versions prior to 2.13.5, 2.14.0 and later, and prior to 2.14.2. An attacker can exploit the vulnerability to remotely execute code...

Spring Tips: the road to Spring Framework 6: the new Ahead-of-Time Compilation Engine and GraalVM

Hi, Spring fans! Spring Boot 3 is here or will be tomorrow, on the 24th of November, 2022, to be more precise!, bringing a fantastic new Ahead-of-Time AOT compilation engine that supports GraalVM native images. Join me, and well dive deep into the engine and its interactions with the Spring...

Will Cloud-Native Network Security Oust Firewalls?

Security threats have already begun to outpace cloud firewalls. It’s a fact. But organizations exploring new cloud-native solution find themselves more prepared to stay resilient. Find out how cloud-native network security’s features and benefits are making this possible...

QSC 2022: Listening to the Voice of the Customer

It would be redundant to state that today’s threat landscape is growing increasingly sophisticated and erratic. With all types of attacks becoming “commonplace,” the baseline for normal is abnormal. Bad actors are taking advantage of whatever attack vector they can whether that is a phishing...

Native funds on the aggregator contract balance is a free grab

Lines of code Vulnerability details Native funds on the aggregator contract balance is a free grabLooksRareAggregator's execute returns the native balance of the contract to the caller even when nothing was provided with the call. This happens when LooksRareAggregator's execute is called directly...