CVE-2022-21654 Incorrect configuration handling allows TLS session re-use without re-validation in Envoy

Envoy is an open source edge and service proxy, designed for cloud-native applications. Envoy's tls allows re-use when some cert validation settings have changed from their default configuration. The only workaround for this issue is to ensure that default tls settings are used. Users are advised...

CVE-2022-21657 X.509 Extended Key Usage and Trust Purposes bypass in Envoy

Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions Envoy does not restrict the set of certificates it accepts from the peer, either as a TLS client or a TLS server, to only those certificates that contain the necessary extendedKeyUsage...

CVE-2022-23606

CVE-2022-23606 affects Envoy. When a cluster is deleted via Cluster Discovery Service (CDS), idle connections to endpoints in that cluster are disconnected. A recursion was introduced in the disconnect procedure, which can lead to stack exhaustion and abnormal process termination when many idle c...

[WP-H5] RewardDistributor.setBribeVault() can cause users who haven't claimed their native tokens yet can not claim the reward anymore

Lines of code Vulnerability details In the current implementation, RewardDistributor.claim is using if token != bribeVault token is from rewardsrewardIdentifier.token to detect whether it's a ERC20 token or native token ETH. However, this is not a trustworthy way to determine whether the reward i...

High-Severity RCE Bug Found in Popular Apache Cassandra Database

Researchers have shared details about a now-patched, high-severity security bug in the Apache Cassandra open-source NoSQL distributed database that’s easy to exploit and, if left unpatched, could enable attackers to gain remote code execution RCE. The bug, which involves how Cassandra creates...

Apache Apisix Remote Code Execution Vulnerability

Apache Apisix is a cloud-native microservice API gateway service from the Apache Foundation. The software is based on OpenResty and etcd to realize , with dynamic routing and plug-in hot loading , suitable for microservice system under the API management . A remote code execution vulnerability...

Atlassian Confluence Server 代码问题漏洞

Atlassian Confluence Server is a server version of Atlassian Australia's suite of collaborative software with enterprise knowledge management capabilities and support for building enterprise WiKi. An elevation of privilege vulnerability exists in Atlassian Confluence Server, which stems from an...

What is a cloud native application protection platform (CNAPP)?

We explore CNAPP, the latest industry acronym coined by the Gartner report Innovation Insight for Cloud-Native Application Protection Platforms, and why devs need to know about it...

A Cloud Native Application Protection Platform Guide

In this article we explore CNAPP, the latest industry acronym coined by Gartner, and why devs need to know about it...

Dell EMC Integrated System 安全漏洞

DELL EMC Integrated System is a native hybrid cloud platform for infrastructure and platform-as-a-service from Dell USA. An elevation of privilege vulnerability exists in Dell EMC Integrated System for Microsoft Azure Stack Hub. The vulnerability stems from an incorrect programmatic call to an...

CVE-2007-20001

A flaw was found in StarWind iSCSI target. An attacker could script standard iSCSI Initiator operations to exhaust the StarWind service socket, which could lead to denial of service. This affects iSCSI SAN Windows Native Version 3.2.2 build 2007-02-20...

CVE-2013-20004

A flaw was found in StarWind iSCSI target. StarWind service does not limit client connections and allocates memory on each connection attempt. An attacker could create a denial of service state by trying to connect a non-existent target multiple times. This affects iSCSI SAN Windows Native Versio...

@abeai/job-consumer (>=3.5.0 <=3.7.0), @abeai/node-logging (>=7.5.0 <=7.10.0) +15 more potentially affected by CVE-2022-25852 via pg-native (=3.0.0)

pg-native NPM version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on pg-native and may be impacted: - @abeai/job-consumer =3.5.0, =7.5.0, =6.3.0, =1.1.1, =0.0.1, =10.0.0, =10.0.0, =1.0.0, =1.0.0, =1.3.1, =1.0.0-alpha, =2.0.4, =3.0.5 and more...

Denial of Service (DoS)

Overview pg-native is a high performance native bindings between node.js and PostgreSQL via libpq with a simple API. Affected versions of this package are vulnerable to Denial of Service DoS when the addons attempt to cast the second argument to an array and fail. This happens for every non-array...

Denial of Service (DoS)

Overview libpq is a node native bindings to the PostgreSQL libpq C client library. Affected versions of this package are vulnerable to Denial of Service DoS when the addons attempt to cast the second argument to an array and fail. This happens for every non-array argument passed. Note: pg-native ...

Mageia: Security Advisory (MGASA-2019-0260)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

What is Cloud Native?

You’ve most likely heard the term “cloud native,” but what does it really mean? This article explores the five requirements of a true cloud native application...

Mageia: Security Advisory (MGASA-2014-0065)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2018-0150)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2019-0184)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...