5834 matches found
CVE-2019-19029
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform...
Cross site request forgery (csrf)
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container Registry for the Pivotal Platform...
Sql injection
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform...
CVE-2019-19023
The CVE-2019-19023 entry affects Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3, describing a Privilege Escalation vulnerability in the VMware Harbor Container Registry for the Pivotal Platform. The connected records confirm affected versions and root cause as a privilege escal...
CVE-2019-19029
CVE-2019-19029 affects Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3, enabling SQL Injection via the user-groups feature in the VMware Harbor Container Registry for the Pivotal Platform. The issue is documented with CVSS 3.1/2.0 vectors (high impact on confidentiality, integri...
CVE-2019-19026
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform...
CVE-2019-19025
CVE-2019-19025 affects Cloud Native Computing Foundation Harbor prior to versions 1.8.6 and 1.9.3, where the Harbor web interface is vulnerable to Cross-site Request Forgery (CSRF) in the VMware Harbor Container Registry for the Pivotal Platform. The root cause is CSRF protection gaps in the Harb...
PT-2020-10035 · Cloud Native Computing Foundation +1 · Harbor +1
Name of the Vulnerable Software and Affected Versions: Cloud Native Computing Foundation Harbor versions prior to 1.8.6 and 1.9.3 Description: The issue is related to a Privilege Escalation Vulnerability in the VMware Harbor Container Registry for the Pivotal Platform. This vulnerability affects...
Important: Red Hat Security Advisory: Red Hat JBoss Web Server 3.1 Service Pack 8 security update
An update is now available for Red Hat JBoss Web Server 3.1. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
(RHSA-2020:0824) Moderate: Open Liberty 20.0.0.3 Runtime security update
Open Liberty is a lightweight open framework for building fast and efficient cloud-native Java microservices. This release of Open Liberty 20.0.0.3 serves as a replacement for Open Liberty 20.0.0.2 and includes security fixes, bug fixes, and enhancements. For specific information about this...
Enabling Business Continuity in an Uncertain Global Environment
Today's uncertain global environment has made it an imperative for companies to enable remote access to business-critical applications. In particular, the fluidity and uncertainty of the current global crisis triggered by COVID-19 have accelerated the movement to have employees work remotely...
@gsandf/react-native-oauth (>=2.1.16 <=2.2.2), react-native-oauth (>=1.1.0 <=2.2.0) +5 more potentially affected by CVE-2019-10805 via valib (=2.0.0)
valib NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on valib and may be impacted: - @gsandf/react-native-oauth =2.1.16, =1.1.0, =2.1.16, =2.1.15, =0.1.0, =0.4.6 Source cves: CVE-2019-10805 Source advisory: SNYK:JS-VALIB-559015...
Guardicore at RSA: AI-Powered Segmentation, Cloud Native Security
This week we’re announcing two new capabilities in our Centra Security Platform that further deliver on that mission: Support for cloud-native resources and AI-powered segmentation...
Denial Of Service (DoS) Through Memory Leak
react-native-camera-kit is vulnerable to denial of service DoS attacks. The vulnerability exists due to the unreleased imageRef in the function snapStillImage in file CKCamera.m, allowing an attacker to trigger a memory exhaustion attack resulting in a system hang...
Citrix Gateway Native OTP not working with Citrix IOS Workspace Client
1. Native OTP configuration done as per https://docs.citrix.com/en-us/netscaler-gateway/12/native-otp-support.html 2. Android / Windows Workspace Clients and Browser work able to authenticate, enumerate and launch APPs 3. IOS Workspace Client is unable to authenticate, if user enters the...
(RHSA-2020:0192) Moderate: Open Liberty 20.0.0.1 Runtime security update
Open Liberty is a lightweight open framework for building fast and efficient cloud-native Java microservices. This release of Open Liberty 20.0.0.1 serves as a replacement for Open Liberty 19.0.0.12 and includes bug fixes, enhancements, and security fixes. For specific information about this...
Public Bug Bounty Takes Aim at Kubernetes Container Project
A public bug-bounty program for the Kubernetes container technology framework has just launched, backed by Google, HackerOne and the Cloud Native Computing Foundation CNCF. The Kubernetes container-orchestration system was originally built by Google for automating application deployment, scaling...
CVE-2018-12547
In Eclipse OpenJ9, prior to the 0.12.0 release, the jiosnprintf and jiovsnprintf native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code...
MTN Group: Java Debug Console Provides Command Injection Without Privellage Esclation
Summary: I intially found the debug console as a tool to insert arbitrary html/xss bugs, however after further probing the debug console it has some serious security flaws to allow arbitrary java code to be executed. My intial report of a seperate bug using this console,...
CVE-2019-16535
In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol...