CVE-2021-43979

CVE-2021-43979 affects Styra Open Policy Agent (OPA) Gatekeeper up to version 3.7.0. The issue stems from mishandled concurrency during data replication, where OPA/Gatekeeper does not wait for replication to finish before processing requests. This can cause inconsistencies between replicated reso...

CVE-2021-43979

Styra Open Policy Agent OPA Gatekeeper through 3.7.0 mishandles concurrency, sometimes resulting in incorrect access control. The data replication mechanism allows policies to access the Kubernetes cluster state. During data replication, OPA/Gatekeeper does not wait for the replication to finish...

PT-2021-23990 · Styra · Styra Open Policy Agent (Opa) Gatekeeper

Name of the Vulnerable Software and Affected Versions: Styra Open Policy Agent OPA Gatekeeper versions 3.7.0 and earlier Description: The issue arises from the mishandling of concurrency, which can result in incorrect access control. This occurs because the data replication mechanism, allowing...

PT-2021-6984 · Oracle +8 · Mysql Server +7

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.7.37 and prior MySQL Server versions 8.0.28 and prior Description: The issue is related to insufficient input validation in the Server: Group Replication Plugin component of MySQL Server. This allows an attacker with...

PT-2021-6437 · Oracle +8 · Mysql Server +7

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.7.36 and prior MySQL Server versions 8.0.27 and prior Description: The issue is related to errors in resource release in the MySQL Server product, specifically in the Server: Replication component. It allows a...

PT-2021-6398 · Oracle +8 · Mysql Server +7

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.27 and prior Description: The issue is related to errors in resource release in the Server: Group Replication Plugin component of the MySQL Server system. It allows a high-privileged attacker with network access via...

PT-2021-6405 · Oracle +8 · Mysql Server +7

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.27 and prior Description: The issue is related to the Server: Group Replication Plugin component of MySQL Server and is caused by errors in resource release. It allows a high-privileged attacker with network access v...

CVE-2021-37842

metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger...

Couchbase Server 安全漏洞

Couchbase Server is a distributed, open source NoSQL non-relational database from Couchbase, Inc. that supports data querying, full-text searching, and active global replication. Couchbase Server has a security vulnerability that originates from improper design or implementation during code...

Replication job fails with "Cannot replicate disk because its capacity was reduced"

Challenge After a VM's disks have been resized to be smaller, the Replication job within Veeam Backup & Replication fails with the following error: Processing Error: Cannot replicate disk Datastore vmfolder/vmname.vmdk because its capacity was reduced Copy Cause This error occurs when Veeam Backu...

Fedora: Security Advisory for redis (FEDORA-2021-aa94492a09)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: redis-6.2.6-1.fc35

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

How we took part in MLSEC and (almost) won

This summer Kaspersky experts took part in the Machine Learning Security Evasion Competition MLSEC — a series of trials testing contestants ability to create and attack machine learning models. The event is comprised of two main challenges — one for attackers, and the other for defenders. The...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

...

CVE-2021-41308

Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the ReplicationSettings!default.jspa endpoint. The affected versions are before version 8.6.0,...

Improper access control

Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the ReplicationSettings!default.jspa endpoint. The affected versions are before version 8.6.0,...

CVE-2021-41308

Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the ReplicationSettings!default.jspa endpoint. The affected versions are before version 8.6.0,...

CVE-2021-41308

CVE-2021-41308 affects Atlassian Jira Server/Data Center where authenticated non-administrators can edit File Replication settings via Broken Access Control on ReplicationSettings!default.jspa. Affected: Jira versions before 8.6.0; 8.7.0 before 8.13.12; 8.14.0 before 8.20.1. Connected documents c...

CVE-2021-41308

Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the ReplicationSettings!default.jspa endpoint. The affected versions are before version 8.6.0,...

Atlassian Jira 安全漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A security vulnerability exists in Atlassian Jira that originates in the Atlassian Jira server and data center that allows remot...