Lucene search
+L

102 matches found

Vulnrichment
Vulnrichment
added 2024/10/21 11:19 p.m.14 views

CVE-2024-8901 Lack of JWT issuer and signer validation

The AWS ALB Route Directive Adapter For Istio repo https://github.com/awslabs/aws-alb-route-directive-adapter-for-istio/tree/master provides an OIDC authentication mechanism that was integrated into the open source Kubeflow project. The adapter uses JWT for authentication, but lacks proper signer...

7.5CVSS7.8AI score0.00358EPSS
Exploits0References2
CVE
CVE
added 2024/10/21 11:19 p.m.132 views

CVE-2024-8901

CVE-2024-8901 concerns the AWS ALB Route Directive Adapter for Istio, which integrated OIDC-like JWT authentication into Kubeflow. The issue arises from missing signer and issuer validation for JWTs, allowing an attacker to spoof OIDC sessions by presenting a JWT signed by an untrusted entity. Th...

7.5CVSS7.7AI score0.00358EPSS
Exploits0References2
OSV
OSV
added 2024/10/16 11:59 p.m.5 views

MAL-2024-9328 Malicious code in alb-um-availa-ble-zip-mp3-file-30506-i-feel-alright-898re-atdkuh (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 301aedb3c629f2045611e487e9d753ff50c0a6fc1da4ee93c01ab32ee0cff0a7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2024/10/16 11:59 p.m.2 views

MAL-2024-9327 Malicious code in alb-um-availa-ble-zip-mp3-file-20395-ive-been-expecting-you-m3mwh-apmisl (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 22fc68d2042156469205e75f4a654f8557c933212d8ff61b7068167cfd7b344f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2024/10/16 11:59 p.m.6 views

MAL-2024-9330 Malicious code in alb-um-availa-ble-zip-mp3-file-46046-radical-connector-m2ydd-nirtvy (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 04c7604df6d26c098c3985382dc30aada82e32d972c2f8222802ff998dc52ecf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2024/10/16 11:59 p.m.3 views

MAL-2024-9329 Malicious code in alb-um-availa-ble-zip-mp3-file-38068-its-all-about-to-change-rnonb-pzjjbh (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4008f42b5bc2b6647cc2d9e297edb68f60da9ce6c5a20e62b44cb70616a8a6d8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2024/10/16 11:59 p.m.4 views

MAL-2024-9331 Malicious code in alb-um-availa-ble-zip-mp3-file-85058-bright-phoebus-dboqy-oraqvx (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7896431589d1851d65f8365d770dff71aa63f823917838fd5734b3ee77fe7f32 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
The Hacker News
The Hacker News
added 2024/08/22 3:3 p.m.26 views

New 'ALBeast' Misconfiguration Exposes Weakness in AWS Application Load Balancer

As many as 15,000 applications using Amazon Web Services' AWS Application Load Balancer ALB for authentication are potentially susceptible to a configuration-based issue that could expose them to sidestep access controls and compromise applications. That's according to findings from Israeli...

7.2AI score
Exploits0
HackRead
HackRead
added 2024/08/21 11:10 a.m.25 views

ALBeast: Misconfiguration Flaw Exposes 15,000 AWS Load Balancers to Risk

ALBeast is a critical vulnerability that allows attackers to bypass authentication and authorization in AWS ALB-based applications. Learn…...

7.5AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/10/31 5:31 p.m.5 views

drogenhilfe-ulm-alb-donau.de Improper Access Control vulnerability OBB-3770335

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.9AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/26 2:34 p.m.84 views

Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes Ingress Controller security vulnerabilities (CVE-2023-44487)

Summary IBM Cloud Kubernetes Service is affected by a Kubernetes Ingress Controller security vulnerability that exploits HTTP/2 protocol by allowing a denial of service because request cancellation can reset many streams quickly CVE-2023-44487. Vulnerability Details CVE-2023-44487 Description: Th...

7.5CVSS6.2AI score0.99999EPSS
Exploits20Affected Software1
OSV
OSV
added 2022/10/21 6:15 a.m.3 views

UBUNTU-CVE-2022-3624

A vulnerability was found in Linux Kernel and classified as problematic. Affected by this issue is the function rlbarpxmit of the file drivers/net/bonding/bondalb.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier ...

3.5CVSS4.8AI score0.00248EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/10/21 12:0 a.m.7 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable to a security flaw that affects the function rlbarpxmit in the component IPsec's file drivers/net/bonding/bondalb.c. This operation leads to a memory leak. leak. No details of...

3.5CVSS6.5AI score0.00248EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/21 3:32 p.m.25 views

Security Bulletin: IBM Cloud Kubernetes Service is affected by a Kubernetes Ingress Controller security vulnerability (CVE-2021-25748)

Summary IBM Cloud Kubernetes Service is affected by a Kubernetes Ingress Controller security vulnerability where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the spec.rules.http.paths.path field of an Ingress object in the...

7.6CVSS6.2AI score0.00694EPSS
Exploits0Affected Software1
Hacker One
Hacker One
added 2021/06/19 5:28 a.m.28 views

Kubernetes: AWS Load Balancer Controller Managed Security Groups can be replaced by an unprivileged attacker

Report Submission Form Summary: When creating an Ingress of class alb, by default, AWS Load Balancer Controller creates a managed SG and attaches it to the created ALB. This SG limits which ports of the ALB are accessible by whom. An attacker is able to craft another SG that can be used to trick...

7.3AI score
Exploits0
CVE
CVE
added 2018/03/19 6:0 p.m.54 views

CVE-2018-1221

In CVE-2018-1221, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers (ALBs) and other HTTP-aware Load Balancers. Affected products are cf-deployment (all versions before 1.14.0) and routing-release (all versions before 0.172.0). The underlying root cause i...

8.1CVSS7.9AI score0.01235EPSS
Exploits0References1Affected Software2
Imperva Blog
Imperva Blog
added 2017/10/09 3:30 p.m.49 views

How to Protect AWS ECS with SecureSphere WAF

Adoption of container technology is growing widely. More and more workloads are being transferred from traditional EC2 compute instances to container-based services. However, the need for securing the web traffic remains the same regardless of the elected platform. In this post, we’ll deep dive...

6.8AI score
Exploits0
Atlassian
Atlassian
added 2017/10/01 11:57 p.m.26 views

HTTP Client in JIRA does not accept RFC6265 compliant date format in "Expires" cookie header

When using AWS Application Load Balancer, the following WARN log messages are shown in the logs, as JIRA does not understand the "Expires" header used for sticky sessions. code:java 2017-09-27 01:44:47,292 HealthCheck:thread-7 WARN o.a.h.client.protocol.ResponseProcessCookies Invalid cookie heade...

0.2AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2013/03/06 12:0 a.m.81 views

Scientific Linux Security Update : kernel on SL5.x i386/x86_64

CVE-2009-2695 kernel: SELinux and mmapminaddr CVE-2009-3228 kernel: tc: uninitialised kernel memory leak CVE-2009-3286 kernel: OEXCL creates on NFSv4 are broken CVE-2009-2908 kernel ecryptfs NULL pointer dereference CVE-2009-3613 kernel: flood ping cause out-of-iommu error and panic when mtu larg...

7.8CVSS6.9AI score0.12461EPSS
Exploits14References17
Prion
Prion
added 2011/11/02 9:55 p.m.14 views

Sql injection

SQL injection vulnerability in viewphoto.php in 2daybiz Network Community Script allows remote attackers to execute arbitrary SQL commands via the alb parameter...

7.5CVSS9.1AI score0.01047EPSS
Exploits1References5
Rows per page
Query Builder