102 matches found
CVE-2024-8901 Lack of JWT issuer and signer validation
The AWS ALB Route Directive Adapter For Istio repo https://github.com/awslabs/aws-alb-route-directive-adapter-for-istio/tree/master provides an OIDC authentication mechanism that was integrated into the open source Kubeflow project. The adapter uses JWT for authentication, but lacks proper signer...
CVE-2024-8901
CVE-2024-8901 concerns the AWS ALB Route Directive Adapter for Istio, which integrated OIDC-like JWT authentication into Kubeflow. The issue arises from missing signer and issuer validation for JWTs, allowing an attacker to spoof OIDC sessions by presenting a JWT signed by an untrusted entity. Th...
MAL-2024-9328 Malicious code in alb-um-availa-ble-zip-mp3-file-30506-i-feel-alright-898re-atdkuh (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 301aedb3c629f2045611e487e9d753ff50c0a6fc1da4ee93c01ab32ee0cff0a7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-9327 Malicious code in alb-um-availa-ble-zip-mp3-file-20395-ive-been-expecting-you-m3mwh-apmisl (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 22fc68d2042156469205e75f4a654f8557c933212d8ff61b7068167cfd7b344f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-9330 Malicious code in alb-um-availa-ble-zip-mp3-file-46046-radical-connector-m2ydd-nirtvy (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 04c7604df6d26c098c3985382dc30aada82e32d972c2f8222802ff998dc52ecf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-9329 Malicious code in alb-um-availa-ble-zip-mp3-file-38068-its-all-about-to-change-rnonb-pzjjbh (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4008f42b5bc2b6647cc2d9e297edb68f60da9ce6c5a20e62b44cb70616a8a6d8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-9331 Malicious code in alb-um-availa-ble-zip-mp3-file-85058-bright-phoebus-dboqy-oraqvx (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7896431589d1851d65f8365d770dff71aa63f823917838fd5734b3ee77fe7f32 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
New 'ALBeast' Misconfiguration Exposes Weakness in AWS Application Load Balancer
As many as 15,000 applications using Amazon Web Services' AWS Application Load Balancer ALB for authentication are potentially susceptible to a configuration-based issue that could expose them to sidestep access controls and compromise applications. That's according to findings from Israeli...
ALBeast: Misconfiguration Flaw Exposes 15,000 AWS Load Balancers to Risk
ALBeast is a critical vulnerability that allows attackers to bypass authentication and authorization in AWS ALB-based applications. Learn…...
drogenhilfe-ulm-alb-donau.de Improper Access Control vulnerability OBB-3770335
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes Ingress Controller security vulnerabilities (CVE-2023-44487)
Summary IBM Cloud Kubernetes Service is affected by a Kubernetes Ingress Controller security vulnerability that exploits HTTP/2 protocol by allowing a denial of service because request cancellation can reset many streams quickly CVE-2023-44487. Vulnerability Details CVE-2023-44487 Description: Th...
UBUNTU-CVE-2022-3624
A vulnerability was found in Linux Kernel and classified as problematic. Affected by this issue is the function rlbarpxmit of the file drivers/net/bonding/bondalb.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier ...
Linux kernel 安全漏洞
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable to a security flaw that affects the function rlbarpxmit in the component IPsec's file drivers/net/bonding/bondalb.c. This operation leads to a memory leak. leak. No details of...
Security Bulletin: IBM Cloud Kubernetes Service is affected by a Kubernetes Ingress Controller security vulnerability (CVE-2021-25748)
Summary IBM Cloud Kubernetes Service is affected by a Kubernetes Ingress Controller security vulnerability where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the spec.rules.http.paths.path field of an Ingress object in the...
Kubernetes: AWS Load Balancer Controller Managed Security Groups can be replaced by an unprivileged attacker
Report Submission Form Summary: When creating an Ingress of class alb, by default, AWS Load Balancer Controller creates a managed SG and attaches it to the created ALB. This SG limits which ports of the ALB are accessible by whom. An attacker is able to craft another SG that can be used to trick...
CVE-2018-1221
In CVE-2018-1221, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers (ALBs) and other HTTP-aware Load Balancers. Affected products are cf-deployment (all versions before 1.14.0) and routing-release (all versions before 0.172.0). The underlying root cause i...
How to Protect AWS ECS with SecureSphere WAF
Adoption of container technology is growing widely. More and more workloads are being transferred from traditional EC2 compute instances to container-based services. However, the need for securing the web traffic remains the same regardless of the elected platform. In this post, we’ll deep dive...
HTTP Client in JIRA does not accept RFC6265 compliant date format in "Expires" cookie header
When using AWS Application Load Balancer, the following WARN log messages are shown in the logs, as JIRA does not understand the "Expires" header used for sticky sessions. code:java 2017-09-27 01:44:47,292 HealthCheck:thread-7 WARN o.a.h.client.protocol.ResponseProcessCookies Invalid cookie heade...
Scientific Linux Security Update : kernel on SL5.x i386/x86_64
CVE-2009-2695 kernel: SELinux and mmapminaddr CVE-2009-3228 kernel: tc: uninitialised kernel memory leak CVE-2009-3286 kernel: OEXCL creates on NFSv4 are broken CVE-2009-2908 kernel ecryptfs NULL pointer dereference CVE-2009-3613 kernel: flood ping cause out-of-iommu error and panic when mtu larg...
Sql injection
SQL injection vulnerability in viewphoto.php in 2daybiz Network Community Script allows remote attackers to execute arbitrary SQL commands via the alb parameter...