Lucene search
K

35 matches found

OSV
OSV
added 2023/02/02 8:5 p.m.7 views

MAL-2023-185 Malicious code in cloud-functions-apply-gce-sizing-recommendations (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dff71f573ab0c75770c1eb1201e5e39139353eacb5afd6db5270d684e0bee416 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Akamai Blog
Akamai Blog
added 2022/03/31 7:30 p.m.376 views

Spring Cloud Function SpEL Injection (CVE-2022-22963) Exploited in the Wild

Although Spring Cloud Functions are not as widespread as the Log4j library, and should provide a good separation from the hosting server, some draw the line between the two, due to the ease of exploitation over HTTP/s. This new vulnerability will definitely result in many threat actors launching...

9.8CVSS2.3AI score0.99939EPSS
Exploits36
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/17 10:37 a.m.11 views

Security Bulletin: IBM Cloud Functions web actions API endpoint change

Summary In order to improve the stability of the service and to prevent potential weaknesses in the services' web actions functionality we introduced a new IBM Cloud Functions API endpoint .functions.appdomain.cloud for web actions which use text/html response data. The previously used API endpoi...

1.5AI score
Exploits0Affected Software1
Veracode
Veracode
added 2020/06/08 6:3 a.m.14 views

Information Disclosure

apollo-server-cloud-functions is vulnerable to information disclosure. The vulnerability exists as ApolloServer incorrectly drops the values of this.requestOptions.validationRules when creating a SubscriptionServer...

1.1AI score
Exploits0
Node.js
Node.js
added 2020/06/05 7:50 p.m.18 views

Information Exposure

Overview Versions of apollo-server-cloud-functions prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, thei...

6.7AI score
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2020/06/05 7:38 p.m.7 views

@hello10/jump-server (>=1.0.0 <=1.1.3) potentially affected by unknown CVE via apollo-server-cloud-functions (=2.13.0)

apollo-server-cloud-functions NPM version =2.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on apollo-server-cloud-functions and may be impacted: - @hello10/jump-server =1.0.0, =1.1.3 Source cves: unknown CVE Source advisory: OSV:GHSA-W42G-7VFC-XF37...

5.8AI score
Exploits0
OSV
OSV
added 2020/04/17 5:15 a.m.3 views

CVE-2020-11872

The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication attacks by making billions of TempID requests before an AES-256-GCM key rotation occurs...

7.5CVSS5.8AI score0.00663EPSS
Exploits0References1
NVD
NVD
added 2020/04/17 5:15 a.m.24 views

CVE-2020-11872

The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication attacks by making billions of TempID requests before an AES-256-GCM key rotation occurs...

7.5CVSS7.5AI score0.00663EPSS
Exploits0References1
Prion
Prion
added 2020/04/17 5:15 a.m.8 views

Session fixation

The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication attacks by making billions of TempID requests before an AES-256-GCM key rotation occurs...

5CVSS7.5AI score0.00663EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/04/17 4:24 a.m.23 views

CVE-2020-11872

The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication attacks by making billions of TempID requests before an AES-256-GCM key rotation occurs...

7.6AI score0.00663EPSS
Exploits0References1
CVE
CVE
added 2020/04/17 4:24 a.m.91 views

CVE-2020-11872

The CVE-2020-11872 entry concerns the Cloud Functions subsystem in OpenTrace 1.0. The vulnerability arises from fabrications possible by issuing billions of TempID requests before an AES-256-GCM key rotation, as described in the provided documents. The connected records consistently reference the...

7.5CVSS7.5AI score0.00663EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/02/18 8:15 p.m.36 views

Security Bulletin: IBM Cloud Functions is affected by a privilege escalation vulnerability in runc

Summary IBM Cloud Functions is affected by a security vulnerability in runc which could allow an attacker, authorized to run a process as root inside a container, to execute arbitrary commands with root privileges on the container’s host system. Vulnerability Details CVEID: CVE-2019-5736...

9.3CVSS3.4AI score0.9857EPSS
Exploits33Affected Software1
n0where
n0where
added 2018/09/05 4:19 p.m.23 views

CLI for Ephemeral Penetration Testing: hideNsneak

This application assists in managing attack infrastructure for penetration testers by providing an interface to rapidly deploy, manage, and take down various cloud services. These include VMs, domain fronting, Cobalt Strike servers, API gateways, and firewalls. hideNsneak provides a simple...

1.2AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2018/07/29 5:54 a.m.24 views

Security Bulletin: IBM Cloud Functions is affected by two function runtimevulnerabilities

Summary IBM Cloud Functions has addressed the following vulnerabilities. Users of the IBM Cloud Functions service that are using docker actions https://console.bluemix.net/docs/openwhisk/openwhiskactions.htmlcreating-docker-actions are affected but only if the user's function has a general securi...

9.8CVSS0.8AI score0.08199EPSS
Exploits0Affected Software1
HackRead
HackRead
added 2018/07/24 12:52 p.m.41 views

IBM fixes flaw that let hackers replace its serverless code with their own

By Waqas This is the first publicly-disclosed vulnerability in a serverless platform. Experts at IBM The International Business Machines Corporation have patched a critical vulnerability in its Cloud Functions which if exploited could allow remote malicious hackers to replace company's serverless...

3AI score
Exploits0
Rows per page
Query Builder