CVE-2023-27488 Envoy gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received.

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, escalation of privileges is possible when failuremodeallow: true is configured for extauthz filter. For affected components that are used for loggin...

CVE-2023-27487 Envoy client may fake the header `x-envoy-original-path`

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the client may bypass JSON Web Token JWT checks and forge fake original paths. The header x-envoy-original-path should be an internal header, but...

The next wave of multicloud security with Microsoft Defender for Cloud, a Cloud-Native Application Protection Platform (CNAPP)

With digital transformation in the face of macroeconomic pressures, strategies to optimize both cloud environments and cloud security are increasingly appealing to enterprises. Organizations worry about vulnerabilities in code getting deployed, critical misconfigurations, overprivileged access to...

The next wave of multicloud security with Microsoft Defender for Cloud, a Cloud-Native Application Protection Platform (CNAPP)

With digital transformation in the face of macroeconomic pressures, strategies to optimize both cloud environments and cloud security are increasingly appealing to enterprises. Organizations worry about vulnerabilities in code getting deployed, critical misconfigurations, overprivileged access to...

Fedora: Security Advisory for pack (FEDORA-2023-0c354a3f9a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for pack (FEDORA-2023-2df9d60e4c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: pack-0.29.0~rc1-1.fc36

pack is a CLI implementation of the Platform Interface Specification for Cloud Native Buildpacks...

[SECURITY] Fedora 37 Update: pack-0.29.0~rc1-1.fc37

pack is a CLI implementation of the Platform Interface Specification for Cloud Native Buildpacks...

Shift left with Wiz Guardrails: New Wiz Admission Controller capabilities enable security policy checks at deployment time

Wiz CLI and Wiz Admission Controller enable developers to leverage a single security policy throughout the software pipeline for cloud-native environments...

Gain flexibility and scale with a cloud-native DLP solution

We’re living in a seismic era for data security. Chief information security officers CISOs have to contend with a digital landscape that seems to shift daily as more organizations move to remote and hybrid work, redrawing the boundaries for how data is used and shared. The cloud has enabled...

Gain flexibility and scale with a cloud-native DLP solution

We’re living in a seismic era for data security. Chief information security officers CISOs have to contend with a digital landscape that seems to shift daily as more organizations move to remote and hybrid work, redrawing the boundaries for how data is used and shared. The cloud has enabled...

[SECURITY] Fedora 38 Update: pack-0.29.0~rc1-1.fc38

pack is a CLI implementation of the Platform Interface Specification for Cloud Native Buildpacks...

Fedora: Security Advisory for pack (FEDORA-2023-5eca6a8326)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Rainbond has a logic flaw vulnerability (CNVD-2023-29097)

Rainbond is a cloud-native application management platform. Rainbond suffers from a logic flaw vulnerability that can be exploited by an attacker to reset arbitrary user passwords...

Rainbond has a logic flaw vulnerability (CNVD-2023-29035)

Rainbond is a cloud-native application management platform. Rainbond suffers from a logic flaw vulnerability that can be exploited by attackers to obtain sensitive information...

Rainbond has a flawed logic vulnerability

Rainbond is a cloud-native application management platform. Rainbond suffers from a logic flaw vulnerability that can be exploited by attackers to obtain sensitive information...

Malwarebytes wins 2023 CRN 'Coolest Endpoint And Managed Security Companies' award

CRN, a trusted source for IT channel news and analysis, has named Malwarebytes one of the "Coolest Endpoint And Managed Security Companies" on the 2023 CRN Security 100 list. The CRN Security 100 highlights channel-friendly cybersecurity vendors across a number of market segments including Endpoi...

File Upload Vulnerability in Rainbond

Rainbond is a cloud-native application management platform. Rainbond suffers from a file upload vulnerability that can be exploited by an attacker to gain server privileges...

MOSN 安全漏洞

MOSN is a cloud-native web proxy written in Go language by MOSN Open Source. A security vulnerability exists in MOSN version v.0.23.0, which stems from a vulnerability that allows an attacker to elevate privileges via case-sensitive JWT authorization...

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.5.9 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...