Fedora: Security Advisory for slurm (FEDORA-2022-916bb58e38)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for slurm (FEDORA-2022-eeeff46680)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Apache Tomcat Denial of Service Vulnerability (CNVD-2022-49970)

Apache Tomcat is a lightweight Web application server from the Apache Foundation in the United States. The program implements support for Servlet and JavaServer Page JSP. Apache Tomcat suffers from a denial-of-service vulnerability that stems from a flaw in the configuration of Tomcat open...

Kubeclarity - Tool For Detection And Management Of Software Bill Of Materials (SBOM) And Vulnerabilities Of Container Images And Filesystems

KubeClarity is a tool for detection and management of Software Bill Of Materials SBOM and vulnerabilities of container images and filesystems. It scans both runtime K8s clusters and CI/CD pipelines for enhanced software supply chain security. SBOM & vulnerability detection challenges Effective...

Fedora: Security Advisory for golang-github-oklog (FEDORA-2022-08ae2dd481)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-github-oklog-0.3.2-9.20190701gitca7cdf5.fc36

OK Log is a distributed and coordination-free log management system for big o l' clusters. It's an on-prem solution that's designed to be a sort of building block: easy to understand, easy to operate, and easy to extend...

[SECURITY] Fedora 34 Update: golang-github-oklog-0.3.2-9.20190701gitca7cdf5.fc34

OK Log is a distributed and coordination-free log management system for big o l' clusters. It's an on-prem solution that's designed to be a sort of building block: easy to understand, easy to operate, and easy to extend...

CVE-2022-29530

An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters...

CVE-2022-29530

An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters...

CVE-2022-29530

An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters...

Cross site scripting

An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters...

CVE-2022-29530

CVE-2022-29530 – MISP stored XSS in galaxy clusters affects MISP versions prior to 2.4.158. The vulnerability arises from a lack of data validation/filtering of user-supplied data and its output in galaxy clusters, allowing an attacker to execute JavaScript in a victim’s browser (stored XSS). Pub...

MISP 跨站脚本漏洞

MISP is an open source software solution. The product is used to collect, store, distribute, and share network security metrics and has features such as threat network security event analysis and malware analysis. cross-site scripting vulnerability exists in versions prior to MISP 2.4.158, which...

CVE-2022-29530

An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters...

PT-2022-19680 · Misp · Misp

Name of the Vulnerable Software and Affected Versions: MISP versions prior to 2.4.158 Description: The issue is related to stored XSS in the galaxy clusters. Recommendations: For versions prior to 2.4.158, update to version 2.4.158 or later to resolve the issue...

Design/Logic Flaw

It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint port 22623 provides ignition configuration used for bootstrapping Nodes and can include some sensitive data,...

Updated: Kubernetes Hardening Guide

The National Security Agency NSA and CISA have updated their joint Cybersecurity Technical Report CTR: Kubernetes Hardening Guide, originally released in August 2021, based on valuable feedback and inputs from the cybersecurity community. Kubernetes is an open-source system that automates...

CVE-2022-25244

Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with read permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10...

Denial Of Service (DoS)

github.com/hashicorp/consul is vulnerable to denial of service DoS attacks. A remote attacker with service:write permission is able to register a specifically-crafted service on clusters with at least one ingress gateway configured, resulting in denial of service conditions in the server...

CVE-2022-24687

HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 clusters with at least one Ingress Gateway allow a user with service:write to register a specifically-defined service that can cause Consul servers to panic. Fixed in 1.9.15, 1.10.8, and 1.11.3...