Apache Pulsar Trust Management Issue Vulnerability (CNVD-2022-83591)

Apache Pulsar is an Apache Foundation distributed messaging platform for cloud environments that integrates messaging, storage, and lightweight functional computing. The software supports multi-tenancy, persistent storage, multi-room cross-regional data replication, with strong consistency, high...

Apache Pulsar Trust Management Issues Vulnerability

Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenancy, persistent storage, multi-machine room cross-region data replication...

Apache Pulsar Trust Management Issue Vulnerability

Apache Pulsar is an Apache Foundation distributed messaging platform for cloud environments that integrates messaging, storage, and lightweight functional computing. The software supports multi-tenancy, persistent storage, multi-room cross-regional data replication, and highly scalable streaming...

Security Bulletin: Directory listing vulnerability in IBM InfoSphere Data Replication Dashboard (CVE-2012-4861)

Abstract InfoSphere Data Replication Dashboard includes a web server that can be used to list specific directories under the dashboard web application. Content VULNERABILITY DETAILS: CVE ID: CVE-2012-4861 DESCRIPTION: It is possible to retrieve a directory listing by sending a request for specifi...

Security Bulletin: Denial of service in IBM InfoSphere Data Replication Dashboard (CVE-2011-4461)

Abstract InfoSphere Data Replication Dashboard includes Jetty which has a known security vulnerability that can lead to a denial of service. Content VULNERABILITY DETAILS: CVE ID: CVE-2011-4461 DESCRIPTION: An attacker, using specially crafted HTTP requests, can cause up to 100% CPU usage,...

MAL-2022-957 Malicious code in amazon-s3-data-replication-hub-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e4ca6ae6edf3790eb5efb9ad36e153e033bf826c074090d9d9cb473b1c56b5d0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in amazon-ecr-data-replication-hub-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a32deab8300fe35db0ea930f79cccefb774d8da37e8bb3cd231a3658cd492189 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Improper Control of Generation of Code in Apache Kafka

In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss...

Cross-Regional Disaster Recovery with Elasticsearch

Unsurprisingly, here at Rewind, we've got a lot of data to protect over 2 petabytes worth. One of the databases we use is called Elasticsearch ES or Opensearch, as it is currently known in AWS. To put it simply, ES is a document database that facilitates lightning-fast search results. Speed is...

Apache Pulsar Input Validation Error Vulnerability

Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenant, persistent storage, multi-machine room cross-region data replication,...

MongoDB Server Denial of Service Vulnerability (CNVD-2021-101988)

Mongodb Server is an open source NoSQL database from Mongodb, Inc. The database provides collection-oriented storage, dynamic query, data replication and automatic failover, etc. A denial-of-service vulnerability exists in MongoDB Server, which can be exploited by an attacker with basic CRUD...

Design/Logic Flaw

DISPUTED Styra Open Policy Agent OPA Gatekeeper through 3.7.0 mishandles concurrency, sometimes resulting in incorrect access control. The data replication mechanism allows policies to access the Kubernetes cluster state. During data replication, OPA/Gatekeeper does not wait for the replication t...

CVE-2021-43979

Styra Open Policy Agent OPA Gatekeeper through 3.7.0 mishandles concurrency, sometimes resulting in incorrect access control. The data replication mechanism allows policies to access the Kubernetes cluster state. During data replication, OPA/Gatekeeper does not wait for the replication to finish...

CVE-2021-43979

CVE-2021-43979 affects Styra Open Policy Agent (OPA) Gatekeeper up to version 3.7.0. The issue stems from mishandled concurrency during data replication, where OPA/Gatekeeper does not wait for replication to finish before processing requests. This can cause inconsistencies between replicated reso...

PT-2021-23990 · Styra · Styra Open Policy Agent (Opa) Gatekeeper

Name of the Vulnerable Software and Affected Versions: Styra Open Policy Agent OPA Gatekeeper versions 3.7.0 and earlier Description: The issue arises from the mishandling of concurrency, which can result in incorrect access control. This occurs because the data replication mechanism, allowing...

Security Bulletin: IBM Data Replication Java SDK Update

Summary This bulletin covers common Java SDK vulnerability findings in the IBM Java SDK packaged with this offering. Vulnerability Details CVEID: CVE-2020-14781 DESCRIPTION: An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to obtain...

Security Bulletin: IBM Data Replication Java SDK Update

Summary This bulletin covers common Java SDK vulnerability findings in the IBM Java SDK packaged with this offering. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause...

Security Bulletin: IBM Data Replication Java SDK Update

Summary This bulletin covers common Java SDK vulnerability findings in the IBM Java SDK packaged with this offering. Vulnerability Details CVEID: CVE-2020-14579 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause...

Security Bulletin: IBM Data Replication Java SDK Update

Summary This bulletin covers common Java SDK vulnerability findings in the IBM Java SDK packaged with this offering. Vulnerability Details CVEID: CVE-2020-27221 DESCRIPTION: Eclipse OpenJ9 is vulnerable to a stack-based buffer overflow when the virtual machine or JNI natives are converting from...

CVE-2020-4821

IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834...