Moderate: Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.4 release

A new version of Red Hat OpenShift distributed tracing platform Tempo has been released Red Hat OpenShift distributed tracing platform based on Tempo. Tempo is an open-source, easy-to-use, and highly scalable distributed tracing backend. It provides observability for microservices architectures b...

What is Nudge Security and How Does it Work?

Regain control of SaaS sprawl with Day One discovery of all SaaS and GenAI accounts along with workflows to help you mitigate security risks, curb rogue app usage, and manage SaaS spend. In today's highly distributed workplace, every employee has the ability to act as their own CIO, adopting new...

Important: Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Jaeger) 3.4 release

A new version of Red Hat OpenShift distributed tracing platform Jaeger has been released Red Hat OpenShift distributed tracing platform based on Jaeger. Jaeger is a project inspired by Dapper and OpenZipkin. It is a distributed tracing system released as open source by Uber Technologies. It is us...

GHSA-F95P-4CV5-8W8X linkme fails to ensure slice elements match the slice's declared type

Affected versions allow populating a DistributedSlice of T with elements of an arbitrary other type that coerces to T. For example, elements of type &&str could end up in a slice of type &str, since &&str coerces to &str via a deref coercion. The flaw was corrected by implementing typechecking fo...

ROS-20241203-10

Vulnerability in the IPAuthenticationProvider component of a centralized service for maintaining configuration information and providing distributed synchronization and group services. configuration, naming, providing distributed synchronization and provisioning of group services Apache ZooKeeper...

Important: Red Hat Security Advisory: Red Hat Data Grid 8.5.2 security update

An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

This Week in Spring - November 19th, 2024

Hi, Spring fans! How are you? Can you believe we're already staring at the end of the month? It's that time of the year when we see new releases, and the new releases reflect that frenzy! Soon: Spring Boot 3.4.0! Are you updated? Make sure you're updated! Remember: Spring projects leave open sour...

More Power at the Edge: Introducing Distributed Compute Regions

For edge-native applications, performance is closely tied to the location of cloud services...

Taming API Sprawl: Best Practices for API Discovery and Management

APIs are the backbone of interconnected applications, enabling organizations to innovate, integrate, and scale rapidly. However, as enterprises continue to expand their digital ecosystems, they often encounter a common and complex challenge: API sprawl. Unchecked, API sprawl can lead to increased...

The vulnerability of the IPAuthenticationProvider component of the centralized service for managing configuration information, naming, distributed synchronization, and providing group services via Apache ZooKeeper allows a attacker to bypass the authentication process.

The vulnerability of the IPAuthenticationProvider component of the centralized service for managing configuration information, naming, distributed synchronization, and providing group services via Apache ZooKeeper is related to the ability to bypass authentication through phising techniques...

Out-of-bounds Write

Overview lightgbm is a gradient boosting framework that uses tree based learning algorithms. Affected versions of this package are vulnerable to Out-of-bounds Write in linkerssocket.cpp, used during initialization of distributed training. An attacker can exploit a race condition to connect to a...

net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events

...

CVE-2024-48950

An issue was discovered in Logpoint before 7.5.0. An endpoint used by Distributed Logpoint Setup was exposed, allowing unauthenticated attackers to bypass CSRF protections and authentication...

PT-2024-33292 · Logpoint · Logpoint

Name of the Vulnerable Software and Affected Versions: Logpoint versions prior to 7.5.0 Description: An issue was discovered in Logpoint where an endpoint used by Distributed Logpoint Setup was exposed. This exposure allows unauthenticated attackers to bypass CSRF protections and authentication...

RHEL 8 / 9 : Red Hat Service Interconnect 1.4.5 Release (RHSA-2024:4125)

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4125 advisory. As a Kubernetes user, I cannot connect easily connect services from one cluster with services on another cluster. Red Hat Application...

Logpoint 安全漏洞

Logpoint is a network security application from the Danish company Logpoint. A security vulnerability exists in Logpoint versions prior to 7.5.0 that stems from an exposed endpoint used by a distributed Logpoint setup, allowing an unauthenticated attacker to bypass CSRF protection and...

German Police Disrupt DDoS-for-Hire Platform dstat[.]cc; Suspects Arrested

German law enforcement authorities have announced the disruption of a criminal service called dstat.cc that made it possible for other threat actors to easily mount distributed denial-of-service DDoS attacks. "The platform made such DDoS attacks accessible to a wide range of users, even those...

Disconf 安全漏洞

Disconf is a distributed configuration management platform by the individual developer Qiqi Liao. A security vulnerability exists in Disconf version 2.6.36, which stems from improper authentication...

[SECURITY] Fedora 41 Update: python-rpyc-6.0.1-1.fc41

RPyC, or Remote Python Call, is a transparent and symmetrical python library for remote procedure calls, clustering and distributed-computing. RPyC makes use of object-proxies, a technique that employs python's dynamic nature, to overcome the physical boundaries between processes and computers, s...

DEBIAN-CVE-2024-49998

In the Linux kernel, the following vulnerability has been resolved: net: dsa: improve shutdown sequence Alexander Sverdlin presents 2 problems during shutdown with the lan9303 driver. One is specific to lan9303 and the other just happens to reproduce there. The first problem is that lan9303 is...