2591 matches found
CVE-2023-36812 Remote Code Execution in OpenTSDB
OpenTSDB is a open source, distributed, scalable Time Series Database TSDB. OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit...
New Condi Malware Hijacking TP-Link Wi-Fi Routers for DDoS Botnet Attacks
A new malware called Condi has been observed exploiting a security vulnerability in TP-Link Archer AX21 AX1800 Wi-Fi routers to rope the devices into a distributed denial-of-service DDoS botnet. Fortinet FortiGuard Labs said the campaign has ramped up since the end of May 2023. Condi is the work ...
From Cryptojacking to DDoS Attacks: Diicot Expands Tactics with Cayosin Botnet
Cybersecurity researchers have discovered previously undocumented payloads associated with a Romanian threat actor named Diicot , revealing its potential for launching distributed denial-of-service DDoS attacks. "The Diicot name is significant, as it's also the name of the Romanian organized crim...
Schneider Electric EcoStruxure Foxboro DCS 缓冲区错误漏洞
The Schneider Electric EcoStruxure Foxboro DCS is an innovative fault-tolerant, highly available control component from Schneider Electric, France. A buffer overflow vulnerability exists in Schneider Electric EcoStruxure Foxboro DCS Control Core Services, which originates from a boundary error wh...
The vulnerability of the DCE/RPC process callaway system for operating systems like MacOS allows a perpetrator to execute arbitrary code.
The vulnerability of the DCE/RPC process callouts system for MacOS operating systems relates to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of Rockwell Automation’s distributed controller software ArmorStart ST, related to deficiencies in input data validation by users, allows attackers to execute cross-site scripting (XSS) attacks.
The vulnerability of the microprogramming software for Rockwell Automation’s ArmorStart ST distributed controllers is related to deficiencies in the validation of user-input data. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting XSS attacks remotely...
Important: Red Hat Security Advisory: git security update
An update for git is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
Important: Red Hat Security Advisory: git security update
An update for git is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
Important: Red Hat Security Advisory: git security update
An update for git is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
Important: Red Hat Security Advisory: git security update
An update for git is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...
kernel: fs: dlm: fix invalid derefence of sb_lvbptr
In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix invalid derefence of sblvbptr I experience issues when putting a lkbsb on the stack and have sblvbptr field to a dangled pointer while not using DLMLKFVALBLK. It will crash with the following kernel message, the...
[SECURITY] Fedora 36 Update: git-2.40.1-1.fc36
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages,...
CVE-2023-32082
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...
Code injection
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...
UBUNTU-CVE-2023-32082
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...
CVE-2023-32082
CVE-2023-32082 affects etcd. The LeaseTimeToLive API (with Keys=true) could expose key names to users who lack read permission, impacting RBAC-enabled clusters. This vulnerability is fixed in etcd versions 3.4.26 and 3.5.9; upgrade to a fixed release (or newer) to remediate. No workarounds are do...
CVE-2023-32082 etcd key name can be accessed via LeaseTimeToLive API
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...
Today’s Evolving Cloud Strategies Are Embracing Distributed Computing
...
Moderate: Red Hat Security Advisory: Red Hat OpenShift Distributed Tracing 2.8.0 security update
Updated Red Hat OpenShift Distributed Tracing 2.8 container images are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
kernel: drbd: only clone bio if we have a backing device
A NULL pointer dereference was found in the Linux kernel Distributed Replicated Block Device driver's I/O request handling. A local user with privileges to perform I/O operations on a DRBD block device can trigger I/O requests when the DRBD device is configured in diskless mode no local backing...