2603 matches found
Important: Red Hat Security Advisory: git security update
An update for git is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...
kernel: fs: dlm: fix invalid derefence of sb_lvbptr
In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix invalid derefence of sblvbptr I experience issues when putting a lkbsb on the stack and have sblvbptr field to a dangled pointer while not using DLMLKFVALBLK. It will crash with the following kernel message, the...
[SECURITY] Fedora 36 Update: git-2.40.1-1.fc36
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages,...
Code injection
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...
CVE-2023-32082
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...
UBUNTU-CVE-2023-32082
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...
CVE-2023-32082
CVE-2023-32082 affects etcd. The LeaseTimeToLive API (with Keys=true) could expose key names to users who lack read permission, impacting RBAC-enabled clusters. This vulnerability is fixed in etcd versions 3.4.26 and 3.5.9; upgrade to a fixed release (or newer) to remediate. No workarounds are do...
CVE-2023-32082 etcd key name can be accessed via LeaseTimeToLive API
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...
Today’s Evolving Cloud Strategies Are Embracing Distributed Computing
...
Moderate: Red Hat Security Advisory: Red Hat OpenShift Distributed Tracing 2.8.0 security update
Updated Red Hat OpenShift Distributed Tracing 2.8 container images are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
kernel: drbd: only clone bio if we have a backing device
A NULL pointer dereference was found in the Linux kernel Distributed Replicated Block Device driver's I/O request handling. A local user with privileges to perform I/O operations on a DRBD block device can trigger I/O requests when the DRBD device is configured in diskless mode no local backing...
kernel: fs: dlm: fix invalid derefence of sb_lvbptr
In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix invalid derefence of sblvbptr I experience issues when putting a lkbsb on the stack and have sblvbptr field to a dangled pointer while not using DLMLKFVALBLK. It will crash with the following kernel message, the...
Moderate: Red Hat Security Advisory: git security and bug fix update
An update for git is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
Description of the security update for SharePoint Server 2019: May 9, 2023 (KB5002389)
Description of the security update for SharePoint Server 2019: May 9, 2023 KB5002389 Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability, Microsoft SharePoint Server information disclosure vulnerability, and Microsoft SharePoint Server remote code execution...
Description of the security update for SharePoint Server Subscription Edition: May 9, 2023 (KB5002390)
Description of the security update for SharePoint Server Subscription Edition: May 9, 2023 KB5002390 Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability, Microsoft SharePoint Server information disclosure vulnerability, and Microsoft SharePoint Server remote...
Moderate: git security and bug fix update
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to wo...
CVE-2023-30840
Fluid CVE-2023-30840 affects versions 0.7.0 up to before 0.8.6. If an attacker gains control of a Kubernetes node running the fluid-csi pod, they can use the fluid-csi service account to modify node specs across the cluster, circumventing limited permissions and potentially elevating privileges t...
CVE-2023-30840 On a compromised node, the fluid-csi service account can be used to modify node specs
Fluid is an open source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications. Starting in version 0.7.0 and prior to version 0.8.6, if a malicious user gains control of a Kubernetes node running fluid csi pod controlled by the csi-nodeplugin-fluid...
[SECURITY] Fedora 36 Update: ceph-16.2.12-1.fc36
Ceph is a massively scalable, open-source, distributed storage system that ru ns on commodity hardware and delivers object, block and file system storage...
Apache DolphinScheduler Authorization Issues Vulnerability
Apache DolphinScheduler is a distributed DAG visualization-based workflow task scheduling system from the Apache Apache Foundation in the United States. Apache DolphinScheduler suffers from an authorization problem vulnerability that stems from the presence of incorrect authentication, which can ...