Lucene search
K

2603 matches found

RedHat Linux
RedHat Linux
added 2023/05/17 3:23 p.m.38 views

Important: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

7.8CVSS6.8AI score0.52164EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2023/05/16 8:56 a.m.4 views

kernel: fs: dlm: fix invalid derefence of sb_lvbptr

In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix invalid derefence of sblvbptr I experience issues when putting a lkbsb on the stack and have sblvbptr field to a dangled pointer while not using DLMLKFVALBLK. It will crash with the following kernel message, the...

5.5CVSS6.7AI score0.00155EPSS
Exploits0References5
Fedora
Fedora
added 2023/05/12 2:8 a.m.37 views

[SECURITY] Fedora 36 Update: git-2.40.1-1.fc36

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages,...

7.8CVSS6.2AI score0.52164EPSS
Exploits2
Prion
Prion
added 2023/05/11 8:15 p.m.36 views

Code injection

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...

4CVSS4.5AI score0.00744EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2023/05/11 8:15 p.m.42 views

CVE-2023-32082

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...

4.3CVSS6.8AI score0.00744EPSS
Exploits0References5
OSV
OSV
added 2023/05/11 8:15 p.m.2 views

UBUNTU-CVE-2023-32082

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...

4.3CVSS7.1AI score0.00744EPSS
Exploits0References6
CVE
CVE
added 2023/05/11 7:22 p.m.153 views

CVE-2023-32082

CVE-2023-32082 affects etcd. The LeaseTimeToLive API (with Keys=true) could expose key names to users who lack read permission, impacting RBAC-enabled clusters. This vulnerability is fixed in etcd versions 3.4.26 and 3.5.9; upgrade to a fixed release (or newer) to remediate. No workarounds are do...

4.3CVSS6.3AI score0.00744EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/05/11 7:22 p.m.32 views

CVE-2023-32082 etcd key name can be accessed via LeaseTimeToLive API

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...

3.1CVSS6.5AI score0.00744EPSS
Exploits0References6
Akamai Blog
Akamai Blog
added 2023/05/11 1:0 p.m.10 views

Today’s Evolving Cloud Strategies Are Embracing Distributed Computing

...

7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2023/05/10 6:57 p.m.31 views

Moderate: Red Hat Security Advisory: Red Hat OpenShift Distributed Tracing 2.8.0 security update

Updated Red Hat OpenShift Distributed Tracing 2.8 container images are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

5.3CVSS6.7AI score0.05623EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/05/09 10:4 a.m.4 views

kernel: drbd: only clone bio if we have a backing device

A NULL pointer dereference was found in the Linux kernel Distributed Replicated Block Device driver's I/O request handling. A local user with privileges to perform I/O operations on a DRBD block device can trigger I/O requests when the DRBD device is configured in diskless mode no local backing...

5.5CVSS7AI score0.00128EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/05/09 10:4 a.m.5 views

kernel: fs: dlm: fix invalid derefence of sb_lvbptr

In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix invalid derefence of sblvbptr I experience issues when putting a lkbsb on the stack and have sblvbptr field to a dangled pointer while not using DLMLKFVALBLK. It will crash with the following kernel message, the...

5.5CVSS6.7AI score0.00155EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/05/09 10:3 a.m.40 views

Moderate: Red Hat Security Advisory: git security and bug fix update

An update for git is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

8.8CVSS6.8AI score0.02938EPSS
Exploits1References7
Microsoft KB
Microsoft KB
added 2023/05/09 7:0 a.m.82 views

Description of the security update for SharePoint Server 2019: May 9, 2023 (KB5002389)

Description of the security update for SharePoint Server 2019: May 9, 2023 KB5002389 Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability, Microsoft SharePoint Server information disclosure vulnerability, and Microsoft SharePoint Server remote code execution...

7.2CVSS8.8AI score0.85395EPSS
Exploits7
Microsoft KB
Microsoft KB
added 2023/05/09 7:0 a.m.98 views

Description of the security update for SharePoint Server Subscription Edition: May 9, 2023 (KB5002390)

Description of the security update for SharePoint Server Subscription Edition: May 9, 2023 KB5002390 Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability, Microsoft SharePoint Server information disclosure vulnerability, and Microsoft SharePoint Server remote...

7.2CVSS7.8AI score0.85395EPSS
Exploits7
AlmaLinux
AlmaLinux
added 2023/05/09 12:0 a.m.56 views

Moderate: git security and bug fix update

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to wo...

8.8CVSS7.4AI score0.02938EPSS
Exploits1References10
CVE
CVE
added 2023/05/08 5:45 p.m.54 views

CVE-2023-30840

Fluid CVE-2023-30840 affects versions 0.7.0 up to before 0.8.6. If an attacker gains control of a Kubernetes node running the fluid-csi pod, they can use the fluid-csi service account to modify node specs across the cluster, circumventing limited permissions and potentially elevating privileges t...

7.8CVSS6.6AI score0.00236EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/05/08 5:45 p.m.41 views

CVE-2023-30840 On a compromised node, the fluid-csi service account can be used to modify node specs

Fluid is an open source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications. Starting in version 0.7.0 and prior to version 0.8.6, if a malicious user gains control of a Kubernetes node running fluid csi pod controlled by the csi-nodeplugin-fluid...

5.8CVSS8AI score0.00236EPSS
Exploits0References4
Fedora
Fedora
added 2023/04/23 1:23 a.m.22 views

[SECURITY] Fedora 36 Update: ceph-16.2.12-1.fc36

Ceph is a massively scalable, open-source, distributed storage system that ru ns on commodity hardware and delivers object, block and file system storage...

7.8CVSS7.8AI score0.00327EPSS
Exploits1
CNVD
CNVD
added 2023/04/23 12:0 a.m.26 views

Apache DolphinScheduler Authorization Issues Vulnerability

Apache DolphinScheduler is a distributed DAG visualization-based workflow task scheduling system from the Apache Apache Foundation in the United States. Apache DolphinScheduler suffers from an authorization problem vulnerability that stems from the presence of incorrect authentication, which can ...

4.3CVSS6.7AI score0.01127EPSS
Exploits0References1
Rows per page
Query Builder