Is Docker Swarm going to change how we do microservices APIs?

During the DockerCon a couple of weeks ago the new native swarm functionality was one of the highlighted themes. What is a swarm? A swarm is a cluster of Docker engines, or nodes, which acts as an orchestrator, monitor and ingress load balancer for all the services deployed on swarm. The Docker...

Huawei Load Balancer Management System suffers from s2-045 remote command execution vulnerability

Load Balancer Management System is a load balancer management system. The Huawei Load Balancer Management System suffers from a s2-045 remote command execution vulnerability. The vulnerability can be exploited to execute arbitrary commands by constructing a Content-Type function in the header, as...

dlplibs: Crash in librevenge::IStorage::load

Detailed report: https://oss-fuzz.com/testcase?key=5488429968130048 Project: dlplibs Fuzzer: afldlplibsbmifuzzer Fuzz target binary: bmifuzzer Job Type: aflasandlplibs Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x619800000f78 Crash State: librevenge::IStorage::load...

Directory Traversal

github.com/docker/docker is vulnerable to path traversal attacks and spoofed repositories. These attacks are possible because Docker fails to correctly validate image IDs when using docker load or register communications...

CVE-2017-8400

In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in the function pngload in lib/png.c:755. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS; it might cause arbitrary code execution...

UBUNTU-CVE-2017-8401

In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the function pngload in lib/png.c:724. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS...

F5 BIG-IP Denial of Service Vulnerability

The F5 BIG-IP is a load balancer that uses a variety of distribution algorithms to distribute network requests to available servers in a server cluster, enabling network visitors to have the best possible networking experience by managing incoming Web data traffic and increasing effective network...

Installer of Vivaldi for Windows may insecurely load executable files

Overview The installer of Vivaldi for Windows contains an issue in the file search path when loading files, which may insecurely load executable files CWE-427. Eiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

CVE-2017-5045

XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page...

CVE-2016-3109

The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code...

Chrome Universal XSS via reentrancy in FrameLoader::startLoad (CVE-2016-1697)

VULNERABILITY DETAILS From /thirdparty/WebKit/Source/core/loader/FrameLoader.cpp: void FrameLoader::startLoad... ASSERTclient-hasWebView; if mframe-document-pageDismissalEventBeingDispatched != Document::NoDismissal return; ... mframe-document-cancelParsing;...

Chrome Security: Universal XSS through removing link elements (CVE-2017-5010)

VULNERABILITY DETAILS When a link element is notified about its removal from the tree and the linked stylesheet happens to be the last pending one in the document, the fragment anchor may be updated, which triggers layout updates when it should be forbidden. In special circumstances, the updates...

OpenJDK: untrusted extension directories search path in Launcher (JCE, 8163528)

An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges...

CVE-2017-1205

IBM Platform LSF 10.1 contains an unspecified vulnerability that could allow a local user to escalate their privileges and obtain root access. IBM X-Force ID: 123741...

Microsoft Edge Security Restriction Bypass Vulnerability (CNVD-2017-05760)

Microsoft Edge is the web browser built into the Windows 10 version. A remote security bypass vulnerability exists in the implementation of Edge Content Security Policy CSP when it fails to properly validate certain documents, which can be exploited by an attacker to trick a user into loading a...

Load Balancing and Monitoring Delivery Controllers

This article describes how to load balance the Desktop Delivery Controller via NetScaler with Connection Leasing...

389-ds-base security and bug fix update

1.3.5.10-20 - Bump version to 1.3.5.10-20 - Resolves: bug 1437005 - CVE-2017-2668 389-ds-base: Remote crash via crafted LDAP messages 1.3.5.10-19 - Release 1.3.5.10-19 - Resolves: bug 1429495 - ns-slapd dies under heavy load - Resolves: bug 1429498 - A filtered nsrole that specifies an empty nsro...

XSS Vulnerability in jira.issueviews:searchrequest-xml

The endpoint /sr/jira.issueviews:searchrequest-xml/temp/SearchRequest.xml/|https://jira.uberinternal.com/sr/jira.issueviews:searchrequest-xml/temp/SearchRequest.xml/-- is vulnerable to an XSS injection in certain cases. Normally, the browser will urlencode its requests, but some proxy servers and...

Kong and Wallarm Partner Up to Boost Microservices API Security

Wallarm has partnered with Mashape to provide the microservices community with API security. Mashape enterprise customers who use Kong API gateway can now quickly add API security protection without change in Kong user’s deployment. Read more about Kong and Wallarm partnership in this blog. Today...

KLA11078 ACE vulnerability in Microsoft .NET Framework

An improper input validation on library load was found in Microsoft .NET. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited locally via a specially designed application. Technical details To exploit this vulnerability, a malicious use...