Lucene search
K

87 matches found

vulnersOsv
vulnersOsv
added 2023/03/08 12:30 p.m.7 views

cc.jweb:jweb-adai (>=1.0.2 <=1.0.6), cc.jweb:jweb-boot (>=1.0.2 <=1.0.5) +102 more potentially affected by CVE-2023-23638 via org.apache.dubbo:dubbo (>=2.7.0 <=2.7.21)

org.apache.dubbo:dubbo MAVEN version =2.7.0, =1.0.2, =1.0.2, =1.2.1, =1.28.0, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =0.0.1, =2.2.7.RELEASE, =1.0.3, =1.0.3, =1.5.1, =2.0.1, =2.0.11 and more Source cves: CVE-2023-23638 Source advisory: OSV:GHSA-933G-V89R-X8...

9.8CVSS7.7AI score0.04847EPSS
Exploits3
CNVD
CNVD
added 2023/02/20 12:0 a.m.16 views

Mozilla PollBot open redirect vulnerability

Mozilla PollBot is a microservice from the Mozilla Foundation. Freeing humans from the onerous task of polling for status during Firefox releases, Mozilla PollBot versions prior to 1.4.6 have an open redirect vulnerability that stems from the system not doing a reasonable job of targeting jumps,...

6.1AI score0.00426EPSS
Exploits0Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2023/01/25 12:0 a.m.9 views

Introducing Microservices Patterns with Spring Integration

Hey Spring Community! I hope you are enjoying Spring One Essentials these days. The most exciting feature for me is an Observability which is spread throughout the Spring portfolio from now on. Nevertheless, today I’d like to share with a project I’m working on since holidays, where the mentioned...

0.1AI score
Exploits0
Prion
Prion
added 2023/01/03 9:15 p.m.19 views

Design/Logic Flaw

Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. Rosco prior to versions 1.29.2, 1.28.4, and 1.27.3 does not property mask secrets generated via packer builds. This can lead to exposur...

5CVSS7.5AI score0.00541EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/01/03 8:4 p.m.36 views

CVE-2022-23506 Spinnaker's Rosco microservice vulnerable to improper log masking on AWS Packer builds

Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. Rosco prior to versions 1.29.2, 1.28.4, and 1.27.3 does not property mask secrets generated via packer builds. This can lead to exposur...

4.3CVSS7.7AI score0.00541EPSS
Exploits0References2
OSV
OSV
added 2023/01/03 8:4 p.m.27 views

CVE-2022-23506 Spinnaker's Rosco microservice vulnerable to improper log masking on AWS Packer builds

Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. Rosco prior to versions 1.29.2, 1.28.4, and 1.27.3 does not property mask secrets generated via packer builds. This can lead to exposur...

4.3CVSS7.5AI score0.00541EPSS
Exploits0References4
CNVD
CNVD
added 2022/08/25 12:0 a.m.8 views

Beijing Century Superstar Information Technology Development Co., Ltd.'s Learning Pass suffers from a stored XSS vulnerability

LearningTone is a course learning, knowledge dissemination and management sharing platform built on a microservice architecture. There is a stored XSS vulnerability in Beijing Century Super Star Information Technology Development Limited Liability Company's Learning Pass, which can be exploited b...

5.7AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/28 7:47 p.m.53 views

Security Bulletin: Sterling Order Management and Spring vulnerability CVE-2022-22963

Abstract Is Sterling Order Management affected by Spring vulnerability CVE-2022-22963? Content IBM is aware of a recently surfaced vulnerability CVE-2022-22963 and has evaluated whether any Sterling Order Management applications are affected. The following is a summary of our evaluation: Componen...

9.8CVSS9.6AI score0.99939EPSS
Exploits36Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:24 p.m.4 views

Malicious code in microservice-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f8eabb87b272e86465f3f49feac05429f1b06685e9e519eda3ad6f386231029 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:24 p.m.6 views

MAL-2022-4583 Malicious code in microservice-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f8eabb87b272e86465f3f49feac05429f1b06685e9e519eda3ad6f386231029 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
HackRead
HackRead
added 2022/05/26 12:19 a.m.17 views

How Software Architects Can Manage Technical Debt in a Microservice Architecture

By Owais Sultan Most software architects wear two different hats - they act as software engineers and technical leaders. However, software… This is a post from HackRead.com Read the original post: How Software Architects Can Manage Technical Debt in a Microservice Architecture...

3.2AI score
Exploits0
NVD
NVD
added 2022/04/28 8:15 p.m.11 views

CVE-2022-29555

The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking...

8.8CVSS0.00449EPSS
Exploits0References2
Prion
Prion
added 2022/04/28 8:15 p.m.16 views

Cross site scripting

The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking...

6.8CVSS8.6AI score0.00958EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/04/28 7:48 p.m.702 views

CVE-2022-29556

CVE-2022-29556 affects the iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2. The vulnerability arises from the Azure IoT Hub integration, which exposes SSRF primitives that can be used to execute cross-tenant actions via internal API endpoints. This leads to potentia...

9.8CVSS9.4AI score0.00958EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/04/28 7:48 p.m.37 views

CVE-2022-29556

The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints...

9.7AI score0.00958EPSS
Exploits0References2
CVE
CVE
added 2022/04/28 7:44 p.m.527 views

CVE-2022-29555

CVE-2022-29555 affects the Deviceconnect microservice (Northern.tech Mender Enterprise) up to version 1.3.0, prior to 3.2.2, enabling Cross-Origin Websocket Hijacking. Attack vector is network; CVSSv3 base score 8.8 (HIGH) with UI required. Remediation: upgrade to Mender Enterprise 3.2.2 or later...

8.8CVSS8.6AI score0.00449EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/04/28 12:0 a.m.8 views

Northern.tech Mender Enterprise 跨站请求伪造漏洞

Northern.tech Mender Enterprise is a wireless update manager for IoT devices from Northern.tech. A security vulnerability exists in Northern.tech Mender Enterprise prior to version 3.2.2, which stems from a cross-domain websocket hijacking allowed via the Deviceconnect microservice from 1.3.0...

8.8CVSS8.2AI score0.00449EPSS
Exploits0References3
NVD
NVD
added 2022/04/11 8:15 p.m.33 views

CVE-2022-24815

JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures. SQL Injection vulnerability in entities for applications generated with the option "reactive with Spring WebFlux" enabled and an SQL database using r2dbc. Applications...

8.1CVSS0.01356EPSS
Exploits1References3
Prion
Prion
added 2022/04/11 8:15 p.m.14 views

Sql injection

JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures. SQL Injection vulnerability in entities for applications generated with the option "reactive with Spring WebFlux" enabled and an SQL database using r2dbc. Applications...

6.8CVSS8.5AI score0.01356EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/04/11 7:25 p.m.5 views

CVE-2022-24815 SQL Injection when creating an application with Reactive SQL backend

JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures. SQL Injection vulnerability in entities for applications generated with the option "reactive with Spring WebFlux" enabled and an SQL database using r2dbc. Applications...

8.1CVSS8.6AI score0.01356EPSS
Exploits1References3
Rows per page
Query Builder