Lucene search
K

286 matches found

Spring Security Advisories
Spring Security Advisories
added 2023/01/25 12:0 a.m.9 views

Introducing Microservices Patterns with Spring Integration

Hey Spring Community! I hope you are enjoying Spring One Essentials these days. The most exciting feature for me is an Observability which is spread throughout the Spring portfolio from now on. Nevertheless, today I’d like to share with a project I’m working on since holidays, where the mentioned...

0.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2023/01/17 11:47 a.m.81 views

Moderate: Red Hat Security Advisory: Red Hat AMQ Streams 2.3.0 release and security update

Red Hat AMQ Streams 2.3.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

7.5CVSS6.7AI score0.02824EPSS
Exploits4References9
CNNVD
CNNVD
added 2022/12/23 12:0 a.m.6 views

userver 安全漏洞

userver is a modern open source asynchronous framework from userver open source. Used to create C++ microservices, services and utilities quickly and comfortably. A security vulnerability exists in userver that stems from the fact that it allows an attacker to implement a denial of service via a...

7.5CVSS7.3AI score0.00739EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/05 11:37 p.m.64 views

Security Bulletin: IBM InfoSphere Information Server is affected by a denial of service vulnerability in Apache Kafka (CVE-2022-34917)

Summary A denial of service vulnerability in Apache Kafka used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-34917 DESCRIPTION: Apache Kafka is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted request...

7.5CVSS7.3AI score0.0125EPSS
Exploits0Affected Software1
Prion
Prion
added 2022/11/10 8:15 p.m.13 views

Design/Logic Flaw

Istio is an open platform to connect, manage, and secure microservices. In versions on the 1.15.x branch prior to 1.15.3, a user can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Version 1.15.3 contains a patch for this issue...

2.7CVSS4AI score0.00455EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/10 12:0 a.m.7 views

CVE-2022-39388 Istio may allow identity impersonation if user has localhost access

Istio is an open platform to connect, manage, and secure microservices. In versions on the 1.15.x branch prior to 1.15.3, a user can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Version 1.15.3 contains a patch for this issue...

7.6CVSS7.5AI score0.00455EPSS
Exploits0References4
CVE
CVE
added 2022/11/10 12:0 a.m.81 views

CVE-2022-39388

CVE-2022-39388 affects Istio on the 1.15.x branch prior to 1.15.3. If a user has localhost access to the Istiod control plane, they can impersonate any workload identity within the service mesh due to an issue in the authentication/identity flow. The issue is publicly documented as fixed in 1.15....

7.6CVSS4.8AI score0.00455EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2022/11/10 12:0 a.m.33 views

CVE-2022-39388 Istio may allow identity impersonation if user has localhost access

Istio is an open platform to connect, manage, and secure microservices. In versions on the 1.15.x branch prior to 1.15.3, a user can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Version 1.15.3 contains a patch for this issue...

7.6CVSS7.7AI score0.00455EPSS
Exploits0References4
OSV
OSV
added 2022/11/10 12:0 a.m.28 views

CVE-2022-39388 Istio may allow identity impersonation if user has localhost access

Istio is an open platform to connect, manage, and secure microservices. In versions on the 1.15.x branch prior to 1.15.3, a user can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Version 1.15.3 contains a patch for this issue...

7.6CVSS5.3AI score0.00455EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/21 8:23 p.m.26 views

Security Bulletin: Multiple Security Vulnerabilities in IBM WebSphere Liberty affects IBM Voice Gateway

Summary Multiple security vulnerabilities in IBM WebSphere Liberty affect certain IBM Voice Gateway microservices. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9...

7.5CVSS7AI score0.02114EPSS
Exploits0Affected Software1
Wallarm Lab
Wallarm Lab
added 2022/10/17 2:28 p.m.24 views

8 KB is not enough: why WAFs can’t protect APIs

WAFs were a top-notch security instrument a decade ago, but now they are not. They fail to protect APIs. Meanwhile, the number of API-specific vulnerabilities grew more than twofold in 2022. According to a report by Wallarm, many such vulnerabilities have critical severity, and 33% are immediatel...

7.6AI score
Exploits0
CVE
CVE
added 2022/10/11 12:0 a.m.111 views

CVE-2022-39271

CVE-2022-39271 affects Traefik, a modern HTTP reverse proxy/load balancer. The vulnerability lies in HTTP/2 connection handling where closing an HTTP/2 server connection could hang due to a subsequent fatal error, potentially enabling a denial-of-service condition. A patch has been released in Tr...

7.5CVSS7.3AI score0.01016EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/10/11 12:0 a.m.20 views

CVE-2022-39271 Traefik HTTP/2 connections management could cause a denial of service

Traefik pronounced traffic is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure...

7.5CVSS7.6AI score0.01016EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2022/10/05 2:30 p.m.104 views

Important: Red Hat Security Advisory: Red Hat AMQ Streams 2.2.0 release and security update

Red Hat AMQ Streams 2.2.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

7.7CVSS7AI score0.1158EPSS
Exploits2References7
CNVD
CNVD
added 2022/09/30 12:0 a.m.15 views

Hertz path traversal vulnerability

Hertz is a Golang microservices HTTP framework open sourced by CloudWeGo. v0.3.0 of Hertz contains a path traversal vulnerability that stems from a failure of the normalizePath function to properly filter special elements in a resource or file path. An attacker could exploit this vulnerability to...

1.9AI score0.00852EPSS
Exploits1Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2022/09/29 7:0 a.m.15 views

A Bootiful Podcast: thought leader Chris Richardson (and no, I'm not using that title ironically!)

Hi, Spring fans! In this installment, Josh Long @starbuxman talks to his friend Chris Richardson @crichardson, who helped articulate and advance cloud computing, reactive programming, microservices, domain-driven design, event sourcing, and so much more years before the zeitgeist. Also, we used t...

0.1AI score
Exploits0
OSV
OSV
added 2022/09/29 12:0 a.m.9 views

GHSA-C9QR-F6C8-RGXF Hertz contains path traversal via normalizePath function

Hertz is a a high-performance and strong-extensibility Go HTTP framework that helps developers build microservices. Versions of Hertz prior to 0.3.1 contain a path traversal vulnerability via the normalizePath function. This issue has been patched in 0.3.1...

7.5CVSS7.4AI score0.00852EPSS
Exploits1References5
Kitploit
Kitploit
added 2022/08/19 12:30 p.m.37 views

crAPI - Completely Ridiculous API

c ompletely r idiculous API crAPI will help you to understand the ten most critical API security risks. crAPI is vulnerable by design, but you'll be able to safely run it to educate/train yourself. crAPI is modern, built on top of a microservices architecture. When time has come to buy your first...

7.3AI score
Exploits0References4
CNVD
CNVD
added 2022/07/20 12:0 a.m.29 views

Apache SkyWalking Denial of Service Vulnerability

Apache SkyWalking is an application performance monitor from the Apache Foundation that is primarily used in environments such as microservices, cloud-native and container-based. A denial of service vulnerability exists in Apache SkyWalking NodeJS Agent prior to version 0.5.1, which stems from an...

7.5CVSS7.3AI score0.01595EPSS
Exploits0References1
NVD
NVD
added 2022/06/13 8:15 p.m.48 views

CVE-2022-31053

Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid Γ-signatures. Such an attack would allow an attacker to create a token with any access level. The...

9.8CVSS0.0096EPSS
Exploits1References2
Rows per page
Query Builder