Blog

As organizations continue to adopt containers and Kubernetes for their applications, the need to secure these containers becomes increasingly important. Many applications are built with third-party sourced components from public image registries. Attackers are privy to the growing use of these third-party image registries, and often target them with malware, thus requiring special attention. Additionally, … ContinuedThe post Detecting Secrets in Container Images appeared first on VMware More info: https://blogs.vmware.com/security/2023/08/detecting-secrets-in-container-images.html?utm_source=rss&utm_medium=rss&utm_campaign=detecting-secrets-in-container-images

Security Advisory Description libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. More info: https://my.f5.com/manage/s/article/K30444545?utm_source=f5support&utm_medium=RSS

Security Advisory Description In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesnt match a dynamic url- ... More info: https://my.f5.com/manage/s/article/K33548065?utm_source=f5support&utm_medium=RSS

Security Advisory Description curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. (CVE-2020-8286) Impact More info: https://my.f5.com/manage/s/article/K15402727?utm_source=f5support&utm_medium=RSS

Security Advisory Description In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. (CVE-2021-46143) Impact A remote attacker could send ... More info: https://my.f5.com/manage/s/article/K23231802?utm_source=f5support&utm_medium=RSS

Security Advisory Description In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isnt reset under certain circumstances. If the relevant memory area happened to be freed and ... More info: https://my.f5.com/manage/s/article/K10812540?utm_source=f5support&utm_medium=RSS

Security Advisory Description Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. (CVE-2021-34798) Impact A NULL ... More info: https://my.f5.com/manage/s/article/K72382141?utm_source=f5support&utm_medium=RSS

Security Advisory Description CVE-2021-45960 In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g. ... More info: https://my.f5.com/manage/s/article/K91589041?utm_source=f5support&utm_medium=RSS

We have officially arrived in the era of running applications on public cloud infrastructures. Legacy, monolithic applications are leaving enterprise premises and finding new homes on public cloud platforms such as AWS, Microsoft Azure, and Google Cloud Platform (GCP). These workloads are increasingly distributed across virtual machines (VMs), containers, and serverless architectures. However, this wide … ContinuedThe post Expand Public Cloud Support with VMware Carbon Black Workload More info: https://blogs.vmware.com/security/2023/08/expand-public-cloud-support-with-vmware-carbon-black-workload.html?utm_source=rss&utm_medium=rss&utm_campaign=expand-public-cloud-support-with-vmware-carbon-black-workload

Security Advisory Description A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows ... More info: https://my.f5.com/manage/s/article/K54724312?utm_source=f5support&utm_medium=RSS