• How to Develop a Winning Kafka Partition Strategy

    Learn about Apache Kafka partitioning, including partition strategy examples and best practices.

  • Simplify Your Event-Driven Architecture With the Kafka Service Bundle

    In this on-demand webinar, the OpenLogic product team explains the benefits of the Kafka Service Bundle, a new offering that includes custom installation, technical support, and admin as

  • The Enterprise Guide to Apache Kafka

    This white paper explores Apache Kafka and how it is used to power stream processing and data integration in enterprise applications — as well as related technologies, alternatives, and deployment best practices.

  • CVE-2020-15778

    NVD Listing: NVD - CVE-2020-15778

    - Backported patch to address CVE-2020-15778

    scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."

    CVE-2020-15778
    CentOS 7
    openssh-7.4p1-23_ol004.el7
    openssh
    7.4

  • CVE-2024-38473

    NVD Listing: NVD - CVE-2024-38473

    - Backported patch to address CVE-2024-38473

    Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

    CVE-2024-38473
    CentOS 7
    httpd-2.4.6-99_ol007.el7.1
    httpd
    NA

  • CVE-2022-36227

    NVD Listing: NVD - CVE-2022-36227

    - Backported patch to address CVE-2022-36227

    In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."
     

    CVE-2022-36227
    CentOS 7
    libarchive-3.1.2-14_ol002.el7
    libarchive
    9.8

  • CVE-2024-6345

    NVD Listing: NVD - CVE-2024-6345

    - Backported patch to address CVE-2024-6345

    A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.

    CVE-2024-6345
    CentOS 7
    python3-setuptools-39.2.0-10_ol001.el7
    python 3
    NA

  • CVE-2023-51385

    NVD Listing: NVD - CVE-2023-51385

    - Changed CVE-2023-51385 behavior from automatic disabling of SCP to notification.

    In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.

    CVE-2023-51385
    CentOS 7
    openssh-7.4p1-23_ol005.el7
    openssh
    6.5

  • CVE-2016-2037

    NVD Listing: NVD - CVE-2016-2037

    - Backported patch to fix CVE-2016-2037 

    The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.

    CVE-2016-2037
    CentOS 7
    cpio-2.11-28_ol001.el7
    cpio
    6.5