32 matches found
EUVD-2019-13413
Malware in sbrugna...
EUVD-2017-17005
Malware in sbrugna...
EUVD-2020-26578
Malware in sbrugna...
EUVD-2018-0767
Malware in sbrugna...
Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45105 ) impact on Cloud Foundry Products | Cloud Foundry
Severity Critical Vendor Cloud Foundry Foundation Description A critical vulnerability in Apache Log4j identified by CVE-2021-44228 has been publicly disclosed . Log4j versions prior to 2.15.0 are subject to a remote code execution vulnerability via the ldap JNDI parser and may allow for remote...
CVE-2020-5399
Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and...
CVE-2020-5399
Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and...
Code injection
Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and...
CVE-2020-5399
CVE-2020-5399 affects Cloud Foundry CredHub prior to 2.5.10, where the MySQL connection is established without TLS despite configuration to use TLS. This enables an attacker with network access between CredHub and the MySQL database to eavesdrop on connections and potentially gain unauthorized ac...
CVE-2020-5399 CredHub does not properly enable TLS for MySQL database connections
Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and...
CVE-2020-5399: CredHub does not properly enable TLS for MySQL database connections | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Description Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database...
CVE-2019-3782
Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify...
Design/Logic Flaw
Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify...
CVE-2019-3782
Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify...
CVE-2019-3782 CredHub CLI writes environment variable credentials to disk
Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify...
CVE-2019-3782
The CVE-2019-3782 issue affects Cloud Foundry CredHub CLI prior to version 2.2.1. The vulnerability arises when credentials supplied via environment variables are written to the CLI’s persistent config file, potentially exposing them to a local authenticated attacker who has access to the CredHub...
CVE-2019-3782: CredHub CLI writes environment variable credentials to disk | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions CredHub CLI All versions prior to 2.2.1 Description Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent...
com.swisscom.cloud.sb:broker (>=4.0.0 <=4.2.5), org.springframework.credhub:spring-credhub-cloud-connector (>=1.0.0.RELEASE <=1.0.1.RELEASE) +1 more potentially affected by CVE-2018-15795 via org.springframework.credhub:spring-credhub-core (>=1.0.0.RELEASE <=1.0.1.RELEASE)
org.springframework.credhub:spring-credhub-core MAVEN version =1.0.0.RELEASE, =4.0.0, =1.0.0.RELEASE, =1.0.0.RELEASE, =1.0.1.RELEASE Source cves: CVE-2018-15795 Source advisory: OSV:GHSA-Q3JG-4C82-J4XH...
GHSA-Q3JG-4C82-J4XH Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Pivotal CredHub Service Broker
Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service...
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Pivotal CredHub Service Broker
Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service...