Lucene search
K

4422 matches found

Spring Security Advisories
Spring Security Advisories
added 2023/01/26 9:0 a.m.29 views

Spring Cloud Azure 5.0 is now Generally Available

Were very pleased to announce that Spring Cloud Azure 5.0 is now generally available. This major release includes the following features, improvements, and documentation updates: Compatible with Spring Boot 3 and Spring Cloud 2022.0.0 Supports Passwordless Connections Updated Azure for Spring...

7.8AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/01/26 12:0 a.m.20 views

Spring Cloud Azure 5.0 is now Generally Available

We're very pleased to announce that Spring Cloud Azure 5.0 is now generally available. This major release includes the following features, improvements, and documentation updates: Compatible with Spring Boot 3 and Spring Cloud 2022.0.0 Supports Passwordless Connections Updated Azure for Spring...

7.8AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/01/26 12:0 a.m.22 views

Spring Cloud Azure 5.0 is now Generally Available

We're very pleased to announce that Spring Cloud Azure 5.0 is now generally available. This major release includes the following features, improvements, and documentation updates: Compatible with Spring Boot 3 and Spring Cloud 2022.0.0 Supports Passwordless Connections Updated Azure for Spring...

7.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2023/01/25 7:39 p.m.43 views

Controller reconciles apps outside configured namespaces when sharding is enabled

Impact All Argo CD versions starting with 2.5.0-rc1 are vulnerable to an authorization bypass bug which allows a malicious Argo CD user to deploy Applications outside the configured allowed namespaces. Description of exploit Reconciled Application namespaces are specified as a comma-delimited lis...

8.5CVSS8.1AI score0.0078EPSS
Exploits0References3Affected Software1
Code423n4
Code423n4
added 2023/01/23 12:0 a.m.9 views

Upgraded Q -> M from #50 [1674461707004]

Judge has assessed an item in Issue 50 as M risk. The relevant finding follows: QA10. The deposit function only works for tokens that have no more than 18 decimals. This needs to be documented. --- The text was updated successfully, but these errors were encountered: All reactions...

6.9AI score
Exploits0
Fedora
Fedora
added 2023/01/21 3:43 a.m.25 views

[SECURITY] Fedora 36 Update: rust-1.66.1-1.fc36

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

5.9CVSS2.5AI score0.00649EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/01/20 7:46 p.m.84 views

Metasploit Weekly Wrap-Up

See something say something Have an idea on how to expand on Metasploit Documentation on ? Did you see a typo or some other error on the docs site? Thanks to adfoster-r7, submitting an update to the documentation is as easy as clicking the 'Edit this page on GitHub' link on the page you want to...

7.5CVSS0.6AI score0.99105EPSS
Exploits21
Spring Security Advisories
Spring Security Advisories
added 2023/01/20 10:51 a.m.31 views

Spring Modulith 0.3 released

Hot on the heels of Spring Boot 3.0.2, I am excited to announce the 0.3 release of Spring Modulith. The release is packed with improvements. We have tweaked a couple of things that might require your attention and a couple of adapting changes to your code. The most notable changes are: GH-114 – W...

Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/01/20 12:0 a.m.5 views

Spring Modulith 0.3 released

Hot on the heels of Spring Boot 3.0.2, I am excited to announce the 0.3 release of Spring Modulith. The release is packed with improvements. We have tweaked a couple of things that might require your attention and a couple of adapting changes to your code. The most notable changes are: GH-114 – W...

Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/01/20 12:0 a.m.26 views

Spring Modulith 0.3 released

Hot on the heels of Spring Boot 3.0.2, I am excited to announce the 0.3 release of Spring Modulith. The release is packed with improvements. We have tweaked a couple of things that might require your attention and a couple of adapting changes to your code. The most notable changes are: GH-114 – W...

Exploits0
Atlassian
Atlassian
added 2023/01/19 9:37 a.m.45 views

HSTS configuration not working in confluence 8.0.2

h3. Issue Summary This is reproducible on Data Center: Yes h3. Steps to Reproduce Configure confluence on SSL Follow KB -...

1.5AI score
Exploits0
OSV
OSV
added 2023/01/17 5:46 p.m.10 views

GSD-2023-1000528 net: stmmac: fix errno when create_singlethread_workqueue() fails

net: stmmac: fix errno when createsinglethreadworkqueue fails This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.16 by commit...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/16 12:14 p.m.18 views

Hacked Cellebrite and MSAB Software Released

Cellebrite is an cyberweapons arms manufacturer that sells smartphone forensic software to governments around the world. MSAB is a Swedish company that does the same thing. Someone has released software and documentation from both companies...

0.4AI score
Exploits0
OpenVAS
OpenVAS
added 2023/01/16 12:0 a.m.30 views

Fedora: Security Advisory for kernel-tools (FEDORA-2023-f4f9182dc8)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS8.5AI score0.06346EPSS
Exploits0References2
Prion
Prion
added 2023/01/15 7:15 a.m.16 views

Format string

BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate single-line files. A single-line file might contain credentials, such as "machine example.com login daniel password qwerty" in the documentation example for the .netrc file format. NOTE: 2.x versions are no longer supported...

5CVSS7.4AI score0.00954EPSS
Exploits1References3Affected Software1
Fedora
Fedora
added 2023/01/15 2:1 a.m.53 views

[SECURITY] Fedora 37 Update: kernel-tools-6.1.5-200.fc37

This package contains the tools/ directory from the kernel source and the supporting documentation...

8.8CVSS7.8AI score0.06346EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/01/13 5:50 p.m.20 views

Metasploit Weekly Wrap-Up

New module content 2 Gather Dbeaver Passwords Author: Kali-Team Type: Post Pull request: 17337 contributed by cn-kali-team Description: This adds a post exploit module that retrieves Dbeaver session data from local configuration files. It is able to extract and decrypt credentials stored in these...

0.3AI score
Exploits0
Oracle linux
Oracle linux
added 2023/01/13 12:0 a.m.50 views

kernel security and bug fix update

4.18.0-425.10.1.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

7.8CVSS0.1AI score0.00294EPSS
Exploits0
OSV
OSV
added 2023/01/11 2:40 p.m.8 views

SUSE-SU-2023:0070-1 Security update for openstack-barbican, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-neutron, openstack-neutron-gbp

This update for openstack-barbican, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-neutron, openstack-neutron-gbp fixes the following issues: Security fixes included on this update: openstack-barbican: - CVE-2022-3100: Fixed an access policy bypass via query string injection...

8.8CVSS7.7AI score0.92984EPSS
Exploits12References5
Malwarebytes
Malwarebytes
added 2023/01/11 4:0 a.m.17 views

Open redirect on government website sends users to adult content

Fake websites and open redirects have conspired to make things awkward for a UKGOV website. The site in question, riverconditionsdotenvironment-agencydotgovdotuk, was being abused in search engine results to redirect to various sites which arent associated with UKGOV--most of which were adult...

Exploits0
Rows per page
Query Builder