Lucene search
K

35 matches found

Spring Security Advisories
Spring Security Advisories
added 2022/08/02 7:0 a.m.13 views

This Week in Spring - August 1st, 2022

Aloha, Spring fans! Welcome to another installment of This Week in Spring! Im still on vacation on the beautiful island of Maui, Hawaii, but I wanted to say hello "aloha!" and share this weeks latest roundup of all thats good and glorious in the wide and wonderful world of Springdom. Funny thing,...

0.3AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2022/07/31 5:3 p.m.31 views

How to integrate Hibernates Multitenant feature with Spring Data JPA in a Spring Boot application

For quite some time now, Hibernate has offered a Multitenant feature. It integrates nicely with Spring, but there is not much information about how to actually set it up, so I thought an example or two or three could help. There is already an excellent blog article, but it is a little dated and i...

Exploits0
The Hacker News
The Hacker News
added 2022/07/21 8:23 a.m.33 views

Cynomi Automated Virtual CISO (vCISO) Platform for Service Providers

Growing cyber threats, tightening regulatory demands and strict cyber insurance requirements are driving small to medium-sized enterprises demand for strategic cybersecurity and compliance guidance and management. Since most companies this size don't have in-house CISO expertise – the demand for...

0.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2022/03/29 7:0 a.m.28 views

This Week in Spring - March 29th, 2022

Aloha, Spring fans, from beautiful Maui, Hawaii, where I am with my family on a bit of vacation. Its our daughters Spring break and so were enjoying the family time while we can get it! I wanted to take a brief interlude in between the never-enough time on the beach and all the rum to get this...

7.1AI score
Exploits0
Prion
Prion
added 2021/11/12 6:15 p.m.21 views

Design/Logic Flaw

kustomize-controller is a Kubernetes operator, specialized in running continuous delivery pipelines for infrastructure and workloads defined with Kubernetes manifests and assembled with Kustomize. Users that can create Kubernetes Secrets, Service Accounts and Flux Kustomization objects, could...

9CVSS8.9AI score0.01766EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/11/11 12:0 a.m.3 views

PT-2021-4880 · Kyverno +1 · Kyverno +4

Name of the Vulnerable Software and Affected Versions: kustomize-controller versions prior to 0.15.0 Description: The issue is related to the kustomize-controller, a Kubernetes operator for running continuous delivery pipelines. It allows users who can create Kubernetes Secrets, Service Accounts,...

9CVSS7.8AI score0.01766EPSS
Exploits1References12
ThreatPost
ThreatPost
added 2021/09/09 4:39 p.m.51 views

‘Azurescape’ Kubernetes Attack Allows Cross-Container Cloud Compromise

A critical security vulnerability allowing attackers to perform cross-account container takeover in Microsoft’s public cloud, dubbed “Azurescape”, has been uncovered by researchers. The issue exists in Azure Container Instances ACI, which is Microsoft’s container-as-a-service CaaS offering which...

9.3CVSS8.6AI score0.9857EPSS
Exploits33References6
vulnersOsv
vulnersOsv
added 2021/07/02 6:33 p.m.5 views

br.com.damsete.arq:damsete-arq (>=0.0.9 <=0.0.12), br.com.damsete.arq:damsete-arq-audit (>=0.0.9 <=0.0.12) +481 more potentially affected by CVE-2021-22119 via org.springframework.security:spring-security-core (>=5.2.0.RELEASE <=5.2.10.RELEASE)

org.springframework.security:spring-security-core MAVEN version =5.2.0.RELEASE, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =2.0.2, =2.0.2, =2.0.2, =2.0.2, =2.0.2, =2.0.3 - com.c4-soft.springaddons:spring-security-oauth2-addons =1.0.0 -...

7.5CVSS6.8AI score0.06001EPSS
Exploits0
The Hacker News
The Hacker News
added 2020/10/14 10:20 a.m.5 views

Guide: Scale or Fail — Why MSSPs Need Multitenant Security Solutions

Managed Security Services Providers MSSPs have it rough. They have the burden of protecting their client organizations from cyberattacks, with clients from different industries, different security stacks, and different support requirements. And everything is in a constant state of flux. MSSPs are...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/10/14 10:20 a.m.26 views

Guide: Scale or Fail — Why MSSPs Need Multitenant Security Solutions

Managed Security Services Providers MSSPs have it rough. They have the burden of protecting their client organizations from cyberattacks, with clients from different industries, different security stacks, and different support requirements. And everything is in a constant state of flux. MSSPs are...

Exploits0
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.22 views

Huawei EulerOS: Security Advisory for openldap (EulerOS-SA-2019-2358)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.5AI score0.05015EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2018/10/19 10:0 p.m.14 views

br.com.anteros:Anteros-Security-Spring (>=2.0.0 <=2.0.20), br.com.anteros:Anteros-Security-Spring-Mongo (>=1.0.0 <=1.0.5) +84 more potentially affected by CVE-2018-15758 via org.springframework.security.oauth:spring-security-oauth2 (>=2.3.0.RELEASE <=2.3.3.RELEASE)

org.springframework.security.oauth:spring-security-oauth2 MAVEN version =2.3.0.RELEASE, =2.0.0, =1.0.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =3.0.0.RELEASE, =1.0.4, =1.0.9 and more Source cves: CVE-2018-15758 Source advisory: OSV:GHSA-H8W4-QV99-F7VJ...

9.6CVSS7.2AI score0.02153EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2018/10/18 6:5 p.m.11 views

br.com.damsete.arq:damsete-arq (>=0.0.1 <=0.0.3), br.com.damsete.arq:damsete-arq-audit (>=0.0.1 <=0.0.3) +14 more potentially affected by CVE-2018-1260 via org.springframework.security.oauth:spring-security-oauth2 (>=2.3.0.RELEASE <=2.3.2.RELEASE)

org.springframework.security.oauth:spring-security-oauth2 MAVEN version =2.3.0.RELEASE, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =2.0.1, =4.0.0, =0.1.0, =4.26.0, =4.26.0, =3.3.0.6, =4.30.0 and more Source cves: CVE-2018-1260 Source advisory: OSV:GHSA-RRPM-PJ7P-7J9Q...

9.8CVSS7.2AI score0.08352EPSS
Exploits2
OSV
OSV
added 2016/06/08 5:59 p.m.9 views

CVE-2016-3708

Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that 1 contain...

7.1CVSS5.8AI score0.01118EPSS
Exploits0References1
CNVD
CNVD
added 2016/05/21 12:0 a.m.4 views

Red Hat OpenShift Enterprise Unauthorized Access Vulnerability Vulnerability

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform that builds, tests, deploys, and runs applications.OpenShift Enterprise is an open source version of the private cloud. A security vulnerability exists in Red Hat OpenShift Enterprise when the program is multi-tenant SDN...

7.1CVSS6.8AI score0.01118EPSS
Exploits0References1
Rows per page
Query Builder