EUVD-2020-26594

Malware in sbrugna...

EUVD-2018-0767

Malware in sbrugna...

EUVD-2018-11889

Malware in sbrugna...

africa.absa:inception-oauth2-resource-server (>=1.0.0 <=1.2.0), ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.6.0.0) +7358 more potentially affected by CVE-2024-38821 via org.springframework.security:spring-security-web (>=3.0.0.RELEASE <=5.7.12)

org.springframework.security:spring-security-web MAVEN version =3.0.0.RELEASE, =1.0.0, =4.4.0.0, =0.1.8, =0.1.6, =0.1.2, =0.5.0, =j8.2.4.0, =j8.2.4.0, =1.0.0, =1.0.0, =1.0.0, =0.0.2, =0.0.3, =1.1.0.RELEASE, =0.3, =0.6 and more Source cves: CVE-2024-38821 Source advisory: OSV:GHSA-C4Q5-6C82-3QPW...

am.ik.home:uaa-client (>=1.0.0 <=1.9.0), am.ik.home:uaa-integration-test (>=1.0.0 <=1.9.0) +922 more potentially affected by CVE-2023-34036 via org.springframework.hateoas:spring-hateoas (>=0.12.0.RELEASE <=1.5.4)

org.springframework.hateoas:spring-hateoas MAVEN version =0.12.0.RELEASE, =1.0.0, =1.0.0, =1.0.0, =1.1.0, =1, =1, =1, =1, =1, =1, =1.0.1.RELEASE, =1.0.0.RELEASE, =1.0.1.RELEASE, =1.1.8.RELEASE, =1.1.5.RELEASE, =2.0.9.RELEASE and more Source cves: CVE-2023-34036 Source advisory:...

am.ik.home:uaa-client (>=1.3.0 <=1.9.0), am.ik.home:uaa-integration-test (>=1.3.0 <=1.9.0) +1072 more potentially affected by CVE-2017-4995 via org.springframework.security:spring-security-core (>=4.2.0.RELEASE <=4.2.2.RELEASE)

org.springframework.security:spring-security-core MAVEN version =4.2.0.RELEASE, =1.3.0, =1.3.0, =1.3.0, =1.1.1, =0.2.0, =1.0.3, =3.0.3, =3.0.3, =3.0.3, =3.0.5, =A.1.1.1, =A.2.0.0, =A.1.1.1, =A.2.0.0, =A.2.0.0.RC1 and more Source cves: CVE-2017-4995 Source advisory: OSV:GHSA-VHRG-V3CV-P247...

CVE-2020-5426

Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give ...

Default configuration

Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give ...

CVE-2020-5426

CVE-2020-5426 affects the TAS Scheduler prior to version 1.4.0, which could transmit the UAA client token in plaintext over non-TLS connections. The risk is influenced by MySQL server configuration used to cache the token; interception could grant an attacker admin-level access in the cloud contr...

CVE-2019-3798

Cloud Foundry Cloud Controller API (CAPI) prior to version 1.79.0 is affected by an improper authentication flaw in permission validation. A remote authenticated attacker who can create UAA clients and knows a victim’s email can escalate privileges to that victim by creating a client whose name m...

GHSA-Q3JG-4C82-J4XH Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Pivotal CredHub Service Broker

Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service...

CVE-2018-15795

Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service...

CVE-2018-15795

The CVE-2018-15795 entry concerns Pivotal CredHub Service Broker, prior to version 1.1.0, which uses a guessable random-number generation method when creating the service broker’s UAA client. The underlying issue is a weak PRNG that enables a remote attacker to guess the client secret and obtain ...

am.ik.home:uaa-client (>=1.0.0 <=1.9.0), am.ik.home:uaa-integration-test (>=1.0.0 <=1.9.0) +509 more potentially affected by CVE-2018-1260 via org.springframework.security.oauth:spring-security-oauth2 (>=2.0.0.RELEASE <=2.0.14.RELEASE)

org.springframework.security.oauth:spring-security-oauth2 MAVEN version =2.0.0.RELEASE, =1.0.0, =1.0.0, =1.0.0, =0.1.0, =1.0.0, =A.1.1.0, =A.1.1.0, =A.1.1.0, =A.1.1.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.1.11 - com.17jee:e-security-token =3.0.1.11 and more Source cves: CVE-2018-1260 Source...

CVE-2018-1264

Cloud Foundry Log Cache, versions prior to 1.1.1, logs its UAA client secret on startup as part of its envstruct report. A remote attacker who has gained access to the Log Cache VM can read this secret, gaining all privileges held by the Log Cache UAA client. In the worst case, if this client is ...

CVE-2018-1264

Cloud Foundry Log Cache, versions prior to 1.1.1, logs its UAA client secret on startup as part of its envstruct report. A remote attacker who has gained access to the Log Cache VM can read this secret, gaining all privileges held by the Log Cache UAA client. In the worst case, if this client is ...

Information disclosure

Cloud Foundry Log Cache, versions prior to 1.1.1, logs its UAA client secret on startup as part of its envstruct report. A remote attacker who has gained access to the Log Cache VM can read this secret, gaining all privileges held by the Log Cache UAA client. In the worst case, if this client is ...

CVE-2018-1264 Log Cache logs UAA client secret on startup

Cloud Foundry Log Cache, versions prior to 1.1.1, logs its UAA client secret on startup as part of its envstruct report. A remote attacker who has gained access to the Log Cache VM can read this secret, gaining all privileges held by the Log Cache UAA client. In the worst case, if this client is ...

CVE-2018-1264: Log Cache logs UAA client secret on startup | Cloud Foundry

Severity Critical Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using log-cache-release versions prior to 1.1.1 Description Cloud Foundry Log Cache, versions prior to 1.1.1, logs its UAA client secret on startup as part of its envstruct report. A remote...