Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23347PUBLISHED: 2021-03-03The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting (XSS) the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user.
CVE-2021-25315PUBLISHED: 2021-03-03
A Incorrect Implementation of Authentication Algorithm vulnerability in of SUSE SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE SUSE Linux Enterprise Server 15 ...
CVE-2021-27921PUBLISHED: 2021-03-03Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
CVE-2021-27922PUBLISHED: 2021-03-03Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.
CVE-2021-27923PUBLISHED: 2021-03-03Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.
User Rank: Apprentice
4/15/2014 | 11:15:42 AM
Most orgs when they're mature enough to need something like AD are ready to hire an EXPERT to do it for them. You're neglecting to mention the fact that you're freqently going to run into systems where the password complexity requirements are incompatable.
This isn't taking into consideration audit and compliance issues.
One last thing, while you don't say it, I'd be willing to bet your service is largely open source. What do you use fo your login services?