Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pivotal software vulnerabilities and exploits
(subscribe to this query)
7.4
CVSSv3
CVE-2020-5399
Cloud Foundry CredHub, versions before 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access t...
Cloudfoundry Credhub
Pivotal Software Cloud Foundry Cf-deployment
7.4
CVSSv3
CVE-2016-6657
An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runtime 1.8.x versions to 1.8.12 or later. Upgrade PCF Ops Manager 1.7.x versions to ...
Pivotal Software Cloud Foundry Ops Manager 1.8.3
Pivotal Software Cloud Foundry Ops Manager 1.8.4
Pivotal Software Cloud Foundry Ops Manager 1.8.5
Pivotal Software Cloud Foundry Ops Manager 1.8.6
Pivotal Software Cloud Foundry Ops Manager 1.7.10
Pivotal Software Cloud Foundry Ops Manager 1.7.11
Pivotal Software Cloud Foundry Ops Manager 1.7.12
Pivotal Software Cloud Foundry Ops Manager 1.7.2
Pivotal Software Cloud Foundry Ops Manager 1.8.0
Pivotal Software Cloud Foundry Ops Manager 1.7.13
Pivotal Software Cloud Foundry Ops Manager 1.7.14
Pivotal Software Cloud Foundry Ops Manager 1.7.15
Pivotal Software Cloud Foundry Ops Manager 1.7.7
Pivotal Software Cloud Foundry Ops Manager 1.7.8
Pivotal Software Cloud Foundry Ops Manager 1.7.9
Pivotal Software Cloud Foundry Ops Manager 1.8.1
Pivotal Software Cloud Foundry Ops Manager 1.8.8
Pivotal Software Cloud Foundry Ops Manager 1.8.10
Pivotal Software Cloud Foundry Ops Manager 1.7.16
Pivotal Software Cloud Foundry Ops Manager 1.7.18
Pivotal Software Cloud Foundry Ops Manager 1.7.1
Pivotal Software Cloud Foundry Ops Manager 1.7.3
7.3
CVSSv3
CVE-2016-0896
Pivotal Cloud Foundry (PCF) Elastic Runtime prior to 1.6.34 and 1.7.x prior to 1.7.12 places 169.254.0.0/16 in the all_open Application Security Group, which might allow remote malicious users to bypass intended network-connectivity restrictions by leveraging access to the 169.25...
Pivotal Software Cloud Foundry Elastic Runtime 1.7.6
Pivotal Software Cloud Foundry Elastic Runtime 1.7.4
Pivotal Software Cloud Foundry Elastic Runtime 1.7.5
Pivotal Software Cloud Foundry Elastic Runtime 1.7.7
Pivotal Software Cloud Foundry Elastic Runtime 1.7.0
Pivotal Software Cloud Foundry Elastic Runtime 1.7.1
Pivotal Software Cloud Foundry Elastic Runtime 1.7.8
Pivotal Software Cloud Foundry Elastic Runtime 1.7.9
Pivotal Software Cloud Foundry Elastic Runtime 1.7.10
Pivotal Software Cloud Foundry Elastic Runtime 1.7.2
Pivotal Software Cloud Foundry Elastic Runtime 1.7.3
Pivotal Software Cloud Foundry Elastic Runtime 1.7.11
Pivotal Software Cloud Foundry Elastic Runtime
7.2
CVSSv3
CVE-2018-1265
Cloud Foundry Diego, release versions before 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack that will allow a complete takeover of a Diego Cell VM and access to all apps runnin...
Pivotal Software Cloud Foundry Diego
Cloudfoundry Cf-deployment
7.2
CVSSv3
CVE-2018-1262
Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, g...
Pivotal Software Cloud Foundry Uaa 4.13.2
Pivotal Software Cloud Foundry Uaa 4.13.3
Pivotal Software Cloud Foundry Uaa 4.13.1
Pivotal Software Cloud Foundry Uaa 4.12.1
Pivotal Software Cloud Foundry Uaa 4.13.4
Pivotal Software Cloud Foundry Uaa 4.12.0
Pivotal Software Cloud Foundry Uaa 4.13.0
Pivotal Software Cloud Foundry Uaa 4.12.2
Pivotal Software Cloud Foundry Uaa-release 57.1
Pivotal Software Cloud Foundry Uaa-release 58
Pivotal Software Cloud Foundry Uaa-release 57
Cloudfoundry Cf-deployment
7.2
CVSSv3
CVE-2017-4991
An issue exists in Cloud Foundry Foundation cf-release versions prior to v260; UAA release 2.x versions prior to v2.7.4.16, 3.6.x versions prior to v3.6.10, 3.9.x versions prior to v3.9.12, and other versions prior to v3.17.0; and UAA bosh release (uaa-release) 13.x versions prio...
Pivotal Software Cloud Foundry Uaa 2.7.4.15
Pivotal Software Cloud Foundry Uaa 3.6.6
Pivotal Software Cloud Foundry Uaa 3.6.4
Pivotal Software Cloud Foundry Uaa 3.9.8
Pivotal Software Cloud Foundry Uaa 3.9.5
Pivotal Software Cloud Foundry Uaa 2.7.4.13
Pivotal Software Cloud Foundry Uaa 2.2.5.4
Pivotal Software Cloud Foundry Uaa 2.7.4.4
Pivotal Software Cloud Foundry Uaa 3.6.9
Pivotal Software Cloud Foundry Uaa 2.7.4.5
Pivotal Software Cloud Foundry Uaa 2.7.1
Pivotal Software Cloud Foundry Uaa 2.7.3
Pivotal Software Cloud Foundry Uaa 2.7.4
Pivotal Software Cloud Foundry Uaa 2.7.4.1
Pivotal Software Cloud Foundry Uaa 2.7.4.2
Pivotal Software Cloud Foundry Uaa 2.7.4.3
Pivotal Software Cloud Foundry Uaa 2.7.4.7
Pivotal Software Cloud Foundry Uaa 2.7.4.8
Pivotal Software Cloud Foundry Uaa 2.7.4.12
Pivotal Software Cloud Foundry Uaa 3.6.2
Pivotal Software Cloud Foundry Uaa 3.6.3
Pivotal Software Cloud Foundry Uaa 3.6.5
7.2
CVSSv3
CVE-2016-6656
An issue exists in Pivotal Greenplum prior to 4.3.10.0. Creation of external tables using GPHDFS protocol has a vulnerability whereby arbitrary commands can be injected into the system. In order to exploit this vulnerability the user must have superuser 'gpadmin' access...
Pivotal Software Greenplum
6.7
CVSSv3
CVE-2020-5419
RabbitMQ versions 3.8.x before 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binar...
Pivotal Software Rabbitmq
Vmware Rabbitmq
6.6
CVSSv3
CVE-2017-8032
In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x versions prior to v3.9.15, 3.20.x versions prior to v3.20.0, and other versions prior to v4.4.0; and UAA bosh release (uaa-release) 13.x versions pri...
Pivotal Software Cloud Foundry Uaa 2.2.5.4
Pivotal Software Cloud Foundry Uaa 2.7.1
Pivotal Software Cloud Foundry Uaa 2.7.2
Pivotal Software Cloud Foundry Uaa 2.7.3
Pivotal Software Cloud Foundry Uaa 2.7.4.14
Pivotal Software Cloud Foundry Uaa 2.7.4.15
Pivotal Software Cloud Foundry Uaa 2.7.4.16
Pivotal Software Cloud Foundry Uaa 3.6.1
Pivotal Software Cloud Foundry Uaa 3.9.3
Pivotal Software Cloud Foundry Uaa 3.9.4
Pivotal Software Cloud Foundry Uaa 3.9.5
Pivotal Software Cloud Foundry Uaa 3.9.6
Pivotal Software Cloud Foundry Uaa 2.7.4
Pivotal Software Cloud Foundry Uaa 2.7.4.2
Pivotal Software Cloud Foundry Uaa 2.7.4.4
Pivotal Software Cloud Foundry Uaa 2.7.4.9
Pivotal Software Cloud Foundry Uaa 2.7.4.12
Pivotal Software Cloud Foundry Uaa 3.6.3
Pivotal Software Cloud Foundry Uaa 3.6.5
Pivotal Software Cloud Foundry Uaa 3.6.12
Pivotal Software Cloud Foundry Uaa 3.9.2
Pivotal Software Cloud Foundry Uaa 3.9.7
1 Article
6.5
CVSSv3
CVE-2020-5408
Spring Security versions 5.3.x before 5.3.2, 5.2.x before 5.2.4, 5.1.x before 5.1.10, 5.0.x before 5.0.16 and 4.2.x before 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data t...
Vmware Spring Security
Pivotal Software Spring Security
2 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site request forgery
CVE-2024-34351
CVE-2024-1076
CVE-2024-25522
CVE-2024-34547
CVE-2024-4644
unauthorized
remote
CVE-2024-4671
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »