Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pivotal vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2015-5170
Cloud Foundry Runtime cf-release prior to 216, UAA prior to 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime prior to 1.7.0 allow remote malicious users to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack o...
Cloudfoundry Cf-release
Pivotal Software Cloud Foundry Elastic Runtime
Pivotal Software Cloud Foundry Uaa
9.8
CVSSv3
CVE-2015-5171
The password change functionality in Cloud Foundry Runtime cf-release prior to 216, UAA prior to 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime prior to 1.7.0 allow malicious users to have unspecified impact by leveraging failure to expire existing sessions.
Cloudfoundry Cf-release
Pivotal Software Cloud Foundry Elastic Runtime
Pivotal Software Cloud Foundry Uaa
8.8
CVSSv3
CVE-2015-5173
Cloud Foundry Runtime cf-release prior to 216, UAA prior to 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime prior to 1.7.0 allow malicious users to have unspecified impact via vectors involving emails with password recovery links, aka "Cross Domain Referer Leakage.&qu...
Cloudfoundry Cf-release
Pivotal Software Cloud Foundry Elastic Runtime
Pivotal Software Cloud Foundry Uaa
9.8
CVSSv3
CVE-2015-5172
Cloud Foundry Runtime cf-release prior to 216, UAA prior to 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime prior to 1.7.0 allow malicious users to have unspecified impact by leveraging failure to expire password reset links.
Cloudfoundry Cf-release
Pivotal Software Cloud Foundry Elastic Runtime
Pivotal Software Cloud Foundry Uaa
7.5
CVSSv3
CVE-2016-6653
The MariaDB audit_plugin component in Pivotal Cloud Foundry (PCF) cf-mysql-release 27 and 28 allows remote malicious users to obtain sensitive information by reading syslog messages, as demonstrated by cleartext credentials.
Pivotal Software Cloud Foundry Cf Mysql 28.0
Pivotal Software Cloud Foundry Cf Mysql 27.0
8.1
CVSSv3
CVE-2016-6659
Cloud Foundry prior to 248; UAA 2.x prior to 2.7.4.12, 3.x prior to 3.6.5, and 3.7.x up to and including 3.9.x prior to 3.9.3; and UAA bosh release (aka uaa-release) prior to 13.9 for UAA 3.6.5 and prior to 24 for UAA 3.9.3 allow malicious users to gain privileges by accessing UA...
Cloudfoundry Cloud Foundry Uaa Bosh
Pivotal Software Cloud Foundry
Pivotal Software Cloud Foundry Uaa
9.8
CVSSv3
CVE-2018-1273
Spring Data Commons, versions before 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted r...
Pivotal Software Spring Data Commons
Pivotal Software Spring Data Rest
Apache Ignite 1.0.0
Apache Ignite
5 Github repositories
7.5
CVSSv3
CVE-2023-34054
In Reactor Netty HTTP Server, versions 1.1.x before 1.1.13 and versions 1.0.x before 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable if Reactor Netty HTTP ...
Pivotal Reactor Netty
7.5
CVSSv3
CVE-2023-34062
In Reactor Netty HTTP Server, versions 1.1.x before 1.1.13 and versions 1.0.x before 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP Server is...
Pivotal Reactor Netty
2 Github repositories
5.4
CVSSv3
CVE-2022-31683
Concourse (7.x.y before 7.8.3 and 6.x.y before 6.7.9) contains an authorization bypass issue. A Concourse user can send a request with body including :team_name=team2 to bypass team scope check to gain access to certain resources belong to any other team.
Pivotal Software Concourse
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »