Vulnerabilidades en Pivotal

67 resultados

CVE-2016-4977—When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_tEPSS 79.2%CVE-2017-8046—Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1EPSS 72.8%CVE-2018-15756HIGHDoS Attack via Range RequestsEPSS 9.5%CVE-2018-1260—Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versioEPSS 8.4%CVE-2018-1259—Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, conEPSS 5.3%CVE-2019-11287MEDIUMRabbitMQ Web Management Plugin DoS via heap overflowEPSS 4.5%CVE-2018-1257—Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to exposEPSS 3.3%CVE-2018-11040—Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable EPSS 3.2%CVE-2013-6430—The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properlEPSS 3.2%CVE-2018-11039—Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to cEPSS 2.8%CVE-2016-5007—Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization EPSS 2.5%CVE-2018-1258—Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using metEPSS 2.4%CVE-2018-1280—Pivotal Greenplum Command Center versions 2.x prior to 2.5.1 contains a blind SQL injection vulnerability. An unauthenticated user can perfoEPSS 2.2%CVE-2018-15758CRITICALPrivilege Escalation in spring-security-oauth2EPSS 2.2%CVE-2019-3777HIGHApps Manager unverified SSL certs in Cloud Controller proxyEPSS 1.9%CVE-2018-1279HIGHRabbitMQ cluster compromise due to deterministically generated cookieEPSS 1.8%CVE-2014-3527—When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service intEPSS 1.8%CVE-2018-15759CRITICALOn Demand Services SDK Timing Attack VulnerabilityEPSS 1.7%CVE-2014-0225—When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions EPSS 1.7%CVE-2015-1834—A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208EPSS 1.7%

← anteriorpágina 1 / 4siguiente →