|
219361
|
8.8 |
HIGH
Network
|
cloudfoundry
|
container_runtime
|
Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s worker nodes that contains a configuration file with IAAS credentials. A malicious user with access to the k8s nodes can obtain …
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2019-3780
|
2024-11-21 13:42 |
2019-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219362
|
8.8 |
HIGH
Network
|
cloudfoundry
|
container_runtime
|
Cloud Foundry Container Runtime, versions prior to 0.29.0, deploys Kubernetes clusters utilize the same CA (Certificate Authority) to sign and trust certs for ETCD as used by the Kubernetes API. This…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2019-3779
|
2024-11-21 13:42 |
2019-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219363
|
6.5 |
MEDIUM
Network
|
cloudfoundry
|
stratos
|
Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a …
|
CWE-384
Session Fixation
|
CVE-2019-3784
|
2024-11-21 13:42 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219364
|
8.8 |
HIGH
Network
|
cloudfoundry
|
stratos
|
Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos s…
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2019-3783
|
2024-11-21 13:42 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219365
|
8.8 |
HIGH
Network
|
cloudfoundry
|
command_line_interface
|
Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. A local unauthenticated or remote authenticated malicious user with access to log…
|
CWE-200
Information Exposure
|
CVE-2019-3781
|
2024-11-21 13:42 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219366
|
9.8 |
CRITICAL
Network
|
pivotal_software
|
application_service
|
Pivotal Application Service (PAS), versions 2.2.x prior to 2.2.12, 2.3.x prior to 2.3.7 and 2.4.x prior to 2.4.3, contain apps manager that uses a cloud controller proxy that fails to verify SSL cert…
|
CWE-295
Improper Certificate Validation
|
CVE-2019-3777
|
2024-11-21 13:42 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219367
|
6.5 |
MEDIUM
Network
|
pivotal_software
oracle
|
spring_security_oauth
banking_corporate_lending
|
Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector …
|
CWE-601
Open Redirect
|
CVE-2019-3778
|
2024-11-21 13:42 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219368
|
5.4 |
MEDIUM
Network
|
pivotal_software
|
operations_manager
|
Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions prior to 2.3.10, 2.4.x versions prior to 2.4.3, contains a reflected cross site scripting vu…
|
CWE-79
Cross-site Scripting
|
CVE-2019-3776
|
2024-11-21 13:42 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219369
|
6.5 |
MEDIUM
Network
|
cloudfoundry
|
uaa_release
|
Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a …
|
CWE-287
Improper Authentication
|
CVE-2019-3775
|
2024-11-21 13:42 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219370
|
8.8 |
HIGH
Adjacent
|
dell
|
wyse_thinlinux_hagent
windows_embedded_standard_wyse_device_agent
|
Dell WES Wyse Device Agent versions prior to 14.1.2.9 and Dell Wyse ThinLinux HAgent versions prior to 5.4.55 00.10 contain a buffer overflow vulnerability. An unauthenticated attacker may potentiall…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2019-3712
|
2024-11-21 13:42 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
