|
247251
|
9.8 |
CRITICAL
Network
|
vmware
pivotal_software
|
spring_boot
spring_data_rest
|
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use s…
|
CWE-20
Improper Input Validation
|
CVE-2017-8046
|
2024-11-21 12:33 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247252
|
9.8 |
CRITICAL
Network
|
emc
|
scaleio
|
An issue was discovered in EMC ScaleIO 2.0.1.x. A buffer overflow vulnerability in the SDBG service may potentially allow a remote unauthenticated attacker to execute arbitrary commands with root pri…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8020
|
2024-11-21 12:33 |
2017-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247253
|
7.5 |
HIGH
Network
|
emc
|
scaleio
|
An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in message parsers (MDM, SDS, and LIA) could potentially allow an unauthenticated remote attacker to send specifically crafted packets …
|
CWE-20
Improper Input Validation
|
CVE-2017-8019
|
2024-11-21 12:33 |
2017-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247254
|
8.4 |
HIGH
Local
|
dell
|
emc_scaleio
|
An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2017-8001
|
2024-11-21 12:33 |
2017-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247255
|
9.8 |
CRITICAL
Network
|
pivotal_software
|
spring_advanced_message_queuing_protocol
|
In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-8045
|
2024-11-21 12:33 |
2017-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247256
|
6.1 |
MEDIUM
Network
|
vmware
|
single_sign-on_for_pivotal_cloud_foundry
|
In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading…
|
CWE-79
Cross-site Scripting
|
CVE-2017-8044
|
2024-11-21 12:33 |
2017-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247257
|
5.9 |
MEDIUM
Network
|
pivotal
|
spring_web_flow
|
An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., …
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2017-8039
|
2024-11-21 12:33 |
2017-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247258
|
8.8 |
HIGH
Network
|
pivotal_software
|
credhub-release
|
In Cloud Foundry Foundation Credhub-release version 1.1.0, access control lists (ACLs) enforce whether an authenticated user can perform an operation on a credential. For installations using ACLs, th…
|
NVD-CWE-noinfo
|
CVE-2017-8038
|
2024-11-21 12:33 |
2017-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247259
|
5.3 |
MEDIUM
Network
|
cloudfoundry
|
cf-release
uaa-release
|
An issue was discovered in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1). In some ca…
|
NVD-CWE-noinfo
|
CVE-2017-8031
|
2024-11-21 12:33 |
2017-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247260
|
8.1 |
HIGH
Network
|
pivotal_software
debian
|
spring-ldap
debian_linux
|
In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.s…
|
CWE-287
Improper Authentication
|
CVE-2017-8028
|
2024-11-21 12:33 |
2017-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
