Vulnerabilities > Cloudfoundry > CF Release > 209
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-13 | CVE-2016-8219 | Improper Privilege Management vulnerability in Cloudfoundry Capi-Release and Cf-Release An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0. | 6.5 |
| 2017-06-13 | CVE-2016-8218 | Improper Input Validation vulnerability in Cloudfoundry Cf-Release An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. | 9.8 |
| 2017-06-13 | CVE-2016-6655 | Command Injection vulnerability in Cloudfoundry Cf-Mysql-Release An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. | 9.8 |
| 2017-05-25 | CVE-2016-2165 | Improper Input Validation vulnerability in multiple products The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20 are not cleansing request URL paths when they are invalid and are returning them in the 404 response. | 6.5 |
| 2017-05-25 | CVE-2015-3191 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the change_email form in UAA is vulnerable to a CSRF attack. | 8.8 |
| 2017-05-25 | CVE-2015-3190 | Open Redirect vulnerability in multiple products With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an open redirect which allows an attacker to insert malicious web page as a redirect parameter. | 6.1 |
| 2017-04-20 | CVE-2017-4969 | Unspecified vulnerability in Cloudfoundry Cf-Release The Cloud Controller in Cloud Foundry cf-release versions prior to v255 allows authenticated developer users to exceed memory and disk quotas for tasks. | 6.5 |
| 2017-01-13 | CVE-2016-9882 | Information Exposure Through Log Files vulnerability in Cloudfoundry Capi-Release and Cf-Release An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. | 7.5 |