Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-25 | CVE-2016-3084 | Permissions, Privileges, and Access Controls vulnerability in multiple products The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of Login-server, UAA release v10 and earlier versions and Pivotal Elastic Runtime versions prior to 1.7.2 is vulnerable to a brute force attack due to multiple active codes at a given time. | 8.1 |
| 2017-05-25 | CVE-2016-0780 | Resource Management Errors vulnerability in multiple products It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal Cloud Foundry Elastic Runtime 1.6.x versions prior to 1.6.18 do not properly enforce disk quotas in certain cases. | 7.5 |
| 2017-05-25 | CVE-2015-3191 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the change_email form in UAA is vulnerable to a CSRF attack. | 8.8 |
| 2017-05-25 | CVE-2014-0225 | XXE vulnerability in multiple products When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. | 8.8 |
| 2017-05-25 | CVE-2014-0097 | Improper Authentication vulnerability in VMWare Spring Security The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. | 7.3 |
| 2017-05-24 | CVE-2017-9230 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Bitcoin The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. | 7.5 |
| 2017-05-24 | CVE-2017-9229 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. | 7.5 |
| 2017-05-24 | CVE-2017-2824 | OS Command Injection vulnerability in Zabbix An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. | 8.1 |
| 2017-05-24 | CVE-2017-2823 | Use After Free vulnerability in Poweriso 6.8 A use-after-free vulnerability exists in the .ISO parsing functionality of PowerISO 6.8. | 7.8 |
| 2017-05-24 | CVE-2017-2819 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hancom Hangul Word Processor and Thinkfree Office NEO An exploitable heap-based buffer overflow exists in the Hangul Word Processor component (version 9.6.1.4350) of Hancom Thinkfree Office NEO 9.6.1.4902. | 7.8 |