Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-05-26 CVE-2017-9033 Cross-Site Request Forgery (CSRF) vulnerability in Trendmicro Serverprotect 3.0
Cross-site request forgery (CSRF) vulnerability in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows remote attackers to hijack the authentication of users for requests to start an update from an arbitrary source via a crafted request to SProtectLinux/scanoption_set.cgi, related to the lack of anti-CSRF tokens.
network
low complexity
trendmicro CWE-352
8.8
2017-05-26 CVE-2017-7439 Information Exposure vulnerability in Netapp Oncommand Unified Manager Core Package
NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might allow remote attackers to obtain sensitive information via vectors involving error messages.
network
low complexity
netapp CWE-200
7.5
2017-05-26 CVE-2017-7236 SQL Injection vulnerability in Netapp Oncommand Unified Manager Core Package
SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
netapp CWE-89
7.5
2017-05-25 CVE-2016-5007 Permissions, Privileges, and Access Controls vulnerability in multiple products
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively.
network
low complexity
pivotal-software vmware CWE-264
7.5
2017-05-25 CVE-2016-4977 Data Processing Errors vulnerability in Pivotal Spring Security Oauth
When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.
network
low complexity
pivotal CWE-19
8.8
2017-05-25 CVE-2016-3084 Permissions, Privileges, and Access Controls vulnerability in multiple products
The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of Login-server, UAA release v10 and earlier versions and Pivotal Elastic Runtime versions prior to 1.7.2 is vulnerable to a brute force attack due to multiple active codes at a given time.
network
high complexity
pivotal-software cloudfoundry CWE-264
8.1
2017-05-25 CVE-2016-0780 Resource Management Errors vulnerability in multiple products
It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal Cloud Foundry Elastic Runtime 1.6.x versions prior to 1.6.18 do not properly enforce disk quotas in certain cases.
network
low complexity
pivotal-software cloudfoundry CWE-399
7.5
2017-05-25 CVE-2015-3191 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the change_email form in UAA is vulnerable to a CSRF attack.
network
low complexity
pivotal-software cloudfoundry CWE-352
8.8
2017-05-25 CVE-2014-0225 XXE vulnerability in multiple products
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration.
network
low complexity
pivotal-software vmware CWE-611
8.8
2017-05-25 CVE-2014-0097 Improper Authentication vulnerability in VMWare Spring Security
The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length.
network
low complexity
vmware CWE-287
7.3