Filtered by vendor Pivotal Subscriptions
Total 30 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-3203 1 Pivotal 1 Spring-flex 2024-08-05 N/A
The Java implementations of AMF3 deserializers in Pivotal/Spring Spring-flex derive class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI server connection may be able to send serialized Java objects that execute arbitrary code when deserialized.
CVE-2018-1190 2 Cloudfoundry, Pivotal 3 Cf-release, Uaa, Uaa Bosh 2024-08-05 N/A
An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0. A cross-site scripting (XSS) attack is possible in the clientId parameter of a request to the UAA OpenID Connect check session iframe endpoint used for single logout session management.
CVE-2019-19029 2 Linuxfoundation, Pivotal 2 Harbor, Vmware Harbor Registry 2024-08-05 7.2 High
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform.
CVE-2019-19026 2 Linuxfoundation, Pivotal 2 Harbor, Vmware Harbor Registry 2024-08-05 4.9 Medium
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform.
CVE-2019-19023 2 Linuxfoundation, Pivotal 2 Harbor, Vmware Harbor Registry 2024-08-05 8.8 High
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 has a Privilege Escalation Vulnerability in the VMware Harbor Container Registry for the Pivotal Platform.
CVE-2019-19025 2 Linuxfoundation, Pivotal 2 Harbor, Vmware Harbor Registry 2024-08-05 8.8 High
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container Registry for the Pivotal Platform.
CVE-2022-31684 2 Pivotal, Redhat 3 Reactor Netty, Camel Spring Boot, Openshift Application Runtimes 2024-08-03 4.3 Medium
Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled.
CVE-2023-34061 1 Pivotal 2 Cloud Foundry Deployment, Cloud Foundry Routing Release 2024-08-02 7.5 High
Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.
CVE-2023-34054 1 Pivotal 1 Reactor Netty 2024-08-02 5.3 Medium
In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in integration with Micrometer is enabled.
CVE-2023-20885 1 Pivotal 3 Cloud Foundry Nfs Volume, Cloud Foundry Notifications, Cloud Foundry Smb Volume 2024-08-02 6.5 Medium
Vulnerability in Cloud Foundry Notifications, Cloud Foundry SMB-volume release, Cloud FOundry cf-nfs-volume release.This issue affects Notifications: All versions prior to 63; SMB-volume release: All versions prior to 3.1.19; cf-nfs-volume release: 5.0.X versions prior to 5.0.27, 7.1.X versions prior to 7.1.19.