| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2019-3801 |
1 Cloudfoundry |
2 Cf-deployment, Uaa Release |
2019-10-09 |
5.0 |
| Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and... |
| CVE-2019-11277 |
1 Cloudfoundry |
1 Cf-deployment |
2019-10-09 |
5.5 |
| Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation,... |
| CVE-2018-1191 |
1 Cloudfoundry |
1 Cf-deployment |
2019-10-09 |
3.5 |
| Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability. A user with access to Garden logs may be able to obtain leaked credentials and perform authenticated actions using those credentials. |
| CVE-2018-1193 |
1 Cloudfoundry |
2 Cf-deployment, Routing-release |
2019-10-03 |
5.0 |
| Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only... |
