2695 matches found
CVE-2016-3091 Diego log encoding vulnerability | Cloud Foundry
CVE-2016-3091 Diego log encoding vulnerability High Vendor Cloud Foundry Foundation Versions Affected Diego-release versions 0.1468.0 through 0.1470.0 Description Due to how Diego handles breaking up large log streams on UTF-8 boundaries, it is possible to cause a denial of service on a Cloud...
USN-2957-1 Libtasn1 vulnerability | Cloud Foundry
USN-2957-1 Libtasn1 vulnerability Medium Vendor Canonical Ubuntu, Libtasn1 Versions Affected Ubuntu 14.04 LTS Description Pascal Cuoq and Miod Vallat discovered that Libtasn1 incorrectly handled certain malformed DER certificates. A remote attacker could possibly use this issue to cause...
USN-2949-1 Linux kernel (Vivid HWE) vulnerabilities | Cloud Foundry
USN-2949-1 Linux kernel Vivid HWE vulnerabilities Low/Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel’s CXGB3 driver. A local attacker could use this to cause a denial of service...
USN-2959-1 OpenSSL vulnerabilities | Cloud Foundry
USN-2959-1 OpenSSL vulnerabilities High Vendor Canonical Ubuntu, OpenSSL Versions Affected Canonical Ubuntu 14.04 LTS, OpenSSLv1 Description Huzaifa Sidhpurwala, Hanno Böck, and David Benjamin discovered that OpenSSL incorrectly handled memory when decoding ASN.1 structures. A remote attacker cou...
USN-2935-2 PAM regression | Cloud Foundry
USN-2935-2 PAM regression Low Vendor Ubuntu Versions Affected Ubuntu 14.04 LTS Description USN-2935-1 fixed vulnerabilities in PAM. The updates contained a packaging change that prevented upgrades in certain multiarch environments. USN-2935-2 fixes the problem. Original issues from USN-2935-1: It...
CVE-2015-5170-5173 UAA Vulnerabilities | Cloud Foundry
CVE-2015-5170-5173 UAA Vulnerabilities Low Vendor Cloud Foundry Foundation Versions Affected cf-release versions v215 & prior UAA versions 2.5.1 & prior Description CSRF Attack on PWS. It is possible to log the user into another account instead of the account they intended to log into because of...
Samba and Windows Vulnerabilities | Cloud Foundry
Samba and Windows Vulnerabilities Medium Vendor Samba, Microsoft Windows Versions Affected The following versions of Samba are affected: 3.6.x, 4.0.x, 4.1.x, 4.2.0-4.2.9, 4.3.0-4.3.6, and 4.4.0. The affected Microsoft Windows versions can be viewed here:...
Pivotal Software Cloud Foundry Denial of Service Vulnerability
Pivotal Software Cloud Foundry is an open source Platform-as-a-Service PaaS cloud computing platform from Pivotal Software that provides container scheduling, continuous delivery, and automated service deployment.Elastic Runtime is Pivotal Cloud Foundry's A runtime environment. A denial of servic...
USN-2919-1 JasPer vulnerabilities | Cloud Foundry
USN-2919-1 JasPer vulnerabilities Medium Vendor Ubuntu, JasPer Versions Affected Ubuntu 14.04 LTS Description Jacob Baines discovered that JasPer incorrectly handled ICC color profiles in JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote...
USN-2916-1 Perl vulnerabilities | Cloud Foundry
USN-2916-1 Perl vulnerabilities Medium Vendor Ubuntu, Perl Versions Affected Ubuntu 14.04 LTS Description Several security issues were fixed in Perl. It was discovered that Perl incorrectly handled certain regular expressions with an invalid back-reference. An attacker could use this issue to cau...
USN-2925-1 Bind9 vulnerabilities | Cloud Foundry
USN-2925-1 Bind9 vulnerabilities Medium Vendor Ubuntu, Bind9 Versions Affected Ubuntu 14.04 LTS Description Bind could be made to crash if it received specially crafted network traffic. It was discovered that Bind incorrectly handled input received by the rndc control channel. A remote attacker...
USN-2914-1 OpenSSL vulnerabilities | Cloud Foundry
USN-2914-1 OpenSSL vulnerabilities Low Vendor Ubuntu, OpenSSL Versions Affected Ubuntu 14.04 LTS SSLv1 Description Several security issues were fixed in OpenSSL. Yuval Yarom, Daniel Genkin, and Nadia Heninger discovered that OpenSSL was vulnerable to a side-channel attack on modular exponentiatio...
USN-2927-1 Graphite2 vulnerabilities | Cloud Foundry
USN-2927-1 Graphite2 vulnerabilities Medium Vendor Graphite2 Versions Affected Ubuntu 14.04 Description Graphite2 could be made to crash or run programs as your login if it opened a specially crafted font. It was discovered that graphite2 incorrectly handled certain malformed fonts. If a user or...
Warning about NPM modules | Cloud Foundry
Warning about NPM modules Advisory Vendor Node Package Manager NPM Versions Affected Cloud Foundry NodeJS Buildpack Description If your app developers deploy Node applications, we’d like to alert you to recent developments with NPM and module ownership in the Node community. A blog post was...
USN-2939-1 LibTIFF vulnerabilities | Cloud Foundry
USN-2939-1 LibTIFF vulnerabilities Low Vendor Ubuntu, LibTIFF Versions Affected Ubuntu 14.04 Description LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or...
USN-2918-1 Pixman vulnerabilities | Cloud Foundry
USN-2918-1 Pixman vulnerabilities Medium Vendor Ubuntu, Pixman Versions Affected Ubuntu 14.04 LTS Description Pixman could be made to crash or run programs as your login if it processed specially crafted data. Vincent LE GARREC discovered an integer underflow in pixman. If a user were tricked int...
CVE-2016-2165 Loggregator Request URL Paths | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation, VMware Cloud Foundry Versions Affected cf-release v231 and lower Description The Loggregator Traffic Controller endpoints are not cleansing request URL paths when they are invalid and is returning them in the 404 response. This could allow maliciou...
Pivotal Software Cloud Foundry Elastic Runtime Unauthorized Operation Vulnerability
Pivotal Software Cloud Foundry is an open source Platform-as-a-Service PaaS cloud computing platform from Pivotal Software that provides container scheduling, continuous delivery, and automated service deployment.Elastic Runtime is Pivotal Cloud Foundry's A runtime environment. A security...
CVE-2016-0800 & CVE-2016-0703 OpenSSL vulnerabilities | Cloud Foundry
CVE-2016-0800 & CVE-2016-0703 OpenSSL vulnerabilities High Vendor OpenSSL Versions Affected SSLv2 Description The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possess...
USN-2910-1 Linux kernel vulnerability | Cloud Foundry
USN-2910-1 Linux kernel vulnerability High Vendor Ubuntu Versions Affected Ubuntu 14.04 Description halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges...