8 matches found
EUVD-2017-14077
Malware in sbrugna...
CVE-2019-5736: runC container breakout | Cloud Foundry
Severity High Vendor Open Container Initiative Affected Cloud Foundry Products and Versions Severity is High unless otherwise noted. BPM All prior to v1.0.3 Cloud Foundry Container Runtime CFCR All versions prior to v0.29.0 Docker BOSH Release All versions prior to v34.0.0 Garden runC All version...
CVE-2017-4961
An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x versions. In certain cases an authenticated Director user can provide a malicious checksum that could allow them to escalate their privileges on the Director VM, aka "BOSH Director Shell...
CVE-2017-4994
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14, and other versions prior to v4.3.0; and UAA bosh release uaa-release 13.x versions prior to v13.16,...
Sql injection
An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x versions. In certain cases an authenticated Director user can provide a malicious checksum that could allow them to escalate their privileges on the Director VM, aka "BOSH Director Shell...
CVE-2017-4961
CVE-2017-4961 affects Cloud Foundry Foundation’s BOSH Director (BOSH Release 261.x before 261.3 and all 260.x). An authenticated Director user can supply a malicious checksum, enabling privilege escalation on the Director VM ("BOSH Director Shell Injection Vulnerabilities"). Practical impact is e...
CVE-2017-4972: Blind SQL Injection in UAA | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v257 UAA release: 2.x versions prior to v2.7.4.14 3.6.x versions prior to v3.6.8 3.9.x versions prior to v3.9.10 Other versions prior to v3.15.0 UAA bosh release uaa-release: 13.x versions prior to v13.12...
USN-2991-1 nginx vulnerability | Cloud Foundry
USN-2991-1 nginx vulnerability Medium Vendor Nginx, Canonical Ubuntu Versions Affected BOSH-release versions prior to 255.11 Description It was discovered that nginx incorrectly handled saving client request bodies to temporary files. A remote attacker could possibly use this issue to cause nginx...