Lucene search
K

67 matches found

Cloud Foundry
Cloud Foundry
added 2020/03/09 12:0 a.m.57 views

CVE-2019-15605: Node.js is vulnerable to request smuggling | Cloud Foundry

Severity Critical Vendor Cloud Foundry Foundation Description Cloud Foundry Node.js Buildpack, versions prior to 1.7.11, defaults to a version of Node.js that is vulnerable to HTTP request smuggling, which allows malicious payload delivery to unsuspecting users. Affected Cloud Foundry Products an...

9.8CVSS9.6AI score0.57132EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/05/16 12:0 a.m.27 views

SUSE SLED15 / SLES15 Security Update : cf-cli (SUSE-SU-2019:1220-1)

"This update for cf-cli fixes the following issues : cf-cli was updated: to version 6.43.0 bsc1132242 Enhancements : cf curl supports a new --fail flag primarily for scripting purposes which returns exit code 22 for server errors story Improves cf delete-orphaned-routes such that it uses a...

8.8CVSS6.8AI score0.01329EPSS
Exploits0References20
Prion
Prion
added 2018/09/11 5:29 p.m.22 views

Information disclosure

Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP...

4.3CVSS5.7AI score0.01558EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/09/11 5:29 p.m.20 views

CVE-2016-0715

Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP...

5.9CVSS5.6AI score0.01249EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2018/08/09 4:20 a.m.35 views

Security Bulletin: IBM® SDK for Node.js™ in IBM Bluemix may be affected by CVE-2016-1669

Summary Buffer overflow in the Google V8 Javascript implementation used by IBM SDK for Node.js Vulnerability Details CVEID: CVE-2016-1669 DESCRIPTION: Google Chrome is vulnerable to a buffer overflow, caused by an error in V8. By persuading a victim to visit a specially-crafted Web site, a remote...

9.3CVSS1.8AI score0.04227EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/08/09 4:20 a.m.33 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM® SDK for Node.js™ in IBM Bluemix (CVE-2017-3731 CVE-2017-3732 CVE-2016-7055)

Summary OpenSSL vulnerabilities were disclosed on January 26, 2017 by the OpenSSL Project. OpenSSL is used by IBM SDK for Node.js. IBM SDK for Node.js has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-3731 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by...

7.5CVSS1AI score0.57595EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/08/09 4:20 a.m.34 views

Security Bulletin: A vulnerability in OpenSSL affect IBM® SDK for Node.js™ in IBM Cloud (CVE-2018-0739)

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM SDK for Node.js for IBM Cloud. IBM SDK for Node.js for IBM Cloud has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-0739 DESCRIPTION: OpenSSL is vulnerable to a denial of service. B...

6.5CVSS0.8AI score0.19295EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2018/07/17 12:0 a.m.4 views

Cloud Foundry and Cloud Foundry Java Buildpack Information Disclosure Vulnerability

Cloud Foundry and Cloud Foundry Java Buildpack are both products of the Cloud Foundry Foundation, an open source Platform-as-a-Service PaaS cloud computing platform that provides container scheduling, continuous delivery, and automated service deployment.Cloud Foundry Java Buildpack is an...

5.9CVSS5.4AI score0.01558EPSS
Exploits0References1
NVD
NVD
added 2018/07/11 8:29 p.m.21 views

CVE-2016-0708

Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. For applications to be vulnerable, they must have been staged using automatic buildpack...

5.9CVSS5.7AI score0.01558EPSS
Exploits0References1
OSV
OSV
added 2018/07/11 8:29 p.m.19 views

CVE-2016-0708

Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. For applications to be vulnerable, they must have been staged using automatic buildpack...

5.9CVSS6.8AI score0.01558EPSS
Exploits0References1
Prion
Prion
added 2018/07/11 8:29 p.m.21 views

Design/Logic Flaw

Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. For applications to be vulnerable, they must have been staged using automatic buildpack...

4.3CVSS5.8AI score0.01558EPSS
Exploits0References1Affected Software2
CNVD
CNVD
added 2018/06/08 12:0 a.m.9 views

Cloud Foundry Diego Privilege Gain Vulnerability

Cloud Foundry Diego is a container management system used in the Cloud Foundry cloud computing platform from the Cloud Foundry Foundation in the United States. A security vulnerability exists in Cloud Foundry Diego versions prior to 2.8.0, which stems from the program's failure to properly filter...

7.2CVSS7.2AI score0.01771EPSS
Exploits0References1
NVD
NVD
added 2018/06/06 8:29 p.m.29 views

CVE-2018-1265

Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack that will allow a complete takeover of a Diego Cell VM and access to all apps running on that Diego...

7.2CVSS7AI score0.01771EPSS
Exploits0References1
OSV
OSV
added 2018/06/06 8:29 p.m.28 views

CVE-2018-1265

Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack that will allow a complete takeover of a Diego Cell VM and access to all apps running on that Diego...

7.2CVSS7.2AI score0.01771EPSS
Exploits0References1
CVE
CVE
added 2018/06/06 8:0 p.m.51 views

CVE-2018-1265

Summary: CVE-2018-1265 affects Cloud Foundry Diego (diego-release before 2.8.0; cf-deployment before v1.37.0). The root cause is improper sanitization/validation of file paths in tar and zip headers, enabling a remote authenticated attacker with CF admin privileges to upload a malicious buildpack...

7.2CVSS6.9AI score0.01771EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2018/03/29 10:29 p.m.13 views

Design/Logic Flaw

Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL basic auth or OAuth to access the buildpack through the CLI. For example, the...

4CVSS6.8AI score0.00883EPSS
Exploits0References1Affected Software2
NVD
NVD
added 2018/03/29 10:29 p.m.23 views

CVE-2016-6658

Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL basic auth or OAuth to access the buildpack through the CLI. For example, the...

9.6CVSS9.3AI score0.00883EPSS
Exploits0References1
OSV
OSV
added 2018/03/29 10:29 p.m.25 views

CVE-2016-6658

Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL basic auth or OAuth to access the buildpack through the CLI. For example, the...

9.6CVSS9.4AI score0.00883EPSS
Exploits0References1
CVE
CVE
added 2018/03/29 10:0 p.m.46 views

CVE-2016-6658

CVE-2016-6658 affects cf-release before 245. It allows configuring and pushing with a user-provided buildpack URL that may include credentials (basic auth or OAuth) to access a private buildpack. The buildpack URL is stored unencrypted, so an operator with privileged Cloud Controller DB access co...

9.6CVSS9.2AI score0.00883EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/03/29 10:0 p.m.27 views

CVE-2016-6658

Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL basic auth or OAuth to access the buildpack through the CLI. For example, the...

9.3AI score0.00883EPSS
Exploits0References1
Rows per page
Query Builder