Lucene search
K

60 matches found

CVE
CVE
added 2017/06/13 6:0 a.m.46 views

CVE-2016-8218

CVE-2016-8218 affects Cloud Foundry’s routing-release (versions prior to 0.142.0) and cf-release (203–231). The issue is incomplete validation in JSON Web Token (JWT) libraries, enabling unprivileged attackers to impersonate other users to the routing API. Remediation: upgrade routing-release to ...

9.8CVSS9.3AI score0.01297EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2017/06/13 6:0 a.m.29 views

CVE-2017-4970

An issue was discovered in Cloud Foundry Foundation cf-release v255 and Staticfile buildpack versions v1.4.0 - v1.4.3. A regression introduced in the Static file build pack causes the Staticfile.auth configuration to be ignored when the Static file file is not present in the application root...

5.7AI score0.00692EPSS
Exploits0References1
CVE
CVE
added 2017/06/13 6:0 a.m.49 views

CVE-2016-8219

The CVE affects Cloud Foundry Foundation cf-release before 250 and CAPI-release before 1.12.0. The vulnerability arises because a SpaceAuditor can restage applications, enabling over-privileged actions that could cause application downtime if restaging fails. Mitigation is to upgrade cf-release t...

6.5CVSS6.3AI score0.00974EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2017/06/13 6:0 a.m.48 views

CVE-2017-4970

CVE-2017-4970 describes a regression in the Cloud Foundry cf-release v255 and Staticfile buildpack v1.4.0–v1.4.3. The Staticfile buildpack regression causes the Staticfile.auth configuration to be ignored when the Staticfile is not present in the application root; apps that contain a Staticfile.a...

5.9CVSS5.6AI score0.00692EPSS
Exploits0References1Affected Software2
CNVD
CNVD
added 2017/05/27 12:0 a.m.6 views

Open Redirect Vulnerability in Multiple Pivotal Products at Login

Pivotal Cloud Foundry PCF Runtime cf-release and others are products of Pivotal Software, Inc. PCF is an open source Platform-as-a-Service PaaS cloud computing platform that provides container scheduling, continuous delivery, and automated service deployment. cf-release is a release version of PC...

6.1CVSS6.9AI score0.00717EPSS
Exploits0References1
OSV
OSV
added 2017/05/25 5:29 p.m.23 views

CVE-2016-0780

It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal Cloud Foundry Elastic Runtime 1.6.x versions prior to 1.6.18 do not properly enforce disk quotas in certain cases. An attacker could use an improper disk quota value ...

7.5CVSS6.8AI score0.01136EPSS
Exploits0References1
NVD
NVD
added 2017/05/25 5:29 p.m.15 views

CVE-2015-1834

A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2. Path traversal is the 'outbreak' of a given directory structure through relative file pat...

6.5CVSS6.4AI score0.01685EPSS
Exploits0References2
NVD
NVD
added 2017/05/25 5:29 p.m.24 views

CVE-2016-0780

It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal Cloud Foundry Elastic Runtime 1.6.x versions prior to 1.6.18 do not properly enforce disk quotas in certain cases. An attacker could use an improper disk quota value ...

7.5CVSS7.5AI score0.01136EPSS
Exploits0References1
Prion
Prion
added 2017/05/25 5:29 p.m.19 views

Input validation

It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal Cloud Foundry Elastic Runtime 1.6.x versions prior to 1.6.18 do not properly enforce disk quotas in certain cases. An attacker could use an improper disk quota value ...

5CVSS7.1AI score0.01136EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2017/05/25 5:0 p.m.52 views

CVE-2016-2165

CVE-2016-2165 affects Cloud Foundry cf-release legacy branches: cf-release v231 and older, plus Pivotal Elastic Runtime versions before 1.5.19 and 1.6.x before 1.6.20. The Loggregator Traffic Controller endpoints do not cleanse invalid request URL paths, and these paths are echoed in 404 response...

6.5CVSS6.3AI score0.00862EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2017/05/25 5:0 p.m.25 views

CVE-2016-0780

It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal Cloud Foundry Elastic Runtime 1.6.x versions prior to 1.6.18 do not properly enforce disk quotas in certain cases. An attacker could use an improper disk quota value ...

7.5AI score0.01136EPSS
Exploits0References1
CVE
CVE
added 2017/05/25 5:0 p.m.49 views

CVE-2016-0780

CVE-2016-0780 affects cf-release v231 and earlier and Pivotal Cloud Foundry Elastic Runtime: 1.5.x versions before 1.5.17 and 1.6.x versions before 1.6.18. The root cause is improper enforcement of disk quotas, allowing an attacker to use an incorrect quota value to bypass enforcement and exhaust...

7.5CVSS7.4AI score0.01136EPSS
Exploits0References1Affected Software2
CNVD
CNVD
added 2017/04/28 12:0 a.m.6 views

Cloud Foundry cf-release exceeds quota vulnerability

Cloud Foundry is an open source multi-cloud application platform as a service PaaS managed by the Cloud Foundry Foundation. An out-of-quota vulnerability exists in Cloud Foundry cf-release, where the "Cloud Controller" in Cloud Foundry cf-release enables a certified developer user to exceed a...

6.8CVSS6.6AI score0.00936EPSS
Exploits0References1
Prion
Prion
added 2017/04/20 10:59 p.m.13 views

Design/Logic Flaw

The Cloud Controller in Cloud Foundry cf-release versions prior to v255 allows authenticated developer users to exceed memory and disk quotas for tasks...

6.8CVSS6.3AI score0.00936EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/04/20 10:0 p.m.26 views

CVE-2017-4969

The Cloud Controller in Cloud Foundry cf-release versions prior to v255 allows authenticated developer users to exceed memory and disk quotas for tasks...

6.4AI score0.00936EPSS
Exploits0References1
CVE
CVE
added 2017/04/20 10:0 p.m.46 views

CVE-2017-4969

The CVE-2017-4969 issue affects the Cloud Foundry cf-release Cloud Controller (pre-v255). A design/logic flaw allows authenticated developer users to exceed a task’s memory and disk quotas, enabling overconsumption relative to configured quotas. Impact is described as a quota-exceeding condition ...

6.8CVSS6.3AI score0.00936EPSS
Exploits0References1Affected Software1
Cloud Foundry
Cloud Foundry
added 2017/04/04 12:0 a.m.45 views

CVE-2015-3281 HAProxy vulnerabilities | Cloud Foundry

Severity Medium Vendor HAProxy Versions Affected HAProxy 1.5.x Description It was discovered that HAProxy incorrectly handled certain buffers. A remote attacker could possibly use this issue to obtain sensitive information belonging to previous requests. Affected Products and Versions Severity is...

5CVSS5.9AI score0.04274EPSS
Exploits0
OSV
OSV
added 2017/01/13 9:59 a.m.18 views

CVE-2016-9882

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component logs. These logs are written to disk and often sent to a log...

7.5CVSS6.7AI score0.01687EPSS
Exploits0References2
Cloud Foundry
Cloud Foundry
added 2016/02/01 12:0 a.m.29 views

CVE-2016-0713: Gorouter XSS | Cloud Foundry

Severity Medium Vendor Cloud Foundry Foundation Description A vulnerability has been discovered in the gorouter process that allows a cross-site-scripting XSS attack. Should a malicious actor intermediate requests from clients to the router, modifying the request to contain malicious code, this...

4.7CVSS4.8AI score0.00541EPSS
Exploits0
Cloud Foundry
Cloud Foundry
added 2015/10/07 12:0 a.m.11 views

USN-2739-1 FreeType Vulnerabilities | Cloud Foundry

USN-2739-1 FreeType Vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected libfreetype6 2.5.2-1ubuntu2.5 – FreeType 2 is a font engine library Description It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially...

7.6AI score
Exploits0
Rows per page
Query Builder