Lucene search
+L

105 matches found

Cvelist
Cvelist
added 2016/09/30 12:0 a.m.25 views

CVE-2016-6651

The UAA /oauth/token endpoint in Pivotal Cloud Foundry PCF before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and...

8.6AI score0.01748EPSS
Exploits0References2
Cvelist
Cvelist
added 2016/09/30 12:0 a.m.26 views

CVE-2016-6637

Multiple cross-site request forgery CSRF vulnerabilities in Pivotal Cloud Foundry PCF before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops...

9.7AI score0.00726EPSS
Exploits0References2
CVE
CVE
added 2016/09/30 12:0 a.m.55 views

CVE-2016-6636

CVE-2016-6636 affects Pivotal Cloud Foundry components and related UAA releases. The vulnerability arises from improper validation of redirect_uri subdomains in the OAuth authorization flow, enabling a remote attacker to obtain implicit access tokens by using a modified subdomain. Affected softwa...

5.3CVSS5.1AI score0.01385EPSS
Exploits0References2Affected Software5
NVD
NVD
added 2016/09/18 2:59 a.m.18 views

CVE-2016-6639

Cloud Foundry PHP Buildpack aka php-buildpack before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry PCF Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products, place the .profile file in the htdocs directory, which might allow remote attackers t...

7.5CVSS7.4AI score0.01704EPSS
Exploits0References2
NVD
NVD
added 2016/09/18 2:59 a.m.16 views

CVE-2016-0928

Multiple open redirect vulnerabilities in Pivotal Cloud Foundry PCF Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...

7.4CVSS7.4AI score0.01383EPSS
Exploits0References2
OSV
OSV
added 2016/09/18 2:59 a.m.6 views

CVE-2016-0928

Multiple open redirect vulnerabilities in Pivotal Cloud Foundry PCF Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...

7.4CVSS5.9AI score0.01383EPSS
Exploits0References2
OSV
OSV
added 2016/09/18 2:59 a.m.7 views

CVE-2016-0926

Cross-site scripting XSS vulnerability in Apps Manager in Pivotal Cloud Foundry PCF Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or HTML via unspecified input that improperly interacts with the AngularJS framework...

6.1CVSS5.9AI score0.01122EPSS
Exploits0References2
NVD
NVD
added 2016/09/18 2:59 a.m.21 views

CVE-2016-0896

Pivotal Cloud Foundry PCF Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the allopen Application Security Group, which might allow remote attackers to bypass intended network-connectivity restrictions by leveraging access to the 169.254.169.254 address...

7.5CVSS7.2AI score0.01005EPSS
Exploits0References2
Prion
Prion
added 2016/09/18 2:59 a.m.16 views

Open redirect

Multiple open redirect vulnerabilities in Pivotal Cloud Foundry PCF Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...

5.8CVSS7.4AI score0.01383EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2016/09/18 2:59 a.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in Apps Manager in Pivotal Cloud Foundry PCF Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or HTML via unspecified input that improperly interacts with the AngularJS framework...

4.3CVSS6.2AI score0.01122EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2016/09/18 2:59 a.m.16 views

Security feature bypass

Pivotal Cloud Foundry PCF Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the allopen Application Security Group, which might allow remote attackers to bypass intended network-connectivity restrictions by leveraging access to the 169.254.169.254 address...

7.5CVSS7.3AI score0.01005EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2016/09/18 1:0 a.m.23 views

CVE-2016-0896

Pivotal Cloud Foundry PCF Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the allopen Application Security Group, which might allow remote attackers to bypass intended network-connectivity restrictions by leveraging access to the 169.254.169.254 address...

7.2AI score0.01005EPSS
Exploits0References2
CVE
CVE
added 2016/09/18 1:0 a.m.51 views

CVE-2016-6639

Cloud Foundry PHP Buildpack (aka php-buildpack) and PHP Buildpack Cf-release prior to 4.3.18 / 242 expose the .profile file in the htdocs directory, enabling remote HTTP GET requests to disclose sensitive information. Root cause: default exposure of .profile within the buildpack payload used by P...

7.5CVSS7.4AI score0.01704EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2016/09/18 1:0 a.m.23 views

CVE-2016-0926

Cross-site scripting XSS vulnerability in Apps Manager in Pivotal Cloud Foundry PCF Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or HTML via unspecified input that improperly interacts with the AngularJS framework...

6.1AI score0.01122EPSS
Exploits0References2
Cvelist
Cvelist
added 2016/09/18 1:0 a.m.27 views

CVE-2016-6639

Cloud Foundry PHP Buildpack aka php-buildpack before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry PCF Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products, place the .profile file in the htdocs directory, which might allow remote attackers t...

7.4AI score0.01704EPSS
Exploits0References2
Cvelist
Cvelist
added 2016/09/18 1:0 a.m.21 views

CVE-2016-0928

Multiple open redirect vulnerabilities in Pivotal Cloud Foundry PCF Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...

7.4AI score0.01383EPSS
Exploits0References2
CVE
CVE
added 2016/09/18 1:0 a.m.46 views

CVE-2016-0926

CVE-2016-0926 is a cross-site scripting (XSS) vulnerability in Pivotal Cloud Foundry (PCF) Elastic Runtime 's Apps Manager . The flaw affects Elastic Runtime versions prior to 1.6.32 and prior to 1.7.8 for the 1.7.x line, where untrusted input that interacts with the AngularJS framework can be re...

6.1CVSS6AI score0.01122EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2016/09/18 1:0 a.m.38 views

CVE-2016-0896

CVE-2016-0896 affects Pivotal Cloud Foundry Elastic Runtime. The issue occurs when older releases (1.6.x before 1.6.34 and 1.7.x before 1.7.12) place the 169.254.0.0/16 range into the all_open Application Security Group, potentially allowing remote attackers who can access the 169.254.169.254 add...

7.5CVSS7.2AI score0.01005EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2016/09/18 1:0 a.m.45 views

CVE-2016-0928

The CVE pertains to Pivotal Cloud Foundry Elastic Runtime (PCF) with open redirect vulnerabilities in versions prior to 1.6.30 and 1.7.x before 1.7.8 . The underlying issue is open redirect flaws that allow remote attackers to redirect users to arbitrary external sites, enabling phishing when use...

7.4CVSS7.3AI score0.01383EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2016/07/29 12:0 a.m.6 views

Pivotal Cloud Foundry Elastic Runtime Security Bypass Vulnerability

Pivotal Cloud Foundry is an open source Platform-as-a-Service PaaS cloud computing platform from Pivotal Software that provides container scheduling, continuous delivery, and automated service deployment.Elastic Runtime is a runtime environment for Pivotal Cloud Foundry. A security bypass...

7.5CVSS6.8AI score0.01005EPSS
Exploits0References1
Rows per page
Query Builder