14 matches found
EUVD-2016-7543
Malware in sbrugna...
EUVD-2016-0746
Malware in sbrugna...
Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45105 ) impact on Cloud Foundry Products | Cloud Foundry
Severity Critical Vendor Cloud Foundry Foundation Description A critical vulnerability in Apache Log4j identified by CVE-2021-44228 has been publicly disclosed . Log4j versions prior to 2.15.0 are subject to a remote code execution vulnerability via the ldap JNDI parser and may allow for remote...
Information disclosure
Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP...
CVE-2016-0715
Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP...
Multiple CVEs: httpoxy | Cloud Foundry
Multiple CVEs: httpoxy Low Vendor Cloud Foundry Versions Affected Go Buildpack versions prior to 1.7.10 PHP Buildpack versions prior to 4.3.17 Description httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. It involves to a namespace conflict...
Pivotal Cloud Foundry Elastic Runtime Information Disclosure Vulnerability
Pivotal Cloud Foundry PCF is an open source Platform-as-a-Service PaaS cloud computing platform from Pivotal Software that provides container scheduling, continuous delivery, and automated service deployment.Elastic Runtime is a runtime environment for Pivotal Cloud Foundry. Cloud Foundry PHP...
CVE-2016-6639
Cloud Foundry PHP Buildpack aka php-buildpack before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry PCF Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products, place the .profile file in the htdocs directory, which might allow remote attackers t...
CVE-2016-6639
Cloud Foundry PHP Buildpack aka php-buildpack before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry PCF Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products, place the .profile file in the htdocs directory, which might allow remote attackers t...
Cross site request forgery (csrf)
Cloud Foundry PHP Buildpack aka php-buildpack before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry PCF Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products, place the .profile file in the htdocs directory, which might allow remote attackers t...
CVE-2016-6639
Cloud Foundry PHP Buildpack (aka php-buildpack) and PHP Buildpack Cf-release prior to 4.3.18 / 242 expose the .profile file in the htdocs directory, enabling remote HTTP GET requests to disclose sensitive information. Root cause: default exposure of .profile within the buildpack payload used by P...
CVE-2016-6639
Cloud Foundry PHP Buildpack aka php-buildpack before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry PCF Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products, place the .profile file in the htdocs directory, which might allow remote attackers t...
CVE-2016-6639: PHP Buildpack exposes .profile file | Cloud Foundry
CVE-2016-6639: PHP Buildpack exposes .profile file Medium Vendor Cloud Foundry Foundation Versions Affected PHP Buildpack versions prior to v4.3.18 Cf-release versions prior to v242 Description The .profile file, which can potentially include environment variables and credentials, is exposed by...
USN-2740-1 ICU Vulnerabilities | Cloud Foundry
USN-2740-1 ICU Vulnerabilities Medium to Low Vendor Canonical Ubuntu Versions Affected icu – International Components for Unicode library Description Atte Kettunen discovered that ICU incorrectly handled certain converter names. If an application using ICU processed crafted data, a remote attacke...