CVE-2014-8159 - Linux Kernel Infiniband Vulnerability | Cloud Foundry

CVE-2014-8159 – Linux Kernel Infiniband Vulnerability High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 10.04 LTS and 14.04 LTS Description It was found that the Linux kernel’s Infiniband subsystem did not properly sanitize input parameters while registering memory regions from the...

CVE-2014-0227 Apache Tomcat Request Smuggling | Cloud Foundry

CVE-2014-0227 Apache Tomcat Request Smuggling Important Vendor Apache Software Foundation Versions Affected Apache Tomcat 8.0.0-RC1 to 8.0.8 inclusive Apache Tomcat 7.0.0 to 7.0.54 inclusive Apache Tomcat 6.0.0 to 6.0.41 inclusive Description It was possible to craft a malformed chunk as part of ...

CVE-2015-0235 - GHOST | Cloud Foundry

CVE-2015-0235 – GHOST Critical Vendor Canonical, Red Hat Versions Affected Ubuntu 10.04 Lucid, 12.04 Precise, CentOS 6. Description A heap-based buffer overflow was found in nsshostnamedigitsdots, which is used by the gethostbyname and gethostbyname2 glibc function call. A remote attacker could u...

CVE-2014-3566 SSLV3 POODLE | Cloud Foundry

CVE-2014-3566 SSLV3 POODLE Moderate Vendor The SSL protocol 3.0, as used in OpenSSL through 1.0.1i Versions Affected SSLv3 Description SSL 3.0 RFC6101 is an obsolete and insecure protocol. While for most practical purposes it has been replaced by its successors TLS 1.0 RFC2246, TLS 1.1 RFC4346 an...

CVE-2014-7186 and CVE-2014-7187 - Bash Out of Bounds | Cloud Foundry

CVE-2014-7186 and CVE-2014-7187 – Bash Out of Bounds Moderate Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 10.04 LTS and 14.04 LTS that include bash through 4.3 bash43-026 Description Off-by-one error in the readtokenword function in parse.y in GNU Bash through 4.3 bash43-026 allows...

CVE-2014-6271 and CVE-2014-7169 - ShellShock | Cloud Foundry

CVE-2014-6271 and CVE-2014-7169 – ShellShock Important Vendor Canonical Ubuntu, CentOS Versions Affected Canonical Ubuntu 10.04 LTS that include bash CentOS 6.5 that include bash Description GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment...

CVE-2014-5119 glib_gconv_translit_find() exploit | Cloud Foundry

CVE-2014-5119 glibgconvtranslitfind exploit Important Vendor Canonical Ubuntu Versions Affected Ubuntu 14.04 LTS Ubuntu 12.04 LTS Ubuntu 10.04 LTS Description Certain applications could be made to crash or run programs as an administrator. Off-by-one error in the gconvtranslitfind function in...

CVE-2014-3153 Futex requeue exploit | Cloud Foundry

CVE-2014-3153 Futex requeue exploit Important to Low Vendor Canonical Ubuntu Versions Affected Linux kernel through 3.14.5 Description The futexrequeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local...

CVE-2014-0160 Heartbleed | Cloud Foundry

CVE-2014-0160 Heartbleed Critical Vendor OpenSSL.org Versions Affected 1.0.1 through 1.0.1f Description The 1 TLS and 2 DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from proces...