Page 4 of 20 results (0.005 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability was discovered in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to execute arbitrary commands on servers running Cloud Foundry. Un problema fue descubierto en Cloud Foundry Foundation Cloud Foundry liberado en versiones anteriores a la v245 y cf-mysql liberado anterior a la v31. Una inyección de comando fue descubierta en un script común usado por varios componentes de Cloud Foundry. • http://www.securityfocus.com/bid/93889 https://www.cloudfoundry.org/cve-2016-6655 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 7.5EPSS: 0%CPEs: 36EXPL: 0

It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal Cloud Foundry Elastic Runtime 1.6.x versions prior to 1.6.18 do not properly enforce disk quotas in certain cases. An attacker could use an improper disk quota value to bypass enforcement and consume all the disk on DEAs/CELLs causing a potential denial of service for other applications. Se detectó que cf-release versión v231 e inferior, Pivotal Cloud Foundry Elastic Runtime versiones 1.5.x anteriores a 1.5.17 y Pivotal Cloud Foundry Elastic Runtime versiones 1.6.x anteriores a 1.6.18, no hacen cumplir las cuotas de disco apropiadamente en ciertos casos. Un atacante podría usar un valor de cuota de disco inapropiado para omitir la ejecución y consumo de todo el disco en DEAs/CELLs, causando una potencial denegación de servicio para otras aplicaciones. • https://pivotal.io/security/cve-2016-0780 • CWE-399: Resource Management Errors •

CVSS: 6.5EPSS: 0%CPEs: 22EXPL: 0

The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20 are not cleansing request URL paths when they are invalid and are returning them in the 404 response. This could allow malicious scripts to be written directly into the 404 response. Los endpoints de Loggregator Traffic Controller en cf-release versiones v231 e inferiores, Pivotal Elastic Runtime anteriores a 1.5.19 y versiones 1.6.x anteriores a 1.6.20, no están limpiando las rutas (path) URL de petición cuando no son válidas y son devueltas en la respuesta 404 . Esto podría permitir que los scripts maliciosos se escriban directamente en la respuesta 404. • https://pivotal.io/security/cve-2016-2165 • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

The Cloud Controller in Cloud Foundry cf-release versions prior to v255 allows authenticated developer users to exceed memory and disk quotas for tasks. El Cloud Controller en Cloud Foundry cf-release en versiones anteriores a v255 permiten a los usuarios de desarrolladores autenticados superar las cuotas de memoria y disco para las tareas. • https://www.cloudfoundry.org/cve-2017-4969 •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component logs. These logs are written to disk and often sent to a log aggregator via syslog. Se descubrió un problema Cloud Foundry Foundation cf-release en versiones anteriores a v250 y CAPI-release en versiones anteriores a v1.12.0. Cloud Foundry registra las credenciales devueltas por los intermediarios de servicio en los registros de componentes del sistema Cloud Controller. • http://www.securityfocus.com/bid/95441 https://www.cloudfoundry.org/cve-2016-9882 • CWE-532: Insertion of Sensitive Information into Log File •