CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11084 – Garden-runC prevents deletion of some app environments
https://notcve.org/view.php?id=CVE-2018-11084
18 Sep 2018 — Cloud Foundry Garden-runC release, versions prior to 1.16.1, prevents deletion of some app environments based on file attributes. A remote authenticated malicious user may create and delete apps with crafted file attributes to cause a denial of service for new app instances or scaling up of existing apps. Cloud Foundry Garden-runC release, en versiones anteriores a la 1.16.1, evita la eliminación de algunos entornos de aplicación basados en atributos de archivo. Un usuario autenticado remoto malicioso podrí... • https://www.cloudfoundry.org/blog/cve-2018-11084 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1277
https://notcve.org/view.php?id=CVE-2018-1277
30 Apr 2018 — Cloud Foundry Garden-runC, versions prior to 1.13.0, does not correctly enforce disc quotas for Docker image layers. A remote authenticated user may push an app with a malicious Docker image that will consume more space on a Diego cell than allocated in their quota, potentially causing a DoS against the cell. Cloud Foundry Garden-runC, en versiones anteriores a la 1.13.0, no aplica correctamente las cuotas de disco para las capas de imagen Docker. Un usuario autenticado remoto podría insertar una aplicación... • https://www.cloudfoundry.org/blog/cve-2018-1277 • CWE-400: Uncontrolled Resource Consumption •