| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2018-15800 |
1 Cloud Foundry |
1 Bits Service |
2019-10-09 |
3.5 |
| Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the... |
| CVE-2018-15755 |
1 Cloud Foundry |
1 Cf-networking |
2019-10-09 |
6.5 |
| Cloud Foundry CF Networking Release, versions 2.11.0 prior to 2.16.0, contain an internal api endpoint vulnerable to SQL injection between Diego cells and the policy server. A remote authenticated malicious user with mTLS certs can issue... |
| CVE-2017-4969 |
2 Cloud Foundry, Cloudfoundry |
2 Cf-release, Cf-release |
2019-10-03 |
6.8 |
| The Cloud Controller in Cloud Foundry cf-release versions prior to v255 allows authenticated developer users to exceed memory and disk quotas for tasks. |
| CVE-2017-8034 |
2 Cloud Foundry, Cloudfoundry |
6 Cf-release, Capi-release, Routing-release and 3 more |
2019-10-03 |
6.0 |
| The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. With... |
| CVE-2017-4961 |
1 Cloud Foundry |
1 Bosh |
2019-10-03 |
6.5 |
| An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x versions. In certain cases an authenticated Director user can provide a malicious checksum that could allow them to escalate their... |
| CVE-2017-4970 |
2 Cloud Foundry, Cloudfoundry |
4 Staticfile Buildpack, Cf-release, Cf-release and 1 more |
2019-10-03 |
4.3 |
| An issue was discovered in Cloud Foundry Foundation cf-release v255 and Staticfile buildpack versions v1.4.0 - v1.4.3. A regression introduced in the Static file build pack causes the Staticfile.auth configuration to be ignored when the Static... |
| CVE-2018-1269 |
1 Cloud Foundry |
1 Loggregator |
2019-08-14 |
4.0 |
| Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not handle errors thrown while constructing certain http requests. A remote authenticated... |
| CVE-2016-6639 |
2 Pivotal, Cloud Foundry |
3 Php Buildpack, Cloud Foundry Elastic Runtime, Cloud Foundry Php Buildpack |
2018-08-09 |
5.0 |
| Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products, place the .profile file in the... |
| CVE-2016-9882 |
2 Cloud Foundry, Cloudfoundry |
4 Cf-release, Capi-release, Capi-release and 1 more |
2017-11-08 |
5.0 |
| An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component logs. These... |
| CVE-2016-6655 |
2 Cloud Foundry, Cloudfoundry |
4 Cf-release, Cf-mysql-release, Cf-mysql-release and 1 more |
2017-11-08 |
7.5 |
| An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability was discovered in a common script used by many Cloud Foundry... |
| CVE-2016-8218 |
2 Cloud Foundry, Cloudfoundry |
4 Cf-release, Routing-release, Cf-release and 1 more |
2017-11-08 |
7.5 |
| An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other... |
| CVE-2016-3091 |
1 Cloud Foundry |
1 Diego |
2017-06-15 |
5.0 |
| Cloud Foundry Diego 0.1468.0 through 0.1470.0 allows remote attackers to cause a denial of service. |
