Vulnerabilities > Pivotal Software > Cloud Foundry Elastic Runtime > 1.6.16
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-25 | CVE-2016-0780 | Resource Management Errors vulnerability in multiple products It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal Cloud Foundry Elastic Runtime 1.6.x versions prior to 1.6.18 do not properly enforce disk quotas in certain cases. | 7.5 |
| 2017-05-25 | CVE-2016-0761 | Data Processing Errors vulnerability in multiple products Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing container files during Docker image preparation that could be used to delete, corrupt or overwrite host files and directories, including other container filesystems on the host. | 9.8 |
| 2017-05-02 | CVE-2016-5006 | Information Exposure vulnerability in Pivotal Software Cloud Foundry and Cloud Foundry Elastic Runtime The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain sensitive user credential information via unspecified vectors. | 9.8 |
| 2017-04-24 | CVE-2016-5016 | Improper Certificate Validation vulnerability in Pivotal Software products Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired. | 5.9 |
| 2016-09-18 | CVE-2016-0926 | Cross-site Scripting vulnerability in Pivotal Software Cloud Foundry Elastic Runtime Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or HTML via unspecified input that improperly interacts with the AngularJS framework. | 6.1 |
| 2016-09-18 | CVE-2016-0896 | 7PK - Security Features vulnerability in Pivotal Software Cloud Foundry Elastic Runtime Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Application Security Group, which might allow remote attackers to bypass intended network-connectivity restrictions by leveraging access to the 169.254.169.254 address. | 7.3 |