Pivotal Application Security Team


Overview

The Pivotal Application Security Team provides a single point of contact for the reporting of security vulnerabilities in Pivotal products and coordinates the process of investigating any reported vulnerabilities.

If you would like to subscribe to updates to this page, the RSS feed for all vulnerability reports is available at https://tanzu.vmware.com/security/rss or https://tanzu.vmware.com/security/parsed/rss. The RSS feed for just the notable vulnerabilities in dependences is available at https://tanzu.vmware.com/security/dependencies/rss and the RSS feed for just Pivotal product vulnerabilities is available at https://tanzu.vmware.com/security/pivotal/rss.

Reporting a vulnerability

We strongly encourage people to report security vulnerabilities privately to our security team before disclosing them in a public forum.

Please note that the e-mail address below should only be used for reporting undisclosed security vulnerabilities in Pivotal products and managing the process of fixing such vulnerabilities. We cannot accept regular bug reports or other security related queries at this address.

The e-mail address to use to contact the Pivotal Application Security Team is security@pivotal.io.

The fingerprint is: AA8F D966 7001 70B7 087E B407 04A1 595B 8F19 137B

It can be obtained from a public key server such as pgp.mit.edu.



Pivotal Product Vulnerability Reports
Date   CVE Reference   Description
13 oct 2020 MYSQL-SECURITY-UPDATES-APR2020   Various MySQL Security Updates from April 2020
13 oct 2020 MYSQL-SECURITY-UPDATES-JAN2020   Various MySQL Security Updates from January 2020
01 oct 2020 CVE-2020-5422   UAA password may appear in Operations Manager process arguments
17 sept 2020 CVE-2020-5421   RFD Protection Bypass via jsessionid
10 sept 2020 CVE-2020-5420   Gorouter is vulnerable to DoS attack via invalid HTTP responses
01 sept 2020 CVE-2020-5416   TAS clusters with NGINX in front of them may be vulnerable to DoS
27 août 2020 CVE-2020-5419   RabbitMQ arbitrary code execution using local binary planting
11 août 2020 CVE-2020-5415   Concourse's GitLab auth allows impersonation
04 août 2020 CVE-2020-5412   Hystrix Dashboard Proxy In spring-cloud-netflix-hystrix-dashboard
30 juil 2020 CVE-2020-5414   App Autoscaler logs credentials
30 juil 2020 CVE-2020-5396   JMX Insecure Default Configuration in GemFire
30 juil 2020 MYSQL-SECURITY-UPDATES-OCT2019   Various MySQL Security Updates from October 2019
30 juil 2020 MYSQL-SECURITY-UPDATES-JUL2019   Various MySQL Security Updates from July 2019
30 juil 2020 CVE-2019-11286   JMX Credential Deserialization in GemFire
23 juil 2020 CVE-2020-5413   Kryo Configuration Allows Code Execution with Unknown “Serialization Gadgets”
16 juil 2020 CVE-2020-15586   Gorouter is vulnerable to DoS Attack via Expect 100-continue requests
10 juin 2020 CVE-2020-5411   Jackson Configuration Allows Code Execution with Unknown “Serialization Gadgets”
01 juin 2020 CVE-2020-5410   Directory Traversal with spring-cloud-config-server
26 mai 2020 CVE-2019-15605   Node.js is vulnerable to request smuggling
13 mai 2020 CVE-2020-5409   Concourse Open Redirect in the /sky/login endpoint
07 mai 2020 CVE-2020-5408   Dictionary attack with Spring Security queryable text encryptor
07 mai 2020 CVE-2020-5407   Signature Wrapping Vulnerability with spring-security-saml2-service-provider
14 avril 2020 CVE-2020-5402   UAA fails to check the state parameter when authenticating with external IDPs
09 avril 2020 CVE-2020-5406   PCF Autoscaling logs its database credentials
06 avril 2020 CVE-2019-11282   UAA is vulnerable to a Blind SCIM injection leading to information disclosure
06 avril 2020 CVE-2020-5400   Cloud Controller logs environment variables from app manifests
04 mars 2020 CVE-2019-11290   UAA logs query parameters in tomcat access file
04 mars 2020 VARIOUS-JACKSON-CVES-UAA   Various CVEs UAA consumes vulnerable versions of FasterXML jackson-databind
03 mars 2020 CVE-2019-11253   PKS is vulnerable to a YAML/JSON parsing "Billion Laughs" Attack
27 févr 2020 CVE-2020-5404   Authentication Leak On Redirect With Reactor Netty HttpClient
27 févr 2020 CVE-2020-5403   DoS Via Malformed URL with Reactor Netty HTTP Server
26 févr 2020 CVE-2020-5405   Directory Traversal with spring-cloud-config-server
24 févr 2020 CVE-2020-5401   GoRouter is vulnerable to a cache poisoning DoS
12 févr 2020 CVE-2020-5399   CredHub does not properly enable TLS for MySQL database connections
11 févr 2020 CVE-2019-19604   Git submodule loading vulnerability
16 janv 2020 CVE-2020-5398   RFD Attack via “Content-Disposition” Header Sourced from Request Input by Spring MVC or Spring WebFlux Application
16 janv 2020 CVE-2020-5397   CSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFlux
15 janv 2020 CVE-2019-11288   tc Server JMX Socket Listener Registry Rebinding Local Privilege Escalation
10 janv 2020 CVE-2019-18802   CVE-2019-18801, CVE-2019-18838, MySQL for Pivotal Platform consumes a vulnerable version of Envoy
08 janv 2020 CVE-2019-11292   Ops Manager logs query parameters in tomcat access file
04 déc 2019 CVE-2019-9517   CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9518, CVE-2019-9511, CVE-2019-9516, Some Pivotal products are impacted by HTTP/2 denial of service attacks
04 déc 2019 CVE-2019-19029   SQL Injection via user-groups in VMware Harbor Container Registry for Pivotal Platform
04 déc 2019 CVE-2019-19026   SQL Injection via project quotas in VMware Harbor Container Registry for Pivotal Platform
04 déc 2019 CVE-2019-19025   Cross-Site Request Forgery Vulnerability in VMware Harbor Container Registry for Pivotal Platform
04 déc 2019 CVE-2019-19023   Privilege Escalation Vulnerability in VMware Harbor Container Registry for Pivotal Platform
04 déc 2019 CVE-2019-3990   User Enumeration Flaw in VMware Harbor Container Registry for Pivotal Platform
03 déc 2019 CVE-2019-11293   UAA logs all query parameters with debug logging level
22 nov 2019 CVE-2019-11287   RabbitMQ Web Management Plugin DoS via heap overflow
22 nov 2019 CVE-2019-11291   RabbitMQ XSS attack via federation and shovel endpoints
18 nov 2019 CVE-2019-11289   A forged route service request using an invalid nonce can cause the gorouter to panic and crash
06 nov 2019 CVE-2019-9893   libseccomp incorrectly generate 64-bit syscall argument comparisons
28 oct 2019 CVE-2019-16869   Reactor Netty Consumes a Vulnerable Version of Netty
24 oct 2019 CVE-2019-11249   PKS consumes a vulnerable version of kubectl
23 oct 2019 CVE-2019-11283   Password leak in smbdriver logs
17 oct 2019 CVE-2019-16919   Broken access control vulnerability in Harbor API
15 oct 2019 CVE-2019-11278   Privilege Escalation via Blind SCIM Injection in UAA
15 oct 2019 CVE-2019-11279   Privilege Escalation via Scope Manipulation in UAA
15 oct 2019 CVE-2019-11247   Kubernetes API Server Vulnerability
15 oct 2019 CVE-2018-15664   Docker Symlink Directory Traversal Vulnerability
15 oct 2019 CVE-2019-13139   Docker build code execution
14 oct 2019 CVE-2019-11281   RabbitMQ XSS attack
11 oct 2019 CVE-2019-11284   Reactor Netty authentication leak in redirects
25 sept 2019 CVE-2019-11275   CSV Injection in usage report downloaded from Pivotal Application Manager
23 sept 2019 CVE-2019-11277   Volume Services is vulnerable to an LDAP injection attack
19 sept 2019 CVE-2019-11280   Privilege escalation through the invitations service
20 août 2019 CVE-2019-3775   UAA allows users to modify their own email address
20 août 2019 CVE-2019-3788   UAA redirect-uri allows wildcards in the subdomain
20 août 2018 CVE-2019-3787   UAA defaults email address to an insecure domain
20 août 2019 CVE-2019-10164   Critical Security Issue in PostgreSQL
19 août 2019 CVE-2019-11276   Apps Manager sends tokens to Spring apps via HTTP
15 août 2019 CVE-2017-15694   Pivotal GemFire and Cloud Cache consume vulnerable versions of Apache Geode
14 août 2019 CVE-2019-13232   ClamAV Add-on for PCF consumes a vulnerable version of ClamAV
01 août 2019 CVE-2019-11270   UAA clients.write vulnerability
25 juil 2019 CVE-2019-3800   CF CLI writes the client id and secret to config file
25 juil 2019 CVE-2019-3781   CF CLI does not sanitize user's password in verbose/trace/debug
23 juil 2019 CVE-2019-11273   PKS Telemetry logs credentials
22 juil 2019 VARIOUS-SQL   Various MySQL Security Updates from July 2018 through January 2019
22 juil 2019 USN-4017-1   Linux kernel vulnerabilities
18 juil 2019 CVE-2019-3786   BBR could run arbitrary scripts on deployment VMs
28 juin 2019 CVE-2019-11271   Bosh Deployment logs leak sensitive information
19 juin 2019 CVE-2019-11272   PlaintextPasswordEncoder authenticates encoded passwords that are null
30 mai 2019 CVE-2019-5021   Tile generator affected by insecure default password
30 mai 2019 CVE-2019-11269   Open Redirector in spring-security-oauth2
24 mai 2019 CVE-2019-3790   Ops Manager uaa client issues tokens after refresh token expiration
13 mai 2019 CVE-2019-3802   Additional information exposure with Spring Data JPA example matcher
25 avril 2019 CVE-2019-3801   Java Projects using HTTP to fetch dependencies
24 avril 2019 CVE-2019-3798   Escalation of Privileges in Cloud Controller
24 avril 2019 CVE-2019-3789   Gorouter allows space developer to hijack route services hosted outside the platform
16 avril 2019 CVE-2019-3799   Directory Traversal with spring-cloud-config-server
12 avril 2019 CVE-2019-3793   Invitations Service supports HTTP connections
08 avril 2019 CVE-2019-3797   Additional information exposure with Spring Data JPA derived queries
04 avril 2019 CVE-2019-3795   Insecure Randomness When Using a SecureRandom Instance Constructed by Spring Security
01 avril 2019 CVE-2019-9946   Kubernetes affecting certain network configurations with CNI
01 avril 2019 CVE-2019-1002100   Kubernetes API Server Patch Request Consumes Excess Resource Cause Denial of Service
01 avril 2019 CVE-2019-1002101   Kubernetes kubectl - potential directory traversal
25 mars 2019 CVE-2019-3792   Concourse 5.0.0 SQL Injection vulnerability
07 mars 2019 CVE-2019-8331   Bootstrap XSS
28 févr 2019 CVE-2018-15754   UAA issues tokens across identity providers if users with matching usernames exist
26 févr 2019 CVE-2019-3777   Apps Manager unverified SSL certs in Cloud Controller proxy
21 févr 2019 CVE-2019-3778   Open Redirector in spring-security-oauth2
19 févr 2019 CVE-2019-3776   Reflected XSS in Pivotal Operations Manager
14 févr 2019 CVE-2019-3780   Cloud Foundry Container Runtime Leaks IAAS Credentials
14 févr 2019 CVE-2019-3779   Pivotal Container Service allows a user to bypass security policy when talking to ETCD
14 janv 2019 CVE-2019-3772   XML External Entity Injection (XXE)
14 janv 2019 CVE-2019-3773   XML External Entity Injection (XXE)
14 janv 2019 CVE-2019-3774   XML External Entity Injection (XXE)
08 janv 2019 KUBERNETES-API-SERVER   Kubernetes API Server acts as proxy for internal and external IPs
08 janv 2019 CVE-2019-3803   Concourse includes token in CLI authentication callback
04 janv 2019 CVE-2018-18264   Kubernetes Dashboard TLS Certificate Leak
18 déc 2018 CVE-2018-15801   Authorization Bypass During JWT Issuer Validation with spring-security
13 déc 2018 CVE-2018-15798   Pivotal Concourse allows malicious redirect urls on login
05 déc 2018 CVE-2018-1279   RabbitMQ cluster compromise due to deterministically generated cookie
15 nov 2018 CVE-2018-15759   On Demand Services SDK Timing Attack Vulnerability
09 nov 2018 CVE-2018-15795   CredHub Service Broker uses guessable client secret
29 oct 2018 CVE-2018-15762   Pivotal Operations Manager gives all users heightened privileges
16 oct 2018 CVE-2018-15758   Privilege Escalation in spring-security-oauth2
16 oct 2018 CVE-2018-15756   DoS Attack via Range Requests
10 oct 2018 CVE-2018-11084   Garden-runC prevents deletion of some app environments
10 oct 2018 CVE-2018-15755   CF networking internal policy server SQL injection
03 oct 2018 CVE-2018-11083   BOSH accepts refresh token as access token
02 oct 2018 CVE-2018-15763   PKS leaks IaaS credentials to application logs
27 sept 2018 CVE-2018-11081   Ops Manager writes UAA credentials to disk
13 sept 2018 CVE-2018-1198   PCC bosh deployment logs print a superuser password in plain text
13 sept 2018 CVE-2018-11088   CF admin credentials accessible to developers through Applications Manager
13 sept 2018 CVE-2018-11086   CF admin credentials accessible to developers through usage service
11 sept 2018 CVE-2018-11087   RabbitMQ (Spring-AMQP) Host name verification
23 juil 2018 CVE-2018-11044   Apps Manager allows unescaped content in invitation emails
10 juil 2018 CVE-2018-11045   Operations Manager image contains static LRNG seed file
20 juin 2018 CVE-2018-11046   Operations Manager includes outdated NGINX packages
14 juin 2018 CVE-2018-11040   JSONP enabled by default in MappingJackson2JsonView
14 juin 2018 CVE-2018-11039   Cross Site Tracing (XST) with Spring Framework
11 mai 2018 CVE-2018-1263   Unsafe Unzip with spring-integration-zip
10 mai 2018 CVE-2018-1278   Apps Manager allows unauthorized org invitations
09 mai 2018 CVE-2018-1261   Unsafe Unzip with spring-integration-zip
09 mai 2018 CVE-2018-1260   Remote Code Execution with spring-security-oauth2
09 mai 2018 CVE-2018-1259   XXE with Spring Data’s XMLBeam integration
09 mai 2018 CVE-2018-1258   Unauthorized Access with Spring Security Method Security
09 mai 2018 CVE-2018-1257   ReDoS Attack with spring-messaging
07 mai 2018 CVE-2018-1280   Blind SQL injection in Pivotal Greenplum Command Center
30 avril 2018 CVE-2018-1256   Issuer validation regression in Spring Cloud SSO Connector
10 avril 2018 CVE-2018-1274   Denial of Service with Spring Data
10 avril 2018 CVE-2018-1273   RCE with Spring Data Commons
09 avril 2018 CVE-2018-1275   Address partial fix for CVE-2018-1270
05 avril 2018 CVE-2018-1272   Multipart Content Pollution with Spring Framework
05 avril 2018 CVE-2018-1271   Directory Traversal with Spring MVC on Windows
05 avril 2018 CVE-2018-1270   Remote Code Execution with spring-messaging
16 mars 2018 CVE-2018-1230   Spring Batch Admin vulnerable to Cross Site Request Forgery
16 mars 2018 CVE-2018-1229   Stored XSS in file upload of Spring Batch Admin
13 févr 2018 CVE-2018-1200   Apps Manager File Access Vulnerability
30 janv 2018 CVE-2018-1196   Symlink privilege escalation attack via Spring Boot launch script
29 janv 2018 CVE-2018-1199   Security bypass with static resources
16 oct 2017 CVE-2017-8028   Spring-LDAP authentication with userSearch and STARTTLS allows authentication with arbitrary password
21 sept 2017 CVE-2017-8046   RCE in PATCH requests in Spring Data REST
19 sept 2017 CVE-2017-8045   Remote code execution in spring-amqp
15 sept 2017 CVE-2017-8039   Data Binding Expression Vulnerability in Spring Web Flow
31 août 2017 CVE-2017-8044   XSS vulnerability in Single Sign-On for PCF via DOM-based query parameters
31 août 2017 CVE-2017-8041   XSS vulnerability in org name in Single Sign-On for PCF
31 août 2017 CVE-2017-8040   XXE Vulnerability in Single Sign-On for PCF
08 juin 2017 CVE-2017-4995   Jackson Configuration Allows Code Execution with Unknown “Serialization Gadgets”
31 mai 2017 CVE-2017-4971   Data Binding Expression Vulnerability in Spring Web Flow
15 mai 2017 CVE-2017-4975   Tile generator sets open security groups
04 mai 2017 CVE-2017-4966   RabbitMQ local storage of credentials
04 mai 2017 CVE-2017-4965   XSS vulnerabilities in RabbitMQ management UI
27 mars 2017 CVE-2017-2773   Unauthenticated JWT signing algorithm in multiple components
24 mars 2017 CVE-2017-4955   Credentials in Elastic Runtime Notifications errand log
14 févr 2017 CVE-2017-4959   Pivotal Cloud Foundry account authorization vulnerability
09 févr 2017 CVE-2016-9880   Unauthenticated access to GemFire for PCF broker endpoints
04 janv 2017 CVE-2016-9885   gfsh exposed over go router for GemFire for PCF
28 déc 2016 CVE-2016-9879   Encoded "/" in path variables
28 déc 2016 CVE-2016-0898   Service backups log AWS key
21 déc 2016 CVE-2016-9878   Directory Traversal in the Spring Framework ResourceServlet
19 déc 2016 CVE-2016-9877   RabbitMQ authentication vulnerability
31 oct 2016 CVE-2016-6657   PCF Open Redirects
31 oct 2016 CVE-2016-6656   Code injection vulnerability via GPHDFS in Greenplum database
30 sept 2016 CVE-2016-6652   Spring Data JPA Blind SQL Injection Vulnerability
12 sept 2016 CVE-2016-0930   Ops Manager Compilation VMs Vulnerability on vSphere and vCloud
27 juil 2016 CVE-2016-0896   IaaS Metadata Endpoint Accessible from Application Containers
15 juil 2016 CVE-2016-0929   RabbitMQ for PCF vulnerability
07 juil 2016 CVE-2016-5007   Spring Security / MVC Path Matching Inconsistency
07 juil 2016 CVE-2016-0926   Apps Manager XSS vulnerability
05 juil 2016 CVE-2016-4977   Remote Code Execution (RCE) in Spring Security OAuth
29 juin 2016 CVE-2016-0928   PCF Open Redirects
24 juin 2016 CVE-2016-0897   Ops Manager vSphere and vCloud vulnerability
23 juin 2016 CVE-2016-0927   Ops Manager XSS vulnerability
11 avril 2016 CVE-2016-2173   Remote Code Execution in Spring AMQP
23 mars 2016 CVE-2016-0780   Cloud Controller Disk Quota Enforcement
23 mars 2016 CVE-2016-2165   Loggregator Request URL Paths
23 mars 2016 CVE-2016-0781   UAA Persistent XSS Vulnerability
03 févr 2016 CVE-2016-0883   Pivotal Ops Manager Weak Authentication Scheme
12 nov 2015 CVE-2015-5258   Spring Social CSRF
15 oct 2015 CVE-2015-5211   RFD Attack in Spring Framework
30 juin 2015 CVE-2015-3192   DoS Attack with XML Input
06 mars 2015 CVE-2015-0201   Insufficiently random session id in Java SockJS client
13 janv 2015 CVE-2014-3626   Directory Traversal in Grails Resources Plugin
11 nov 2014 CVE-2014-3625   Directory Traversal in Spring Framework
05 sept 2014 CVE-2014-3578   Directory Traversal in Spring Framework
15 août 2014 CVE-2014-3527   Access Control Bypass in Spring Security
28 mai 2014 CVE-2014-0225   Information Disclosure when using Spring MVC
11 mars 2014 CVE-2014-1904   XSS when using Spring MVC
11 mars 2014 CVE-2014-0097   Blank password may bypass user authentication
11 mars 2014 CVE-2014-0054   Incomplete fix for CVE-2013-7315 / CVE-2013-6429 (XXE)
19 févr 2014 CVE-2014-0053   Information Disclosure when using Grails
14 janv 2014 CVE-2013-6430   Possible XSS when using Spring MVC
14 janv 2014 CVE-2013-6429   Incomplete fix for CVE-2013-7315 (XXE)
22 août 2013 CVE-2013-7315   XML External Entity (XXE) injection in Spring Framework
22 août 2013 CVE-2013-4152   XML eXternal Entity (XXE) injection in Spring Framework


Notable Vulnerabilities in Dependencies[1]
Date   CVE Reference   Description
24 sept 2020 USN-4466-1   curl vulnerability
24 sept 2020 USN-4457-1   Software Properties vulnerability
28 août 2020 USN-4414-1   Linux kernel vulnerabilities
28 août 2020 USN-4402-1   curl vulnerabilities
28 août 2020 USN-4398-1   DBus vulnerability
30 juil 2020 USN-4394-1   SQLite vulnerabilities
30 juil 2020 USN-4390-1   Linux kernel vulnerabilities
30 juil 2020 USN-4385-2   Intel Microcode regression
30 juil 2020 USN-4385-1   Intel Microcode vulnerabilities
30 juil 2020 USN-4377-1   ca-certificates update
30 juil 2020 USN-4376-1   OpenSSL vulnerabilities
30 juil 2020 USN-4360-4   json-c vulnerability
30 juil 2020 USN-3911-2   file regression
14 mai 2020 USN-4318-1   Linux kernel vulnerabilities
28 avril 2020 USN-4345-1   Linux kernel vulnerabilities
23 avril 2020 USN-4305-1   ICU vulnerability
23 avril 2020 USN-4302-1   Linux kernel vulnerabilities
23 avril 2020 USN-4298-1   SQLite vulnerabilities
21 avril 2020 USN-4333-1   Python vulnerabilities
08 avril 2020 USN-4292-1   rsync vulnerabilities
02 mars 2020 USN-4293-1   libarchive vulnerabilities
18 févr 2020 USN-4287-1   Linux kernel vulnerabilities
10 févr 2020 USN-4274-1   libxml2 vulnerabilities
05 févr 2020 USN-4269-1   systemd vulnerabilities
03 févr 2020 USN-4263-1   Sudo vulnerability
28 janv 2020 USN-4256-1   Cyrus SASL vulnerability
28 janv 2020 USN-4255-2   Linux kernel (HWE) vulnerabilities
27 janv 2020 USN-4252-1   tcpdump vulnerabilities
23 janv 2020 USN-4249-1   e2fsprogs vulnerability
23 janv 2020 USN-4233-2   GnuTLS update
22 janv 2020 USN-4247-2   python-apt regression
22 janv 2020 USN-4247-1   python-apt vulnerabilities
22 janv 2020 USN-4246-1   zlib vulnerabilities
20 janv 2020 USN-4243-1   libbsd vulnerabilities
20 janv 2020 USN-4242-1   Sysstat vulnerabilities
19 janv 2020 CVE-2020-0601   Windows Stemcells vulnerable to Windows CryptoAPI Spoofing Vulnerability
15 janv 2020 USN-4220-1   Git vulnerabilities
15 janv 2020 USN-4215-1   NSS vulnerability
15 janv 2020 USN-4210-1   Linux kernel vulnerabilities
15 janv 2020 USN-4205-1   SQLite vulnerabilities
15 janv 2020 USN-4182-3   Intel Microcode regression
14 janv 2020 USN-4236-2   Libgcrypt vulnerability
13 janv 2020 USN-4235-1   nginx vulnerability
09 janv 2020 USN-4233-1   GnuTLS update
08 janv 2020 USN-4231-1   NSS vulnerability
07 janv 2020 USN-4227-1   Linux kernel vulnerabilities
18 déc 2019 USN-4203-1   NSS vulnerability
18 déc 2019 USN-4199-1   libvpx vulnerabilities
18 déc 2019 USN-4194-1   postgresql-common vulnerability
18 déc 2019 USN-4191-1   QEMU vulnerabilities
18 déc 2019 USN-4190-1   libjpeg-turbo vulnerabilities
18 déc 2019 USN-4185-3   Linux kernel vulnerability and regression
18 déc 2019 USN-4185-1   Linux kernel vulnerabilities
18 déc 2019 USN-4182-1   Intel Microcode update
18 déc 2019 USN-4176-1   GNU cpio vulnerability
18 déc 2019 USN-4172-1   file vulnerability
18 déc 2019 USN-4169-1   libarchive vulnerability
18 déc 2019 USN-4164-1   Libxslt vulnerabilities
18 déc 2019 USN-4162-1   Linux kernel vulnerabilities
11 déc 2019 USN-4221-1   libpcap vulnerability
25 nov 2019 CVE-2019-15587   Ops Manager contains a vulnerable Loofah gem
14 nov 2019 USN-3885-2   OpenSSH vulnerability
14 nov 2019 USN-4040-1   Expat vulnerability
14 nov 2019 USN-4038-1   bzip2 vulnerabilities
14 nov 2019 USN-4019-1   SQLite vulnerabilities
14 nov 2019 USN-4016-1   Vim vulnerabilities
14 nov 2019 USN-4015-1   DBus vulnerability
14 nov 2019 USN-4012-1   elfutils vulnerabilities
14 nov 2019 USN-4011-1   Jinja2 vulnerabilities
14 nov 2019 USN-4008-2   AppArmor update
14 nov 2019 USN-4004-1   Berkeley DB vulnerability
14 nov 2019 USN-3999-1   GnuTLS vulnerabilities
14 nov 2019 USN-3993-1   curl vulnerabilities
14 nov 2019 USN-3990-1   urllib3 vulnerabilities
14 nov 2019 USN-3968-1   Sudo vulnerabilities
14 nov 2019 USN-3967-1   FFmpeg vulnerabilities
14 nov 2019 USN-3911-1   file vulnerabilities
06 nov 2019 USN-4151-1   Python vulnerabilities
06 nov 2019 USN-4144-1   Linux kernel vulnerabilities
06 nov 2019 USN-4142-1   e2fsprogs vulnerability
06 nov 2019 USN-4132-1   Expat vulnerability
06 nov 2019 USN-4129-1   curl vulnerabilities
06 nov 2019 USN-4127-1   Python vulnerabilities
06 nov 2019 USN-4126-1   FreeType vulnerability
30 sept 2019 USN-4135-1   Linux kernel vulnerabilities
30 sept 2019 USN-4115-2   Linux kernel regression
30 sept 2019 USN-4115-1   Linux kernel vulnerabilities
30 sept 2019 USN-4094-1   Linux kernel vulnerabilities
30 sept 2019 USN-4071-1   Patch vulnerabilities
30 sept 2019 USN-4049-3   GLib regression
24 sept 2019 CVE-2019-16097   Harbor Privilege Escalation
05 sept 2019 USN-4099-1   nginx vulnerabilities
05 sept 2019 USN-4090-1   PostgreSQL vulnerabilities
05 sept 2019 USN-4068-2   Linux kernel (HWE) vulnerabilities
05 sept 2019 USN-4060-1   NSS vulnerabilities
05 sept 2019 USN-4058-1   Bash vulnerability
05 sept 2019 USN-4049-1   GLib vulnerability
05 sept 2019 USN-4038-3   bzip2 regression
06 août 2019 USN-4041-1   Linux kernel update
05 août 2019 USN-4014-1   GLib vulnerability
05 août 2019 USN-4001-1   libseccomp vulnerability
05 août 2019 USN-3977-3   Intel Microcode update (AKA ZombieLoad Attack)
19 juin 2019 USN-3981-2   Linux kernel (HWE) vulnerabilities (AKA ZombieLoad Attack)
19 juin 2019 USN-3977-2   Intel Microcode update (AKA ZombieLoad Attack)
19 juin 2019 USN-3977-1   Intel Microcode update (AKA ZombieLoad Attack)
21 mai 2019 USN-3972-1   PostgreSQL vulnerabilities
21 mai 2019 USN-3962-1   libpng vulnerability
21 mai 2019 USN-3960-1   WavPack vulnerability
21 mai 2019 USN-3947-1   Libxslt vulnerability
21 mai 2019 USN-3943-1   Wget vulnerabilities
21 mai 2019 USN-3932-2   Linux kernel (Xenial HWE) vulnerabilities
21 mai 2019 USN-3931-2   Linux kernel (HWE) vulnerabilities
08 mai 2019 USN-3935-1   BusyBox vulnerabilities
25 avril 2019 USN-3945-1   Ruby vulnerabilities
25 avril 2019 USN-3910-2   Linux kernel (Xenial HWE) vulnerabilities
25 avril 2019 USN-3906-1   LibTIFF vulnerabilities
25 avril 2019 USN-3901-2   Linux kernel (HWE) vulnerabilities
25 avril 2019 USN-3900-1   GD vulnerabilities
25 avril 2019 USN-3899-1   OpenSSL vulnerability
25 avril 2019 USN-3898-1   NSS vulnerability
25 avril 2019 USN-3891-1   systemd vulnerability
25 avril 2019 USN-3885-1   OpenSSH vulnerabilities
25 avril 2019 USN-3884-1   libarchive vulnerabilities
25 avril 2019 USN-3882-1   curl vulnerabilities
25 avril 2019 USN-3879-2   Linux kernel (Xenial HWE) vulnerabilities
25 avril 2019 USN-3871-4   Linux kernel (HWE) vulnerabilities
25 avril 2019 USN-3864-1   LibTIFF vulnerabilities
25 avril 2019 USN-3859-1   libarchive vulnerabilities
25 avril 2019 USN-3848-2   Linux kernel (Xenial HWE) vulnerabilities
25 avril 2019 USN-3847-2   Linux kernel (HWE) vulnerabilities
25 avril 2019 USN-3840-1   OpenSSL vulnerabilities
25 avril 2019 USN-3834-1   Perl vulnerabilities
25 avril 2019 USN-3816-3   systemd regression
25 avril 2019 USN-3855-1   systemd vulnerabilities
25 avril 2019 USN-3863-1   APT vulnerability
13 févr 2019 CVE-2019-5736   runC container breakout
06 févr 2019 USN-3836-2   Linux kernel (HWE) vulnerabilities
06 févr 2019 USN-3841-1   lxml vulnerability
06 févr 2019 USN-3850-1   NSS vulnerabilities
03 janv 2019 USN-3843-1   pixman vulnerability
03 janv 2019 USN-3816-2   systemd vulnerability
03 janv 2019 USN-3839-1   WavPack vulnerabilities
03 janv 2019 USN-3829-1   Git vulnerabilities
14 déc 2018 USN-3805-1   curl vulnerabilities
14 déc 2018 USN-3809-1   OpenSSH vulnerabilities
14 déc 2018 USN-3812-1   nginx vulnerabilities
14 déc 2018 USN-3815-1   gettext vulnerability
14 déc 2018 USN-3817-1   Python vulnerabilities
14 déc 2018 USN-3821-2   Linux kernel (Xenial HWE) vulnerabilities
12 déc 2018 USN-3820-2   Linux kernel (HWE) vulnerabilities
12 déc 2018 USN-3816-1   systemd vulnerabilities
12 déc 2018 USN-3806-1   systemd vulnerability
12 déc 2018 USN-3808-1   Ruby vulnerabilities
03 déc 2018 CVE-2018-15797   NFS Volume release errand leaks cf admin credentials in logs
03 déc 2018 CVE-2018-1002105   Proxy request handling in kube-apiserver can leave vulnerable TCP connections
28 nov 2018 USN-3797-2   Linux kernel (Xenial HWE) vulnerabilities
08 nov 2018 USN-3800-1   audiofile vulnerabilities
08 nov 2018 USN-3791-1   Git vulnerability
08 nov 2018 USN-3786-1   libxkbcommon vulnerabilities
08 nov 2018 USN-3785-1   ImageMagick vulnerabilities
06 nov 2018 CVE-2018-15761   UAA Privilege Escalation
26 oct 2018 USN-3790-1   Requests vulnerability
26 oct 2018 USN-3777-2   Linux kernel (HWE) vulnerabilities
26 oct 2018 USN-3762-2   Linux kernel (HWE) vulnerabilities
09 oct 2018 USN-3752-2   Linux kernel (HWE) vulnerabilities
09 oct 2018 USN-3765-1   curl vulnerability
09 oct 2018 USN-3767-1   GLib vulnerabilities
09 oct 2018 USN-3770-1   Little CMS vulnerabilities
27 sept 2018 USN-3759-1   libtirpc vulnerabilities
27 sept 2018 USN-3758-1   libx11 vulnerabilities
27 sept 2018 USN-3756-1   Intel Microcode vulnerabilities
27 sept 2018 USN-3755-1   GD vulnerabilities
27 sept 2018 USN-3753-2   Linux kernel (Xenial HWE) vulnerabilities
27 sept 2018 USN-3744-1   PostgreSQL vulnerabilities
27 sept 2018 USN-3741-2   Linux kernel (Xenial HWE) vulnerabilities
27 sept 2018 USN-3739-1   libxml2 vulnerabilities
27 sept 2018 USN-3736-1   libarchive vulnerabilities
27 sept 2018 USN-3733-1   GnuPG vulnerability
27 sept 2018 USN-3729-1   libxcursor vulnerability
27 sept 2018 USN-3712-1   libpng vulnerabilities
27 sept 2018 USN-3696-2   Linux kernel (Xenial HWE) vulnerabilities
27 sept 2018 USN-3692-1   OpenSSL vulnerabilities
27 sept 2018 USN-3690-2   AMD Microcode regression
27 sept 2018 USN-3690-1   AMD Microcode update
27 sept 2018 USN-3689-1   Libgcrypt vulnerability
27 sept 2018 USN-3605-1   Sharutils vulnerability
27 sept 2018 USN-3589-1   PostgreSQL vulnerability
27 sept 2018 USN-3564-1   PostgreSQL vulnerability
27 sept 2018 USN-3532-1   GDK-PixBuf vulnerabilities
27 sept 2018 USN-3509-4   Linux kernel (Xenial HWE) regression
27 sept 2018 USN-3352-1   nginx vulnerability
09 août 2018 CVE-2018-8037   Apache Tomcat - NIO/NIO2 connectors user sessions can get mixed up
09 août 2018 CVE-2018-1336   Apache Tomcat - UTF-8 decoder can lead to DoS
02 août 2018 USN-3711-1   ImageMagick vulnerabilities
02 août 2018 USN-3707-1   NTP vulnerabilities
02 août 2018 USN-3706-1   libjpeg-turbo vulnerabilities
23 juil 2018 CVE-2018-11047   UAA accepts refresh token as access token on admin endpoints
20 juil 2018 USN-3693-1   JasPer vulnerabilities
20 juil 2018 USN-3686-1   file vulnerabilities
20 juil 2018 USN-3684-1   Perl vulnerability
20 juil 2018 USN-3681-1   ImageMagick vulnerabilities
20 juil 2018 USN-3676-2   Linux kernel (Xenial HWE) vulnerabilities
20 juil 2018 USN-3675-1   GnuPG vulnerabilities
20 juil 2018 USN-3658-1   procps-ng vulnerabilities
17 juil 2018 CVE-2018-11041   UAA open redirect
16 juil 2018 CVE-2018-1269   Loggregator does not properly close some TCP connections
16 juil 2018 CVE-2018-1268   Loggregator lacks app GUID validation
19 juin 2018 CVE-2018-1265   Diego does not properly sanitize file paths in tar/zip files
21 juin 2018 USN-3671-1   Git vulnerabilities
21 juin 2018 USN-3654-2   Linux kernel (Xenial HWE) vulnerabilities
21 juin 2018 USN-3648-1   curl vulnerabilities
14 juin 2018 USN-3643-1   Wget vulnerability
14 juin 2018 USN-3641-1   Linux kernel vulnerabilities
14 juin 2018 USN-3631-2   Linux kernel (Xenial HWE) vulnerabilities
14 juin 2018 USN-3628-1   OpenSSL vulnerability
14 juin 2018 USN-3625-1   Perl vulnerabilities
14 juin 2018 USN-3624-1   Patch vulnerabilities
14 juin 2018 USN-3622-1   Wayland vulnerability
21 mai 2018 CVE-2018-1277   Garden does not correctly enforce Docker image disc quotas
21 mai 2018 CVE-2018-1276   Windows2012R2 stemcell exposes IaaS metadata on vSphere
10 mai 2018 MS-ISAC-2018-046   MS-ISAC 2018-046 Multiple Vulnerabilities in PHP
08 mai 2018 CVE-2018-1191   Garden may log Docker passwords
02 mai 2018 USN-3619-2   Linux kernel (Xenial HWE) vulnerabilities
02 mai 2018 USN-3611-1   OpenSSL vulnerability
02 mai 2018 USN-3610-1   ICU vulnerability
02 mai 2018 USN-3606-1   LibTIFF vulnerabilities
02 mai 2018 USN-3604-1   libvorbis vulnerabilities
02 mai 2018 USN-3602-1   LibTIFF vulnerabilities
02 mai 2018 USN-3598-1   curl vulnerabilities
02 mai 2018 USN-3586-1   DHCP vulnerabilities
02 mai 2018 USN-3584-1   sensible-utils vulnerability
02 mai 2018 USN-3569-1   libvorbis vulnerabilities
02 mai 2018 USN-3554-1   curl vulnerabilities
02 mai 2018 USN-3547-1   Libtasn1 vulnerabilities
02 mai 2018 USN-3543-1   rsync vulnerabilities
02 mai 2018 USN-3534-1   GNU C Library vulnerabilities
02 mai 2018 USN-3506-1   rsync vulnerabilities
02 mai 2018 USN-3501-1   libxcursor vulnerability
02 mai 2018 USN-3346-2   Bind regression
30 avril 2018 CVE-2018-1197   GCP Metadata Endpoint Accessible from Application Containers on Windows
05 avril 2018 CVE-2018-1266   Cloud Controller file modification via malicious application
05 avril 2018 CVE-2018-1231   BOSH CLI does not restrict access to configuration file
03 avril 2018 USN-3582-2   Linux kernel (Xenial HWE) vulnerabilities
28 mars 2018 CVE-2018-1195   Cloud Controller API will accept a refresh token for authentication
28 mars 2018 CVE-2018-1192   UAA SessionID present in Audit Event Logs
28 mars 2018 CVE-2018-1190   XSS on UAA OpenID Connect check session iframe endpoint
09 mars 2018 CVE-2018-1227   Concourse-dot-ci Domain Issue
27 févr 2018 VU475445   VU#475445 SAML Authentication Bypass
27 févr 2018 CVE-2018-1221   Gorouter websocket handling vulnerability
01 févr 2018 USN-3540-2   Linux kernel (Xenial HWE) vulnerabilities
01 févr 2018 USN-3538-1   OpenSSH vulnerabilities
01 févr 2018 USN-3535-1   Bind vulnerability
01 févr 2018 USN-3522-4   Linux (Xenial HWE) vulnerability
01 févr 2018 USN-3522-2   Linux (Xenial HWE) vulnerability
01 févr 2018 USN-3513-1   libxml2 vulnerability
01 févr 2018 USN-3504-1   libxml2 vulnerability
03 janv 2018 Meltdown and Spectre Attacks   Meltdown and Spectre Attacks
19 déc 2017 CVE-2017-1000353   Jenkins unauthenticated remote code execution
15 déc 2017 USN-3509-2   Linux kernel (Xenial HWE) vulnerabilities
15 déc 2017 USN-3505-1   Linux firmware vulnerabilities
15 déc 2017 USN-3498-1   curl vulnerabilities
15 déc 2017 USN-3496-3   Python vulnerability
15 déc 2017 USN-3496-1   Python vulnerability
15 déc 2017 USN-3489-1   Berkeley DB vulnerability
15 déc 2017 USN-3485-2   Linux kernel (Xenial HWE) vulnerabilities
15 déc 2017 USN-3478-1   Perl vulnerabilities
15 déc 2017 USN-3475-1   OpenSSL vulnerabilities
15 déc 2017 USN-3469-2   Linux kernel (Xenial HWE) vulnerabilities
15 déc 2017 USN-3464-1   Wget vulnerabilities
15 déc 2017 USN-3458-1   ICU vulnerability
15 déc 2017 USN-3457-1   curl vulnerability
21 nov 2017 USN-3454-1   libffi vulnerability
21 nov 2017 USN-3444-2   Linux kernel (Xenial HWE) vulnerabilities
21 nov 2017 USN-3441-1   curl vulnerabilities
21 nov 2017 USN-3437-1   OCaml vulnerability
21 nov 2017 USN-3434-1   Libidn vulnerability
21 nov 2017 USN-3432-1   ca-certificates update
21 nov 2017 USN-3424-1   libxml2 vulnerabilities
21 nov 2017 USN-3387-1   Git vulnerability
16 nov 2017 CVE-2017-8031   UAA Denial of Service through client token revocation endpoint
15 nov 2017 CVE-2017-14388   GrootFS doesn’t validate DiffIDs
11 oct 2017 CVE-2017-8048   Cloud Controller API regression
10 oct 2017 CVE-2017-8047   Cloud Foundry router open redirect
28 sept 2017 USN-3420-2   Linux kernel (Xenial HWE) vulnerabilities
28 sept 2017 USN-3418-1   GDK-PixBuf vulnerabilities
28 sept 2017 USN-3415-1   tcpdump vulnerabilities
28 sept 2017 USN-3411-1   Bazaar vulnerability
28 sept 2017 USN-3410-1   GD library vulnerability
28 sept 2017 USN-3405-2   Linux kernel (Xenial HWE) vulnerabilities
28 sept 2017 USN-3398-1   graphite2 vulnerabilities
08 sept 2017 CVE-2017-9805   Apache Struts Remote Code Execution
28 août 2017 USN-3392-2   Linux kernel (Xenial HWE) regression
21 août 2017 USN-3385-2   Linux kernel (Xenial HWE) vulnerabilities
14 août 2017 USN-3378-2   Linux kernel (Xenial HWE) vulnerabilities
14 août 2017 USN-3367-1   gdb vulnerabilities
14 août 2017 USN-3364-2   Linux kernel (Xenial HWE) vulnerabilities
14 août 2017 USN-3363-2   ImageMagick regression References
14 août 2017 USN-3363-1   ImageMagick vulnerabilities
14 août 2017 USN-3356-1   Expat vulnerability
14 août 2017 USN-3353-1   Heimdal vulnerability
14 août 2017 USN-3349-1   NTP vulnerabilities
14 août 2017 USN-3347-1   Libgcrypt vulnerabilities
14 août 2017 USN-3346-1   bind9 vulnerabilities
14 août 2017 USN-3344-2   Linux kernel (Xenial HWE) vulnerabilities
07 août 2017 CVE-2017-8037   Incomplete fix for Cloud Controller API access to CC VM contents
02 août 2017 CVE-2017-9022/CVE-2017-9023   strongSwan DOS Vulnerabilities
01 août 2017 CVE-2017-8038   Credentials readable from CredHub endpoint
25 juil 2017 CVE-2017-8036   Cloud Controller API regression
25 juil 2017 CVE-2017-8035   Cloud Controller API access to CC VM contents
25 juil 2017 CVE-2017-8033   Cloud Controller API filesystem traversal vulnerability
24 juil 2017 CVE-2017-8032   UAA Identity Zone Admin Privilege Escalation
05 juil 2017 CVE-2017-7485   PostgreSQL vulnerabilities
26 juin 2017 CVE-2017-5946   Directory Traversal in Rubyzip
26 juin 2017 USN-3334-1   Linux kernel (Xenial HWE) vulnerabilities
26 juin 2017 USN-3323-1   GNU C Library vulnerability
26 juin 2017 USN-3318-1   GnuTLS vulnerabilities
26 juin 2017 USN-3312-2   Linux kernel (Xenial HWE) vulnerabilities
26 juin 2017 USN-3311-1   libnl vulnerability
26 juin 2017 USN-3309-1   Libtasn1 vulnerability
26 juin 2017 USN-3302-1   ImageMagick vulnerabilities
26 juin 2017 USN-3212-2   LibTIFF regression
22 juin 2017 USN-3304-1   Sudo vulnerability
08 juin 2017 CVE-2017-4994   Forwarded Headers in UAA
08 juin 2017 USN-3295-1   JasPer vulnerabilities
08 juin 2017 USN-3294-1   Bash vulnerabilities
08 juin 2017 USN-3291-3   Linux kernel (Xenial HWE) vulnerabilities
08 juin 2017 USN-3287-1   Git vulnerability
08 juin 2017 USN-3283-1   rtmpdump vulnerabilities
08 juin 2017 USN-3282-1   FreeType vulnerabilities
08 juin 2017 USN-3276-2   shadow regression
08 juin 2017 USN-3263-1   FreeType vulnerability
08 juin 2017 USN-3259-1   Bind vulnerabilities
08 juin 2017 USN-3246-1   Eject vulnerability
08 juin 2017 USN-3181-1   OpenSSL vulnerabilities
19 mai 2017 CVE-2017-4992   Privilege escalation with user invitations
19 mai 2017 CVE-2017-4991   UAA password reset vulnerability
02 mai 2017 USN-3265-2   Linux kernel (Xenial HWE) vulnerabilities
01 mai 2017 CVE-2017-4974   Blind SQL Injection with privileged UAA endpoints
20 avril 2017 CVE-2015-3281   HAProxy vulnerabilities
20 avril 2017 CVE-2017-4973   Privilege Escalation in UAA
20 avril 2017 CVE-2017-4972   Blind SQL Injection in UAA
13 avril 2017 CVE-2017-4969   Bug in CC allows users to exceed quotas
12 avril 2017 USN-3256-2   Linux kernel (HWE) vulnerability
10 avril 2017 CVE-2017-4970   Staticfile buildpack ignores basic authentication when misconfigured
06 avril 2017 USN-3243-1   Git vulnerability
06 avril 2017 USN-3241-1   audiofile vulnerabilities
06 avril 2017 USN-3239-2   GNU C Library Regression
06 avril 2017 USN-3237-1   FreeType vulnerability
06 avril 2017 USN-3235-1   libxml2 vulnerabilities
06 avril 2017 USN-3232-1   ImageMagick vulnerabilities
06 avril 2017 USN-3227-1   ICU vulnerabilities
06 avril 2017 USN-3225-1   libarchive vulnerabilities
06 avril 2017 USN-3183-2   GnuTLS vulnerability
05 avril 2017 CVE-2017-5649   Apache Geode privilege escalation vulnerability
04 avril 2017 USN-3201-1   Bind vulnerabilities
04 avril 2017 USN-3234-2   Linux kernel (Xenial HWE) vulnerabilities
04 avril 2017 USN-3228-1   libevent vulnerabilities
04 avril 2017 USN-3247-1   AppArmor vulnerability
04 avril 2017 USN-3249-2   Linux kernel (Xenial HWE) vulnerability
31 mars 2017 USN-3222-1   ImageMagick vulnerabilities
31 mars 2017 USN-3213-1   GD library vulnerabilities
31 mars 2017 USN-3212-1   LibTIFF vulnerabilities
31 mars 2017 USN-3205-1   tcpdump vulnerabilities
31 mars 2017 USN-3142-2   ImageMagick vulnerabilities
29 mars 2017 CVE-2017-4963   Session Fixation for UAA External Authentication
17 mars 2017 USN-3196-1   Multiple PHP vulnerabilities
17 mars 2017 USN-3185-1   libXpm vulnerability
17 mars 2017 USN-3193-1   Nettle vulnerability
17 mars 2017 USN-3183-1   GnuTLS vulnerabilities
14 mars 2017 USN-3189-2   Linux kernel (Xenial HWE) vulnerabilities
14 mars 2017 CVE-2017-5638   Apache Struts Remote Code Execution
13 mars 2017 USN-3220-2   Linux kernel (Xenial HWE) vulnerability
09 mars 2017 CVE-2017-4960   UAA OAuth DOS via lockout feature
01 mars 2017 USN-3208-2   Linux kernel (Xenial HWE) vulnerabilities
31 janv 2017 USN-3172-1   Bind vulnerabilities
31 janv 2017 USN-3169-2   Linux kernel (Xenial HWE) vulnerabilities
31 janv 2017 USN-3161-2   Linux kernel (Xenial HWE) vulnerabilities
23 janv 2017 CVE-2016-6660   Cloud Controller logs application environment variables
19 janv 2017 USN-3024-1   tomcat6, tomcat7 vulnerabilities
12 janv 2017 RunC Exec   RunC Exec Vulnerability
10 janv 2017 CVE-2016-9882   Cloud Foundry Logs Service Credentials
29 déc 2016 CVE-2016-3958 and CVE-2016-3959   Golang vulnerabilities
27 déc 2016 USN-3146-2   Linux kernel (Xenial HWE) vulnerabilities
27 déc 2016 USN-3128-2   Linux kernel (Xenial HWE) vulnerability
27 déc 2016 USN-3142-1   ImageMagick vulnerabilities
19 déc 2016 CVE-2016-8219   Space Auditor can restage apps
21 déc 2016 Multiple CVEs   httpoxy vulnerabilities
20 déc 2016 USN-3156-1   APT vulnerability
19 déc 2016 USN-3131-1   ImageMagick vulnerabilities
19 déc 2016 USN-3067-1   HarfBuzz vulnerabilities
19 déc 2016 USN-3117-1   GD library vulnerabilities
14 déc 2016 USN-3132-1   tar vulnerability
14 déc 2016 USN-3134-1   Python vulnerabilities
14 déc 2016 USN-3139-1   Vim vulnerability
14 déc 2016 CVE-2016-6659   UAA Privilege Escalation
14 déc 2016 USN-3116-1   DBus vulnerabilities
14 déc 2016 USN-3119-1   Bind vulnerability
13 déc 2016 USN-3123-1   curl vulnerabilities
13 déc 2016 USN-3088-1   Bind vulnerability
09 déc 2016 CVE-2016-8218   Unauthenticated JWT signing algorithm in routing
07 déc 2016 USN-3151-2   Linux kernel (Xenial HWE) vulnerability
17 nov 2016 CVE-2016-6663/CVE-2016-6664   MariaDB Root Privilege Escalation
17 nov 2016 Several   PCRE vulnerabilities prior to version 8.39
07 nov 2016 USN-3096-1   NTP vulnerabilities
07 nov 2016 USN-3095-1   PHP vulnerabilities
02 nov 2016 CVE-2016-6658   Incomplete fix for Credential Vulnerability for Custom Buildpacks
21 oct 2016 CVE-2016-5195   Linux kernel vulnerability
17 oct 2016 CVE-2016-6655   Utility Script Command Injection
17 oct 2016 USN-3099-2   Linux kernel vulnerabilities
29 sept 2016 CVE-2016-6653   MySQL Audit logs sent to Syslog
28 sept 2016 USN-3087-2   OpenSSL Regression
28 sept 2016 USN-3083-1   Linux kernel vulnerabilities
28 sept 2016 USN-3068-1   Libidn vulnerabilities
28 sept 2016 CVE-2016-6662   Multiple MySQL Vulnerabilities
28 sept 2016 USN-3085-1   GDK-PixBuf vulnerabilities
26 sept 2016 CVE-2016-6651   Privilege Escalation in UAA
26 sept 2016 CVE-2016-6636   UAA Open Redirect Vulnerability for Subdomains
26 sept 2016 CVE-2016-6637   UAA CSRF Vulnerability for OAuth Approvals
21 sept 2016 CVE-2014-9130   LibYAML vulnerability
09 sept 2016 CVE-2016-6639   PHP Buildpack exposes .profile file
09 sept 2016 USN-3045-1   PHP vulnerabilities
25 août 2016 USN-3065-1   Libgcrypt vulnerability
25 août 2016 USN-3064-1   GnuPG vulnerability
25 août 2016 USN-3063-1   Fontconfig vulnerability
25 août 2016 USN-3061-1   OpenSSH vulnerability
25 août 2016 USN-3030-1/USN-3060-1   GD library vulnerability
25 août 2016 USN-3053-1/USN-3037-1   Linux kernel (Vivid HWE) vulnerability
25 août 2016 USN-3048-1   curl vulnerability
25 août 2016 USN-3033-1   libarchive vulnerability
18 août 2016 CVE-2016-5016   UAA accepts expired certificates
26 juil 2016 CVE-2016-5006   Cloud Controller API logs user-provided service credentials
13 juil 2016 USN-3010-1   Expat vulnerabilities
13 juil 2016 CVE-2016-4450   Nginx Vulnerabilities
13 juil 2016 USN-3012-1   Wget vulnerability
01 juil 2016 USN-3020-1   Linux kernel (Vivid HWE) vulnerabilities
30 juin 2016 CVE-2016-4468   UAA SQL Injection
15 juin 2016 USN-3001-1   Linux kernel (Vivid HWE) vulnerabilities
13 juin 2016 CVE-2016-4435   BOSH Agent Anonymous Endpoint
13 juin 2016 USN-2994-1   libxml2 vulnerabilities
13 juin 2016 USN-2991-1   nginx vulnerability
13 juin 2016 USN-2990-1   ImageMagick vulnerability (a.k.a. ImageTragick)
13 juin 2016 USN-2987-1   GD library vulnerabilities
13 juin 2016 USN-2985-2   GNU C Library regression
13 juin 2016 USN-2983-1   Expat vulnerability
13 juin 2016 USN-2981-1   libarchive vulnerabilities
13 juin 2016 USN-2966-1   OpenSSH vulnerabilities
13 juin 2016 USN-2961-1   Little CMS vulnerability
08 juin 2016 CVE-2013-7456   PHP vulnerabilities
03 juin 2016 USN-2970-1   Linux kernel (Vivid HWE) vulnerabilities
23 mai 2016 CVE-2016-3084   UAA Password Reset Vulnerability
19 mai 2016 USN-2977-1   Linux kernel (Vivid HWE) vulnerabilities
17 mai 2016 CVE-2016-3091   Diego log encoding vulnerability
06 mai 2016 USN-2959-1   OpenSSL vulnerabilities
06 mai 2016 USN-2957-1   Libtasn1 vulnerability
06 mai 2016 USN-2949-1   Linux kernel (Vivid HWE) vulnerabilities
06 mai 2016 USN-2943-1   PCRE vulnerabilities
06 mai 2016 USN-2935-2   PAM regression
02 mai 2016 CVE-2015-5170-5173   UAA Vulnerabilities
14 avril 2016 Badlock bug   Samba and Windows Vulnerabilities
24 mars 2016 USN-2939-1   LibTIFF vulnerabilities
24 mars 2016 USN-2927-1   Graphite2 vulnerabilities
24 mars 2016 USN-2925-1   Bind9 vulnerabilities
24 mars 2016 USN-2919-1   JasPer vulnerabilities
24 mars 2016 USN-2918-1   Pixman vulnerabilities
24 mars 2016 USN-2916-1   Perl vulnerabilities
24 mars 2016 USN-2914-1   OpenSSL vulnerabilities
24 mars 2016 NPM Ownership Issue   Warning about NPM modules
24 mars 2016 USN-2938-1   Git vulnerabilities
16 mars 2016 USN-2932-1   Linux kernel vulnerabilities
02 mars 2016 CVE-2016-0800   OpenSSL vulnerabilities
26 févr 2016 USN-2910-1   Linux kernel vulnerability
26 févr 2016 CVE-2016-0761   Docker Image Host Files Corruption
19 févr 2016 USN-2900-1   GNU libc vulnerability
02 févr 2016 CVE-2016-0732   Privilege Escalation
01 févr 2016 CVE-2016-0713   Gorouter XSS
22 janv 2016 USN-2871-1   Linux kernel vulnerability
20 janv 2016 CVE-2016-0715   Remote Information Disclosure
19 janv 2016 USN-2865-1   GnuTLS vulnerability
19 janv 2016 USN-2861-1   libpng vulnerability
19 janv 2016 USN-2868-1   DHCP vulnerability
19 janv 2016 USN-2869-1   OpenSSH vulnerability
18 janv 2016 CVE-2016-0708   Remote Information Disclosure
07 janv 2016 USN-2857-1   Linux kernel vulnerability
07 janv 2016 USN-2842-1/USN-2842-2   Linux kernel vulnerability
07 janv 2016 USN-2837-1   bind9 vulnerability
07 janv 2016 USN-2836-1   grub2 vulnerability
07 janv 2016 USN-2835-1   git vulnerability
07 janv 2016 USN-2834-1   libxml2 vulnerability
07 janv 2016 USN-2830-1   OpenSSL vulnerability
07 janv 2016 USN-2829-1   Linux kernel vulnerability
15 déc 2015 CVE-2015-5350   Garden Nstar vulnerability
04 déc 2015 USN-2821-1   GnuTLS vulnerability
04 déc 2015 USN-2820-1   dpkg vulnerability
02 déc 2015 USN-2815-1   PNG vulnerability
02 déc 2015 USN-2812-1   libxml2 vulnerability
02 déc 2015 USN-2810-1   Kerberos vulnerability
02 déc 2015 USN-2787-1   audiofile vulnerability
24 nov 2015 USN-2788-1/2788-2   unzip vulnerability
12 nov 2015 USN-2798-1   Linux kernel vulnerability
12 nov 2015 USN-2806-1   Linux kernel vulnerability
03 nov 2015 USN-2778-1   Linux kernel vulnerabilities
03 nov 2015 USN-2767-1   GDK-Pixbuf library vulnerability
07 oct 2015 Golang   Golang 1.4.3 CVE Fixes
07 oct 2015 USN-2722-1   GDK-PixBuf Vulnerabilities
07 oct 2015 USN-2711-1   Net-SNMP Vulnerabilities
07 oct 2015 USN-2739-1   FreeType Vulnerabilities
07 oct 2015 USN-2740-1   ICU Vulnerabilities
07 oct 2015 USN-2751-1   Linux Kernel (Vivid HWE) Vulnerability
07 oct 2015 USN-2756-1   rpcbind Vulnerability
07 oct 2015 USN-2765-1   Linux Kernel (Vivid HWE) Vulnerability
08 sept 2015 USN-2710-1   OpenSSH Vulnerabilities
08 sept 2015 USN-2698-1   SQLite Vulnerabilities
08 sept 2015 USN-2694-1   PCRE Vulnerabilities
08 sept 2015 USN-2718-1   Address Configuration Change Vulnerabilities
06 août 2015 USN-2696-1   OpenJDK 7 Vulnerabilities
29 juil 2015 CVE-2015-3290   Linux Kernel NMI Vulnerability
10 juil 2015 CVE-2015-1420   file_handle size verification
06 juil 2015 CVE-2015-1330   Unattended-Upgrades Vulnerability
25 juin 2015 CVE-2015-3189   Expire old reset password links
25 juin 2015 CVE-2015-3190   Open redirect on Login
25 juin 2015 CVE-2015-3191   CSRF attack on change email
12 juin 2015 USN-2639-1   OpenSSL vulnerabilities
12 juin 2015 CVE-2015-3636   ipv4 use-after-free
17 juin 2015 CVE-2015-1328   overlayfs privilege escalation
09 juin 2015 Redis LUA Sandbox   Redis LUA Exploit
22 mai 2015 CVE-2015-1834   Path Traversal Vulnerability
22 mai 2015 USN-2617-1   FUSE Vulnerability
30 avril 2015 CVE-2015-1855   Ruby OpenSSL Hostname Verification
23 mars 2015 CVE-2015-0282   Multiple GnuTLS Vulnerabilities
21 mars 2015 USN-2537-1   OpenSSL vulnerabilities
13 mars 2015 CVE-2014-8159   Linux Kernel Infiniband Vulnerability
09 févr 2015 CVE-2014-0227   Apache Tomcat Request Smuggling
28 janv 2015 CVE-2015-0235   GHOST
10 sept 2014 CVE-2013-4444   Remote Code Execution in Apache Tomcat
16 oct 2014 CVE-2014-3566   SSLV3 POODLE
29 sept 2014 CVE-2014-7186   Bash Out-of Bonds
25 sept 2014 CVE-2014-6271   Bash - ShellShock
19 sept 2014 CVE-2014-5119   glib_gconv_translit_find() exploit
18 août 2014 CVE-2014-3153   Futex requeue exploit
05 juin 2014 CVE-2014-0224   SSL/TLS MITM Vulnerability
10 avril 2014 CVE-2014-0160   Heartbleed

[1] This table is not yet a complete list of vulnerabilities in dependencies. Formulating such a list is an extensive undertaking which Pivotal is addressing systematically. When this table becomes a complete and comprehensive list, we will remove this footnote.



Thanks

Note: Reports of vulnerabilities in Pivotal products are listed in the credit section of the associated security announcement.