Pivotal Application Security Team

Overview

The Pivotal Application Security Team provides a single point of contact for the reporting of security vulnerabilities in Pivotal products and coordinates the process of investigating any reported vulnerabilities.

If you would like to subscribe to updates to this page, the RSS feed for all vulnerability reports is available at https://tanzu.vmware.com/security/rss or https://tanzu.vmware.com/security/parsed/rss. The RSS feed for just the notable vulnerabilities in dependences is available at https://tanzu.vmware.com/security/dependencies/rss and the RSS feed for just Pivotal product vulnerabilities is available at https://tanzu.vmware.com/security/pivotal/rss.

Reporting a vulnerability

We strongly encourage people to report security vulnerabilities privately to our security team before disclosing them in a public forum.

Please note that the e-mail address below should only be used for reporting undisclosed security vulnerabilities in Pivotal products and managing the process of fixing such vulnerabilities. We cannot accept regular bug reports or other security related queries at this address.

The e-mail address to use to contact the Pivotal Application Security Team is security@pivotal.io.

The fingerprint is: AA8F D966 7001 70B7 087E B407 04A1 595B 8F19 137B

It can be obtained from a public key server such as pgp.mit.edu.

Pivotal Product Vulnerability Reports

Date	CVE Reference	Description
04 août 2020	CVE-2020-5412	Hystrix Dashboard Proxy In spring-cloud-netflix-hystrix-dashboard
30 juil 2020	CVE-2020-5414	App Autoscaler logs credentials
30 juil 2020	CVE-2020-5396	JMX Insecure Default Configuration in GemFire
30 juil 2020	MYSQL-SECURITY-UPDATES-OCT2019	Various MySQL Security Updates from October 2019
30 juil 2020	MYSQL-SECURITY-UPDATES-JUL2019	Various MySQL Security Updates from July 2019
30 juil 2020	CVE-2019-11286	JMX Credential Deserialization in GemFire
23 juil 2020	CVE-2020-5413	Kryo Configuration Allows Code Execution with Unknown “Serialization Gadgets”
16 juil 2020	CVE-2020-15586	Gorouter is vulnerable to DoS Attack via Expect 100-continue requests
10 juin 2020	CVE-2020-5411	Jackson Configuration Allows Code Execution with Unknown “Serialization Gadgets”
01 juin 2020	CVE-2020-5410	Directory Traversal with spring-cloud-config-server
26 mai 2020	CVE-2019-15605	Node.js is vulnerable to request smuggling
13 mai 2020	CVE-2020-5409	Concourse Open Redirect in the /sky/login endpoint
07 mai 2020	CVE-2020-5408	Dictionary attack with Spring Security queryable text encryptor
07 mai 2020	CVE-2020-5407	Signature Wrapping Vulnerability with spring-security-saml2-service-provider
14 avril 2020	CVE-2020-5402	UAA fails to check the state parameter when authenticating with external IDPs
09 avril 2020	CVE-2020-5406	PCF Autoscaling logs its database credentials
06 avril 2020	CVE-2019-11282	UAA is vulnerable to a Blind SCIM injection leading to information disclosure
06 avril 2020	CVE-2020-5400	Cloud Controller logs environment variables from app manifests
04 mars 2020	VARIOUS-JACKSON-CVES-UAA	Various CVEs UAA consumes vulnerable versions of FasterXML jackson-databind
04 mars 2020	CVE-2019-11290	UAA logs query parameters in tomcat access file
03 mars 2020	CVE-2019-11253	PKS is vulnerable to a YAML/JSON parsing "Billion Laughs" Attack
27 févr 2020	CVE-2020-5403	DoS Via Malformed URL with Reactor Netty HTTP Server
27 févr 2020	CVE-2020-5404	Authentication Leak On Redirect With Reactor Netty HttpClient
26 févr 2020	CVE-2020-5405	Directory Traversal with spring-cloud-config-server
24 févr 2020	CVE-2020-5401	GoRouter is vulnerable to a cache poisoning DoS
12 févr 2020	CVE-2020-5399	CredHub does not properly enable TLS for MySQL database connections
11 févr 2020	CVE-2019-19604	Git submodule loading vulnerability
16 janv 2020	CVE-2020-5397	CSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFlux
16 janv 2020	CVE-2020-5398	RFD Attack via “Content-Disposition” Header Sourced from Request Input by Spring MVC or Spring WebFlux Application
15 janv 2020	CVE-2019-11288	tc Server JMX Socket Listener Registry Rebinding Local Privilege Escalation
10 janv 2020	CVE-2019-18802	CVE-2019-18801, CVE-2019-18838, MySQL for Pivotal Platform consumes a vulnerable version of Envoy
08 janv 2020	CVE-2019-11292	Ops Manager logs query parameters in tomcat access file
04 déc 2019	CVE-2019-19029	SQL Injection via user-groups in VMware Harbor Container Registry for Pivotal Platform
04 déc 2019	CVE-2019-19023	Privilege Escalation Vulnerability in VMware Harbor Container Registry for Pivotal Platform
04 déc 2019	CVE-2019-19026	SQL Injection via project quotas in VMware Harbor Container Registry for Pivotal Platform
04 déc 2019	CVE-2019-3990	User Enumeration Flaw in VMware Harbor Container Registry for Pivotal Platform
04 déc 2019	CVE-2019-19025	Cross-Site Request Forgery Vulnerability in VMware Harbor Container Registry for Pivotal Platform
04 déc 2019	CVE-2019-9517	CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9518, CVE-2019-9511, CVE-2019-9516, Some Pivotal products are impacted by HTTP/2 denial of service attacks
03 déc 2019	CVE-2019-11293	UAA logs all query parameters with debug logging level
22 nov 2019	CVE-2019-11291	RabbitMQ XSS attack via federation and shovel endpoints
22 nov 2019	CVE-2019-11287	RabbitMQ Web Management Plugin DoS via heap overflow
18 nov 2019	CVE-2019-11289	A forged route service request using an invalid nonce can cause the gorouter to panic and crash
06 nov 2019	CVE-2019-9893	libseccomp incorrectly generate 64-bit syscall argument comparisons
28 oct 2019	CVE-2019-16869	Reactor Netty Consumes a Vulnerable Version of Netty
24 oct 2019	CVE-2019-11249	PKS consumes a vulnerable version of kubectl
23 oct 2019	CVE-2019-11283	Password leak in smbdriver logs
17 oct 2019	CVE-2019-16919	Broken access control vulnerability in Harbor API
15 oct 2019	CVE-2019-11278	Privilege Escalation via Blind SCIM Injection in UAA
15 oct 2019	CVE-2019-11279	Privilege Escalation via Scope Manipulation in UAA
15 oct 2019	CVE-2019-11247	Kubernetes API Server Vulnerability
15 oct 2019	CVE-2018-15664	Docker Symlink Directory Traversal Vulnerability
15 oct 2019	CVE-2019-13139	Docker build code execution
14 oct 2019	CVE-2019-11281	RabbitMQ XSS attack
11 oct 2019	CVE-2019-11284	Reactor Netty authentication leak in redirects
25 sept 2019	CVE-2019-11275	CSV Injection in usage report downloaded from Pivotal Application Manager
23 sept 2019	CVE-2019-11277	Volume Services is vulnerable to an LDAP injection attack
19 sept 2019	CVE-2019-11280	Privilege escalation through the invitations service
20 août 2019	CVE-2019-3775	UAA allows users to modify their own email address
20 août 2019	CVE-2019-3788	UAA redirect-uri allows wildcards in the subdomain
20 août 2018	CVE-2019-3787	UAA defaults email address to an insecure domain
20 août 2019	CVE-2019-10164	Critical Security Issue in PostgreSQL
19 août 2019	CVE-2019-11276	Apps Manager sends tokens to Spring apps via HTTP
15 août 2019	CVE-2017-15694	Pivotal GemFire and Cloud Cache consume vulnerable versions of Apache Geode
14 août 2019	CVE-2019-13232	ClamAV Add-on for PCF consumes a vulnerable version of ClamAV
01 août 2019	CVE-2019-11270	UAA clients.write vulnerability
25 juil 2019	CVE-2019-3800	CF CLI writes the client id and secret to config file
25 juil 2019	CVE-2019-3781	CF CLI does not sanitize user's password in verbose/trace/debug
23 juil 2019	CVE-2019-11273	PKS Telemetry logs credentials
22 juil 2019	VARIOUS-SQL	Various MySQL Security Updates from July 2018 through January 2019
22 juil 2019	USN-4017-1	Linux kernel vulnerabilities
18 juil 2019	CVE-2019-3786	BBR could run arbitrary scripts on deployment VMs
28 juin 2019	CVE-2019-11271	Bosh Deployment logs leak sensitive information
19 juin 2019	CVE-2019-11272	PlaintextPasswordEncoder authenticates encoded passwords that are null
30 mai 2019	CVE-2019-5021	Tile generator affected by insecure default password
30 mai 2019	CVE-2019-11269	Open Redirector in spring-security-oauth2
24 mai 2019	CVE-2019-3790	Ops Manager uaa client issues tokens after refresh token expiration
13 mai 2019	CVE-2019-3802	Additional information exposure with Spring Data JPA example matcher
25 avril 2019	CVE-2019-3801	Java Projects using HTTP to fetch dependencies
24 avril 2019	CVE-2019-3798	Escalation of Privileges in Cloud Controller
24 avril 2019	CVE-2019-3789	Gorouter allows space developer to hijack route services hosted outside the platform
16 avril 2019	CVE-2019-3799	Directory Traversal with spring-cloud-config-server
12 avril 2019	CVE-2019-3793	Invitations Service supports HTTP connections
08 avril 2019	CVE-2019-3797	Additional information exposure with Spring Data JPA derived queries
04 avril 2019	CVE-2019-3795	Insecure Randomness When Using a SecureRandom Instance Constructed by Spring Security
01 avril 2019	CVE-2019-9946	Kubernetes affecting certain network configurations with CNI
01 avril 2019	CVE-2019-1002100	Kubernetes API Server Patch Request Consumes Excess Resource Cause Denial of Service
01 avril 2019	CVE-2019-1002101	Kubernetes kubectl - potential directory traversal
25 mars 2019	CVE-2019-3792	Concourse 5.0.0 SQL Injection vulnerability
07 mars 2019	CVE-2019-8331	Bootstrap XSS
28 févr 2019	CVE-2018-15754	UAA issues tokens across identity providers if users with matching usernames exist
26 févr 2019	CVE-2019-3777	Apps Manager unverified SSL certs in Cloud Controller proxy
21 févr 2019	CVE-2019-3778	Open Redirector in spring-security-oauth2
19 févr 2019	CVE-2019-3776	Reflected XSS in Pivotal Operations Manager
14 févr 2019	CVE-2019-3780	Cloud Foundry Container Runtime Leaks IAAS Credentials
14 févr 2019	CVE-2019-3779	Pivotal Container Service allows a user to bypass security policy when talking to ETCD
14 janv 2019	CVE-2019-3772	XML External Entity Injection (XXE)
14 janv 2019	CVE-2019-3773	XML External Entity Injection (XXE)
14 janv 2019	CVE-2019-3774	XML External Entity Injection (XXE)
08 janv 2019	KUBERNETES-API-SERVER	Kubernetes API Server acts as proxy for internal and external IPs
08 janv 2019	CVE-2019-3803	Concourse includes token in CLI authentication callback
04 janv 2019	CVE-2018-18264	Kubernetes Dashboard TLS Certificate Leak
18 déc 2018	CVE-2018-15801	Authorization Bypass During JWT Issuer Validation with spring-security
13 déc 2018	CVE-2018-15798	Pivotal Concourse allows malicious redirect urls on login
05 déc 2018	CVE-2018-1279	RabbitMQ cluster compromise due to deterministically generated cookie
15 nov 2018	CVE-2018-15759	On Demand Services SDK Timing Attack Vulnerability
09 nov 2018	CVE-2018-15795	CredHub Service Broker uses guessable client secret
29 oct 2018	CVE-2018-15762	Pivotal Operations Manager gives all users heightened privileges
16 oct 2018	CVE-2018-15758	Privilege Escalation in spring-security-oauth2
16 oct 2018	CVE-2018-15756	DoS Attack via Range Requests
10 oct 2018	CVE-2018-11084	Garden-runC prevents deletion of some app environments
10 oct 2018	CVE-2018-15755	CF networking internal policy server SQL injection
03 oct 2018	CVE-2018-11083	BOSH accepts refresh token as access token
02 oct 2018	CVE-2018-15763	PKS leaks IaaS credentials to application logs
27 sept 2018	CVE-2018-11081	Ops Manager writes UAA credentials to disk
13 sept 2018	CVE-2018-1198	PCC bosh deployment logs print a superuser password in plain text
13 sept 2018	CVE-2018-11088	CF admin credentials accessible to developers through Applications Manager
13 sept 2018	CVE-2018-11086	CF admin credentials accessible to developers through usage service
11 sept 2018	CVE-2018-11087	RabbitMQ (Spring-AMQP) Host name verification
23 juil 2018	CVE-2018-11044	Apps Manager allows unescaped content in invitation emails
10 juil 2018	CVE-2018-11045	Operations Manager image contains static LRNG seed file
20 juin 2018	CVE-2018-11046	Operations Manager includes outdated NGINX packages
14 juin 2018	CVE-2018-11040	JSONP enabled by default in MappingJackson2JsonView
14 juin 2018	CVE-2018-11039	Cross Site Tracing (XST) with Spring Framework
11 mai 2018	CVE-2018-1263	Unsafe Unzip with spring-integration-zip
10 mai 2018	CVE-2018-1278	Apps Manager allows unauthorized org invitations
09 mai 2018	CVE-2018-1261	Unsafe Unzip with spring-integration-zip
09 mai 2018	CVE-2018-1260	Remote Code Execution with spring-security-oauth2
09 mai 2018	CVE-2018-1259	XXE with Spring Data’s XMLBeam integration
09 mai 2018	CVE-2018-1258	Unauthorized Access with Spring Security Method Security
09 mai 2018	CVE-2018-1257	ReDoS Attack with spring-messaging
07 mai 2018	CVE-2018-1280	Blind SQL injection in Pivotal Greenplum Command Center
30 avril 2018	CVE-2018-1256	Issuer validation regression in Spring Cloud SSO Connector
10 avril 2018	CVE-2018-1274	Denial of Service with Spring Data
10 avril 2018	CVE-2018-1273	RCE with Spring Data Commons
09 avril 2018	CVE-2018-1275	Address partial fix for CVE-2018-1270
05 avril 2018	CVE-2018-1272	Multipart Content Pollution with Spring Framework
05 avril 2018	CVE-2018-1271	Directory Traversal with Spring MVC on Windows
05 avril 2018	CVE-2018-1270	Remote Code Execution with spring-messaging
16 mars 2018	CVE-2018-1230	Spring Batch Admin vulnerable to Cross Site Request Forgery
16 mars 2018	CVE-2018-1229	Stored XSS in file upload of Spring Batch Admin
13 févr 2018	CVE-2018-1200	Apps Manager File Access Vulnerability
30 janv 2018	CVE-2018-1196	Symlink privilege escalation attack via Spring Boot launch script
29 janv 2018	CVE-2018-1199	Security bypass with static resources
16 oct 2017	CVE-2017-8028	Spring-LDAP authentication with userSearch and STARTTLS allows authentication with arbitrary password
21 sept 2017	CVE-2017-8046	RCE in PATCH requests in Spring Data REST
19 sept 2017	CVE-2017-8045	Remote code execution in spring-amqp
15 sept 2017	CVE-2017-8039	Data Binding Expression Vulnerability in Spring Web Flow
31 août 2017	CVE-2017-8044	XSS vulnerability in Single Sign-On for PCF via DOM-based query parameters
31 août 2017	CVE-2017-8041	XSS vulnerability in org name in Single Sign-On for PCF
31 août 2017	CVE-2017-8040	XXE Vulnerability in Single Sign-On for PCF
08 juin 2017	CVE-2017-4995	Jackson Configuration Allows Code Execution with Unknown “Serialization Gadgets”
31 mai 2017	CVE-2017-4971	Data Binding Expression Vulnerability in Spring Web Flow
15 mai 2017	CVE-2017-4975	Tile generator sets open security groups
04 mai 2017	CVE-2017-4966	RabbitMQ local storage of credentials
04 mai 2017	CVE-2017-4965	XSS vulnerabilities in RabbitMQ management UI
27 mars 2017	CVE-2017-2773	Unauthenticated JWT signing algorithm in multiple components
24 mars 2017	CVE-2017-4955	Credentials in Elastic Runtime Notifications errand log
14 févr 2017	CVE-2017-4959	Pivotal Cloud Foundry account authorization vulnerability
09 févr 2017	CVE-2016-9880	Unauthenticated access to GemFire for PCF broker endpoints
04 janv 2017	CVE-2016-9885	gfsh exposed over go router for GemFire for PCF
28 déc 2016	CVE-2016-9879	Encoded "/" in path variables
28 déc 2016	CVE-2016-0898	Service backups log AWS key
21 déc 2016	CVE-2016-9878	Directory Traversal in the Spring Framework ResourceServlet
19 déc 2016	CVE-2016-9877	RabbitMQ authentication vulnerability
31 oct 2016	CVE-2016-6657	PCF Open Redirects
31 oct 2016	CVE-2016-6656	Code injection vulnerability via GPHDFS in Greenplum database
30 sept 2016	CVE-2016-6652	Spring Data JPA Blind SQL Injection Vulnerability
12 sept 2016	CVE-2016-0930	Ops Manager Compilation VMs Vulnerability on vSphere and vCloud
27 juil 2016	CVE-2016-0896	IaaS Metadata Endpoint Accessible from Application Containers
15 juil 2016	CVE-2016-0929	RabbitMQ for PCF vulnerability
07 juil 2016	CVE-2016-5007	Spring Security / MVC Path Matching Inconsistency
07 juil 2016	CVE-2016-0926	Apps Manager XSS vulnerability
05 juil 2016	CVE-2016-4977	Remote Code Execution (RCE) in Spring Security OAuth
29 juin 2016	CVE-2016-0928	PCF Open Redirects
24 juin 2016	CVE-2016-0897	Ops Manager vSphere and vCloud vulnerability
23 juin 2016	CVE-2016-0927	Ops Manager XSS vulnerability
11 avril 2016	CVE-2016-2173	Remote Code Execution in Spring AMQP
23 mars 2016	CVE-2016-0780	Cloud Controller Disk Quota Enforcement
23 mars 2016	CVE-2016-2165	Loggregator Request URL Paths
23 mars 2016	CVE-2016-0781	UAA Persistent XSS Vulnerability
03 févr 2016	CVE-2016-0883	Pivotal Ops Manager Weak Authentication Scheme
12 nov 2015	CVE-2015-5258	Spring Social CSRF
15 oct 2015	CVE-2015-5211	RFD Attack in Spring Framework
30 juin 2015	CVE-2015-3192	DoS Attack with XML Input
06 mars 2015	CVE-2015-0201	Insufficiently random session id in Java SockJS client
13 janv 2015	CVE-2014-3626	Directory Traversal in Grails Resources Plugin
11 nov 2014	CVE-2014-3625	Directory Traversal in Spring Framework
05 sept 2014	CVE-2014-3578	Directory Traversal in Spring Framework
15 août 2014	CVE-2014-3527	Access Control Bypass in Spring Security
28 mai 2014	CVE-2014-0225	Information Disclosure when using Spring MVC
11 mars 2014	CVE-2014-1904	XSS when using Spring MVC
11 mars 2014	CVE-2014-0097	Blank password may bypass user authentication
11 mars 2014	CVE-2014-0054	Incomplete fix for CVE-2013-7315 / CVE-2013-6429 (XXE)
19 févr 2014	CVE-2014-0053	Information Disclosure when using Grails
14 janv 2014	CVE-2013-6430	Possible XSS when using Spring MVC
14 janv 2014	CVE-2013-6429	Incomplete fix for CVE-2013-7315 (XXE)
22 août 2013	CVE-2013-7315	XML External Entity (XXE) injection in Spring Framework
22 août 2013	CVE-2013-4152	XML eXternal Entity (XXE) injection in Spring Framework

Notable Vulnerabilities in Dependencies[1]

Date	CVE Reference	Description
30 juil 2020	USN-4394-1	SQLite vulnerabilities
30 juil 2020	USN-4390-1	Linux kernel vulnerabilities
30 juil 2020	USN-4385-2	Intel Microcode regression
30 juil 2020	USN-4385-1	Intel Microcode vulnerabilities
30 juil 2020	USN-4377-1	ca-certificates update
30 juil 2020	USN-4376-1	OpenSSL vulnerabilities
30 juil 2020	USN-4360-4	json-c vulnerability
30 juil 2020	USN-3911-2	file regression
14 mai 2020	USN-4318-1	Linux kernel vulnerabilities
28 avril 2020	USN-4345-1	Linux kernel vulnerabilities
23 avril 2020	USN-4305-1	ICU vulnerability
23 avril 2020	USN-4302-1	Linux kernel vulnerabilities
23 avril 2020	USN-4298-1	SQLite vulnerabilities
21 avril 2020	USN-4333-1	Python vulnerabilities
08 avril 2020	USN-4292-1	rsync vulnerabilities
02 mars 2020	USN-4293-1	libarchive vulnerabilities
18 févr 2020	USN-4287-1	Linux kernel vulnerabilities
10 févr 2020	USN-4274-1	libxml2 vulnerabilities
05 févr 2020	USN-4269-1	systemd vulnerabilities
03 févr 2020	USN-4263-1	Sudo vulnerability
28 janv 2020	USN-4255-2	Linux kernel (HWE) vulnerabilities
28 janv 2020	USN-4256-1	Cyrus SASL vulnerability
27 janv 2020	USN-4252-1	tcpdump vulnerabilities
23 janv 2020	USN-4233-2	GnuTLS update
23 janv 2020	USN-4249-1	e2fsprogs vulnerability
22 janv 2020	USN-4247-1	python-apt vulnerabilities
22 janv 2020	USN-4247-2	python-apt regression
22 janv 2020	USN-4246-1	zlib vulnerabilities
20 janv 2020	USN-4242-1	Sysstat vulnerabilities
20 janv 2020	USN-4243-1	libbsd vulnerabilities
19 janv 2020	CVE-2020-0601	Windows Stemcells vulnerable to Windows CryptoAPI Spoofing Vulnerability
15 janv 2020	USN-4205-1	SQLite vulnerabilities
15 janv 2020	USN-4215-1	NSS vulnerability
15 janv 2020	USN-4182-3	Intel Microcode regression
15 janv 2020	USN-4220-1	Git vulnerabilities
15 janv 2020	USN-4210-1	Linux kernel vulnerabilities
14 janv 2020	USN-4236-2	Libgcrypt vulnerability
13 janv 2020	USN-4235-1	nginx vulnerability
09 janv 2020	USN-4233-1	GnuTLS update
08 janv 2020	USN-4231-1	NSS vulnerability
07 janv 2020	USN-4227-1	Linux kernel vulnerabilities
18 déc 2019	USN-4194-1	postgresql-common vulnerability
18 déc 2019	USN-4185-1	Linux kernel vulnerabilities
18 déc 2019	USN-4162-1	Linux kernel vulnerabilities
18 déc 2019	USN-4191-1	QEMU vulnerabilities
18 déc 2019	USN-4164-1	Libxslt vulnerabilities
18 déc 2019	USN-4190-1	libjpeg-turbo vulnerabilities
18 déc 2019	USN-4176-1	GNU cpio vulnerability
18 déc 2019	USN-4172-1	file vulnerability
18 déc 2019	USN-4203-1	NSS vulnerability
18 déc 2019	USN-4169-1	libarchive vulnerability
18 déc 2019	USN-4182-1	Intel Microcode update
18 déc 2019	USN-4185-3	Linux kernel vulnerability and regression
18 déc 2019	USN-4199-1	libvpx vulnerabilities
11 déc 2019	USN-4221-1	libpcap vulnerability
25 nov 2019	CVE-2019-15587	Ops Manager contains a vulnerable Loofah gem
14 nov 2019	USN-4004-1	Berkeley DB vulnerability
14 nov 2019	USN-4038-1	bzip2 vulnerabilities
14 nov 2019	USN-3911-1	file vulnerabilities
14 nov 2019	USN-4015-1	DBus vulnerability
14 nov 2019	USN-4011-1	Jinja2 vulnerabilities
14 nov 2019	USN-4008-2	AppArmor update
14 nov 2019	USN-3999-1	GnuTLS vulnerabilities
14 nov 2019	USN-3967-1	FFmpeg vulnerabilities
14 nov 2019	USN-3990-1	urllib3 vulnerabilities
14 nov 2019	USN-4040-1	Expat vulnerability
14 nov 2019	USN-3885-2	OpenSSH vulnerability
14 nov 2019	USN-3993-1	curl vulnerabilities
14 nov 2019	USN-4012-1	elfutils vulnerabilities
14 nov 2019	USN-3968-1	Sudo vulnerabilities
14 nov 2019	USN-4016-1	Vim vulnerabilities
14 nov 2019	USN-4019-1	SQLite vulnerabilities
06 nov 2019	USN-4151-1	Python vulnerabilities
06 nov 2019	USN-4144-1	Linux kernel vulnerabilities
06 nov 2019	USN-4142-1	e2fsprogs vulnerability
06 nov 2019	USN-4132-1	Expat vulnerability
06 nov 2019	USN-4129-1	curl vulnerabilities
06 nov 2019	USN-4127-1	Python vulnerabilities
06 nov 2019	USN-4126-1	FreeType vulnerability
30 sept 2019	USN-4135-1	Linux kernel vulnerabilities
30 sept 2019	USN-4115-2	Linux kernel regression
30 sept 2019	USN-4115-1	Linux kernel vulnerabilities
30 sept 2019	USN-4094-1	Linux kernel vulnerabilities
30 sept 2019	USN-4071-1	Patch vulnerabilities
30 sept 2019	USN-4049-3	GLib regression
24 sept 2019	CVE-2019-16097	Harbor Privilege Escalation
05 sept 2019	USN-4099-1	nginx vulnerabilities
05 sept 2019	USN-4090-1	PostgreSQL vulnerabilities
05 sept 2019	USN-4068-2	Linux kernel (HWE) vulnerabilities
05 sept 2019	USN-4060-1	NSS vulnerabilities
05 sept 2019	USN-4058-1	Bash vulnerability
05 sept 2019	USN-4049-1	GLib vulnerability
05 sept 2019	USN-4038-3	bzip2 regression
06 août 2019	USN-4041-1	Linux kernel update
05 août 2019	USN-4014-1	GLib vulnerability
05 août 2019	USN-4001-1	libseccomp vulnerability
05 août 2019	USN-3977-3	Intel Microcode update (AKA ZombieLoad Attack)
19 juin 2019	USN-3981-2	Linux kernel (HWE) vulnerabilities (AKA ZombieLoad Attack)
19 juin 2019	USN-3977-2	Intel Microcode update (AKA ZombieLoad Attack)
19 juin 2019	USN-3977-1	Intel Microcode update (AKA ZombieLoad Attack)
21 mai 2019	USN-3972-1	PostgreSQL vulnerabilities
21 mai 2019	USN-3962-1	libpng vulnerability
21 mai 2019	USN-3960-1	WavPack vulnerability
21 mai 2019	USN-3947-1	Libxslt vulnerability
21 mai 2019	USN-3943-1	Wget vulnerabilities
21 mai 2019	USN-3932-2	Linux kernel (Xenial HWE) vulnerabilities
21 mai 2019	USN-3931-2	Linux kernel (HWE) vulnerabilities
08 mai 2019	USN-3935-1	BusyBox vulnerabilities
25 avril 2019	USN-3945-1	Ruby vulnerabilities
25 avril 2019	USN-3910-2	Linux kernel (Xenial HWE) vulnerabilities
25 avril 2019	USN-3906-1	LibTIFF vulnerabilities
25 avril 2019	USN-3901-2	Linux kernel (HWE) vulnerabilities
25 avril 2019	USN-3900-1	GD vulnerabilities
25 avril 2019	USN-3899-1	OpenSSL vulnerability
25 avril 2019	USN-3898-1	NSS vulnerability
25 avril 2019	USN-3891-1	systemd vulnerability
25 avril 2019	USN-3885-1	OpenSSH vulnerabilities
25 avril 2019	USN-3884-1	libarchive vulnerabilities
25 avril 2019	USN-3882-1	curl vulnerabilities
25 avril 2019	USN-3879-2	Linux kernel (Xenial HWE) vulnerabilities
25 avril 2019	USN-3871-4	Linux kernel (HWE) vulnerabilities
25 avril 2019	USN-3864-1	LibTIFF vulnerabilities
25 avril 2019	USN-3859-1	libarchive vulnerabilities
25 avril 2019	USN-3848-2	Linux kernel (Xenial HWE) vulnerabilities
25 avril 2019	USN-3847-2	Linux kernel (HWE) vulnerabilities
25 avril 2019	USN-3840-1	OpenSSL vulnerabilities
25 avril 2019	USN-3834-1	Perl vulnerabilities
25 avril 2019	USN-3816-3	systemd regression
25 avril 2019	USN-3855-1	systemd vulnerabilities
25 avril 2019	USN-3863-1	APT vulnerability
13 févr 2019	CVE-2019-5736	runC container breakout
06 févr 2019	USN-3836-2	Linux kernel (HWE) vulnerabilities
06 févr 2019	USN-3841-1	lxml vulnerability
06 févr 2019	USN-3850-1	NSS vulnerabilities
03 janv 2019	USN-3843-1	pixman vulnerability
03 janv 2019	USN-3816-2	systemd vulnerability
03 janv 2019	USN-3839-1	WavPack vulnerabilities
03 janv 2019	USN-3829-1	Git vulnerabilities
14 déc 2018	USN-3805-1	curl vulnerabilities
14 déc 2018	USN-3809-1	OpenSSH vulnerabilities
14 déc 2018	USN-3812-1	nginx vulnerabilities
14 déc 2018	USN-3815-1	gettext vulnerability
14 déc 2018	USN-3817-1	Python vulnerabilities
14 déc 2018	USN-3821-2	Linux kernel (Xenial HWE) vulnerabilities
12 déc 2018	USN-3820-2	Linux kernel (HWE) vulnerabilities
12 déc 2018	USN-3816-1	systemd vulnerabilities
12 déc 2018	USN-3806-1	systemd vulnerability
12 déc 2018	USN-3808-1	Ruby vulnerabilities
03 déc 2018	CVE-2018-15797	NFS Volume release errand leaks cf admin credentials in logs
03 déc 2018	CVE-2018-1002105	Proxy request handling in kube-apiserver can leave vulnerable TCP connections
28 nov 2018	USN-3797-2	Linux kernel (Xenial HWE) vulnerabilities
08 nov 2018	USN-3800-1	audiofile vulnerabilities
08 nov 2018	USN-3791-1	Git vulnerability
08 nov 2018	USN-3786-1	libxkbcommon vulnerabilities
08 nov 2018	USN-3785-1	ImageMagick vulnerabilities
06 nov 2018	CVE-2018-15761	UAA Privilege Escalation
26 oct 2018	USN-3790-1	Requests vulnerability
26 oct 2018	USN-3777-2	Linux kernel (HWE) vulnerabilities
26 oct 2018	USN-3762-2	Linux kernel (HWE) vulnerabilities
09 oct 2018	USN-3752-2	Linux kernel (HWE) vulnerabilities
09 oct 2018	USN-3765-1	curl vulnerability
09 oct 2018	USN-3767-1	GLib vulnerabilities
09 oct 2018	USN-3770-1	Little CMS vulnerabilities
27 sept 2018	USN-3759-1	libtirpc vulnerabilities
27 sept 2018	USN-3758-1	libx11 vulnerabilities
27 sept 2018	USN-3756-1	Intel Microcode vulnerabilities
27 sept 2018	USN-3755-1	GD vulnerabilities
27 sept 2018	USN-3753-2	Linux kernel (Xenial HWE) vulnerabilities
27 sept 2018	USN-3744-1	PostgreSQL vulnerabilities
27 sept 2018	USN-3741-2	Linux kernel (Xenial HWE) vulnerabilities
27 sept 2018	USN-3739-1	libxml2 vulnerabilities
27 sept 2018	USN-3736-1	libarchive vulnerabilities
27 sept 2018	USN-3733-1	GnuPG vulnerability
27 sept 2018	USN-3729-1	libxcursor vulnerability
27 sept 2018	USN-3712-1	libpng vulnerabilities
27 sept 2018	USN-3696-2	Linux kernel (Xenial HWE) vulnerabilities
27 sept 2018	USN-3692-1	OpenSSL vulnerabilities
27 sept 2018	USN-3690-2	AMD Microcode regression
27 sept 2018	USN-3690-1	AMD Microcode update
27 sept 2018	USN-3689-1	Libgcrypt vulnerability
27 sept 2018	USN-3605-1	Sharutils vulnerability
27 sept 2018	USN-3589-1	PostgreSQL vulnerability
27 sept 2018	USN-3564-1	PostgreSQL vulnerability
27 sept 2018	USN-3532-1	GDK-PixBuf vulnerabilities
27 sept 2018	USN-3509-4	Linux kernel (Xenial HWE) regression
27 sept 2018	USN-3352-1	nginx vulnerability
09 août 2018	CVE-2018-8037	Apache Tomcat - NIO/NIO2 connectors user sessions can get mixed up
09 août 2018	CVE-2018-1336	Apache Tomcat - UTF-8 decoder can lead to DoS
02 août 2018	USN-3711-1	ImageMagick vulnerabilities
02 août 2018	USN-3707-1	NTP vulnerabilities
02 août 2018	USN-3706-1	libjpeg-turbo vulnerabilities
23 juil 2018	CVE-2018-11047	UAA accepts refresh token as access token on admin endpoints
20 juil 2018	USN-3693-1	JasPer vulnerabilities
20 juil 2018	USN-3686-1	file vulnerabilities
20 juil 2018	USN-3684-1	Perl vulnerability
20 juil 2018	USN-3681-1	ImageMagick vulnerabilities
20 juil 2018	USN-3676-2	Linux kernel (Xenial HWE) vulnerabilities
20 juil 2018	USN-3675-1	GnuPG vulnerabilities
20 juil 2018	USN-3658-1	procps-ng vulnerabilities
17 juil 2018	CVE-2018-11041	UAA open redirect
16 juil 2018	CVE-2018-1269	Loggregator does not properly close some TCP connections
16 juil 2018	CVE-2018-1268	Loggregator lacks app GUID validation
19 juin 2018	CVE-2018-1265	Diego does not properly sanitize file paths in tar/zip files
21 juin 2018	USN-3671-1	Git vulnerabilities
21 juin 2018	USN-3654-2	Linux kernel (Xenial HWE) vulnerabilities
21 juin 2018	USN-3648-1	curl vulnerabilities
14 juin 2018	USN-3643-1	Wget vulnerability
14 juin 2018	USN-3641-1	Linux kernel vulnerabilities
14 juin 2018	USN-3631-2	Linux kernel (Xenial HWE) vulnerabilities
14 juin 2018	USN-3628-1	OpenSSL vulnerability
14 juin 2018	USN-3625-1	Perl vulnerabilities
14 juin 2018	USN-3624-1	Patch vulnerabilities
14 juin 2018	USN-3622-1	Wayland vulnerability
21 mai 2018	CVE-2018-1277	Garden does not correctly enforce Docker image disc quotas
21 mai 2018	CVE-2018-1276	Windows2012R2 stemcell exposes IaaS metadata on vSphere
10 mai 2018	MS-ISAC-2018-046	MS-ISAC 2018-046 Multiple Vulnerabilities in PHP
08 mai 2018	CVE-2018-1191	Garden may log Docker passwords
02 mai 2018	USN-3619-2	Linux kernel (Xenial HWE) vulnerabilities
02 mai 2018	USN-3611-1	OpenSSL vulnerability
02 mai 2018	USN-3610-1	ICU vulnerability
02 mai 2018	USN-3606-1	LibTIFF vulnerabilities
02 mai 2018	USN-3604-1	libvorbis vulnerabilities
02 mai 2018	USN-3602-1	LibTIFF vulnerabilities
02 mai 2018	USN-3598-1	curl vulnerabilities
02 mai 2018	USN-3586-1	DHCP vulnerabilities
02 mai 2018	USN-3584-1	sensible-utils vulnerability
02 mai 2018	USN-3569-1	libvorbis vulnerabilities
02 mai 2018	USN-3554-1	curl vulnerabilities
02 mai 2018	USN-3547-1	Libtasn1 vulnerabilities
02 mai 2018	USN-3543-1	rsync vulnerabilities
02 mai 2018	USN-3534-1	GNU C Library vulnerabilities
02 mai 2018	USN-3506-1	rsync vulnerabilities
02 mai 2018	USN-3501-1	libxcursor vulnerability
02 mai 2018	USN-3346-2	Bind regression
30 avril 2018	CVE-2018-1197	GCP Metadata Endpoint Accessible from Application Containers on Windows
05 avril 2018	CVE-2018-1266	Cloud Controller file modification via malicious application
05 avril 2018	CVE-2018-1231	BOSH CLI does not restrict access to configuration file
03 avril 2018	USN-3582-2	Linux kernel (Xenial HWE) vulnerabilities
28 mars 2018	CVE-2018-1195	Cloud Controller API will accept a refresh token for authentication
28 mars 2018	CVE-2018-1192	UAA SessionID present in Audit Event Logs
28 mars 2018	CVE-2018-1190	XSS on UAA OpenID Connect check session iframe endpoint
09 mars 2018	CVE-2018-1227	Concourse-dot-ci Domain Issue
27 févr 2018	VU475445	VU#475445 SAML Authentication Bypass
27 févr 2018	CVE-2018-1221	Gorouter websocket handling vulnerability
01 févr 2018	USN-3540-2	Linux kernel (Xenial HWE) vulnerabilities
01 févr 2018	USN-3538-1	OpenSSH vulnerabilities
01 févr 2018	USN-3535-1	Bind vulnerability
01 févr 2018	USN-3522-4	Linux (Xenial HWE) vulnerability
01 févr 2018	USN-3522-2	Linux (Xenial HWE) vulnerability
01 févr 2018	USN-3513-1	libxml2 vulnerability
01 févr 2018	USN-3504-1	libxml2 vulnerability
03 janv 2018	Meltdown and Spectre Attacks	Meltdown and Spectre Attacks
19 déc 2017	CVE-2017-1000353	Jenkins unauthenticated remote code execution
15 déc 2017	USN-3509-2	Linux kernel (Xenial HWE) vulnerabilities
15 déc 2017	USN-3505-1	Linux firmware vulnerabilities
15 déc 2017	USN-3498-1	curl vulnerabilities
15 déc 2017	USN-3496-3	Python vulnerability
15 déc 2017	USN-3496-1	Python vulnerability
15 déc 2017	USN-3489-1	Berkeley DB vulnerability
15 déc 2017	USN-3485-2	Linux kernel (Xenial HWE) vulnerabilities
15 déc 2017	USN-3478-1	Perl vulnerabilities
15 déc 2017	USN-3475-1	OpenSSL vulnerabilities
15 déc 2017	USN-3469-2	Linux kernel (Xenial HWE) vulnerabilities
15 déc 2017	USN-3464-1	Wget vulnerabilities
15 déc 2017	USN-3458-1	ICU vulnerability
15 déc 2017	USN-3457-1	curl vulnerability
21 nov 2017	USN-3454-1	libffi vulnerability
21 nov 2017	USN-3444-2	Linux kernel (Xenial HWE) vulnerabilities
21 nov 2017	USN-3441-1	curl vulnerabilities
21 nov 2017	USN-3437-1	OCaml vulnerability
21 nov 2017	USN-3434-1	Libidn vulnerability
21 nov 2017	USN-3432-1	ca-certificates update
21 nov 2017	USN-3424-1	libxml2 vulnerabilities
21 nov 2017	USN-3387-1	Git vulnerability
16 nov 2017	CVE-2017-8031	UAA Denial of Service through client token revocation endpoint
15 nov 2017	CVE-2017-14388	GrootFS doesn’t validate DiffIDs
11 oct 2017	CVE-2017-8048	Cloud Controller API regression
10 oct 2017	CVE-2017-8047	Cloud Foundry router open redirect
28 sept 2017	USN-3420-2	Linux kernel (Xenial HWE) vulnerabilities
28 sept 2017	USN-3418-1	GDK-PixBuf vulnerabilities
28 sept 2017	USN-3415-1	tcpdump vulnerabilities
28 sept 2017	USN-3411-1	Bazaar vulnerability
28 sept 2017	USN-3410-1	GD library vulnerability
28 sept 2017	USN-3405-2	Linux kernel (Xenial HWE) vulnerabilities
28 sept 2017	USN-3398-1	graphite2 vulnerabilities
08 sept 2017	CVE-2017-9805	Apache Struts Remote Code Execution
28 août 2017	USN-3392-2	Linux kernel (Xenial HWE) regression
21 août 2017	USN-3385-2	Linux kernel (Xenial HWE) vulnerabilities
14 août 2017	USN-3378-2	Linux kernel (Xenial HWE) vulnerabilities
14 août 2017	USN-3367-1	gdb vulnerabilities
14 août 2017	USN-3364-2	Linux kernel (Xenial HWE) vulnerabilities
14 août 2017	USN-3363-2	ImageMagick regression References
14 août 2017	USN-3363-1	ImageMagick vulnerabilities
14 août 2017	USN-3356-1	Expat vulnerability
14 août 2017	USN-3353-1	Heimdal vulnerability
14 août 2017	USN-3349-1	NTP vulnerabilities
14 août 2017	USN-3347-1	Libgcrypt vulnerabilities
14 août 2017	USN-3346-1	bind9 vulnerabilities
14 août 2017	USN-3344-2	Linux kernel (Xenial HWE) vulnerabilities
07 août 2017	CVE-2017-8037	Incomplete fix for Cloud Controller API access to CC VM contents
02 août 2017	CVE-2017-9022/CVE-2017-9023	strongSwan DOS Vulnerabilities
01 août 2017	CVE-2017-8038	Credentials readable from CredHub endpoint
25 juil 2017	CVE-2017-8036	Cloud Controller API regression
25 juil 2017	CVE-2017-8035	Cloud Controller API access to CC VM contents
25 juil 2017	CVE-2017-8033	Cloud Controller API filesystem traversal vulnerability
24 juil 2017	CVE-2017-8032	UAA Identity Zone Admin Privilege Escalation
05 juil 2017	CVE-2017-7485	PostgreSQL vulnerabilities
26 juin 2017	CVE-2017-5946	Directory Traversal in Rubyzip
26 juin 2017	USN-3334-1	Linux kernel (Xenial HWE) vulnerabilities
26 juin 2017	USN-3323-1	GNU C Library vulnerability
26 juin 2017	USN-3318-1	GnuTLS vulnerabilities
26 juin 2017	USN-3312-2	Linux kernel (Xenial HWE) vulnerabilities
26 juin 2017	USN-3311-1	libnl vulnerability
26 juin 2017	USN-3309-1	Libtasn1 vulnerability
26 juin 2017	USN-3302-1	ImageMagick vulnerabilities
26 juin 2017	USN-3212-2	LibTIFF regression
22 juin 2017	USN-3304-1	Sudo vulnerability
08 juin 2017	CVE-2017-4994	Forwarded Headers in UAA
08 juin 2017	USN-3295-1	JasPer vulnerabilities
08 juin 2017	USN-3294-1	Bash vulnerabilities
08 juin 2017	USN-3291-3	Linux kernel (Xenial HWE) vulnerabilities
08 juin 2017	USN-3287-1	Git vulnerability
08 juin 2017	USN-3283-1	rtmpdump vulnerabilities
08 juin 2017	USN-3282-1	FreeType vulnerabilities
08 juin 2017	USN-3276-2	shadow regression
08 juin 2017	USN-3263-1	FreeType vulnerability
08 juin 2017	USN-3259-1	Bind vulnerabilities
08 juin 2017	USN-3246-1	Eject vulnerability
08 juin 2017	USN-3181-1	OpenSSL vulnerabilities
19 mai 2017	CVE-2017-4992	Privilege escalation with user invitations
19 mai 2017	CVE-2017-4991	UAA password reset vulnerability
02 mai 2017	USN-3265-2	Linux kernel (Xenial HWE) vulnerabilities
01 mai 2017	CVE-2017-4974	Blind SQL Injection with privileged UAA endpoints
20 avril 2017	CVE-2015-3281	HAProxy vulnerabilities
20 avril 2017	CVE-2017-4973	Privilege Escalation in UAA
20 avril 2017	CVE-2017-4972	Blind SQL Injection in UAA
13 avril 2017	CVE-2017-4969	Bug in CC allows users to exceed quotas
12 avril 2017	USN-3256-2	Linux kernel (HWE) vulnerability
10 avril 2017	CVE-2017-4970	Staticfile buildpack ignores basic authentication when misconfigured
06 avril 2017	USN-3243-1	Git vulnerability
06 avril 2017	USN-3241-1	audiofile vulnerabilities
06 avril 2017	USN-3239-2	GNU C Library Regression
06 avril 2017	USN-3237-1	FreeType vulnerability
06 avril 2017	USN-3235-1	libxml2 vulnerabilities
06 avril 2017	USN-3232-1	ImageMagick vulnerabilities
06 avril 2017	USN-3227-1	ICU vulnerabilities
06 avril 2017	USN-3225-1	libarchive vulnerabilities
06 avril 2017	USN-3183-2	GnuTLS vulnerability
05 avril 2017	CVE-2017-5649	Apache Geode privilege escalation vulnerability
04 avril 2017	USN-3201-1	Bind vulnerabilities
04 avril 2017	USN-3234-2	Linux kernel (Xenial HWE) vulnerabilities
04 avril 2017	USN-3228-1	libevent vulnerabilities
04 avril 2017	USN-3247-1	AppArmor vulnerability
04 avril 2017	USN-3249-2	Linux kernel (Xenial HWE) vulnerability
31 mars 2017	USN-3222-1	ImageMagick vulnerabilities
31 mars 2017	USN-3213-1	GD library vulnerabilities
31 mars 2017	USN-3212-1	LibTIFF vulnerabilities
31 mars 2017	USN-3205-1	tcpdump vulnerabilities
31 mars 2017	USN-3142-2	ImageMagick vulnerabilities
29 mars 2017	CVE-2017-4963	Session Fixation for UAA External Authentication
17 mars 2017	USN-3196-1	Multiple PHP vulnerabilities
17 mars 2017	USN-3185-1	libXpm vulnerability
17 mars 2017	USN-3193-1	Nettle vulnerability
17 mars 2017	USN-3183-1	GnuTLS vulnerabilities
14 mars 2017	USN-3189-2	Linux kernel (Xenial HWE) vulnerabilities
14 mars 2017	CVE-2017-5638	Apache Struts Remote Code Execution
13 mars 2017	USN-3220-2	Linux kernel (Xenial HWE) vulnerability
09 mars 2017	CVE-2017-4960	UAA OAuth DOS via lockout feature
01 mars 2017	USN-3208-2	Linux kernel (Xenial HWE) vulnerabilities
31 janv 2017	USN-3172-1	Bind vulnerabilities
31 janv 2017	USN-3169-2	Linux kernel (Xenial HWE) vulnerabilities
31 janv 2017	USN-3161-2	Linux kernel (Xenial HWE) vulnerabilities
23 janv 2017	CVE-2016-6660	Cloud Controller logs application environment variables
19 janv 2017	USN-3024-1	tomcat6, tomcat7 vulnerabilities
12 janv 2017	RunC Exec	RunC Exec Vulnerability
10 janv 2017	CVE-2016-9882	Cloud Foundry Logs Service Credentials
29 déc 2016	CVE-2016-3958 and CVE-2016-3959	Golang vulnerabilities
27 déc 2016	USN-3146-2	Linux kernel (Xenial HWE) vulnerabilities
27 déc 2016	USN-3128-2	Linux kernel (Xenial HWE) vulnerability
27 déc 2016	USN-3142-1	ImageMagick vulnerabilities
19 déc 2016	CVE-2016-8219	Space Auditor can restage apps
21 déc 2016	Multiple CVEs	httpoxy vulnerabilities
20 déc 2016	USN-3156-1	APT vulnerability
19 déc 2016	USN-3131-1	ImageMagick vulnerabilities
19 déc 2016	USN-3067-1	HarfBuzz vulnerabilities
19 déc 2016	USN-3117-1	GD library vulnerabilities
14 déc 2016	USN-3132-1	tar vulnerability
14 déc 2016	USN-3134-1	Python vulnerabilities
14 déc 2016	USN-3139-1	Vim vulnerability
14 déc 2016	CVE-2016-6659	UAA Privilege Escalation
14 déc 2016	USN-3116-1	DBus vulnerabilities
14 déc 2016	USN-3119-1	Bind vulnerability
13 déc 2016	USN-3123-1	curl vulnerabilities
13 déc 2016	USN-3088-1	Bind vulnerability
09 déc 2016	CVE-2016-8218	Unauthenticated JWT signing algorithm in routing
07 déc 2016	USN-3151-2	Linux kernel (Xenial HWE) vulnerability
17 nov 2016	CVE-2016-6663/CVE-2016-6664	MariaDB Root Privilege Escalation
17 nov 2016	Several	PCRE vulnerabilities prior to version 8.39
07 nov 2016	USN-3096-1	NTP vulnerabilities
07 nov 2016	USN-3095-1	PHP vulnerabilities
02 nov 2016	CVE-2016-6658	Incomplete fix for Credential Vulnerability for Custom Buildpacks
21 oct 2016	CVE-2016-5195	Linux kernel vulnerability
17 oct 2016	CVE-2016-6655	Utility Script Command Injection
17 oct 2016	USN-3099-2	Linux kernel vulnerabilities
29 sept 2016	CVE-2016-6653	MySQL Audit logs sent to Syslog
28 sept 2016	USN-3087-2	OpenSSL Regression
28 sept 2016	USN-3083-1	Linux kernel vulnerabilities
28 sept 2016	USN-3068-1	Libidn vulnerabilities
28 sept 2016	CVE-2016-6662	Multiple MySQL Vulnerabilities
28 sept 2016	USN-3085-1	GDK-PixBuf vulnerabilities
26 sept 2016	CVE-2016-6651	Privilege Escalation in UAA
26 sept 2016	CVE-2016-6636	UAA Open Redirect Vulnerability for Subdomains
26 sept 2016	CVE-2016-6637	UAA CSRF Vulnerability for OAuth Approvals
21 sept 2016	CVE-2014-9130	LibYAML vulnerability
09 sept 2016	CVE-2016-6639	PHP Buildpack exposes .profile file
09 sept 2016	USN-3045-1	PHP vulnerabilities
25 août 2016	USN-3065-1	Libgcrypt vulnerability
25 août 2016	USN-3064-1	GnuPG vulnerability
25 août 2016	USN-3063-1	Fontconfig vulnerability
25 août 2016	USN-3061-1	OpenSSH vulnerability
25 août 2016	USN-3030-1/USN-3060-1	GD library vulnerability
25 août 2016	USN-3053-1/USN-3037-1	Linux kernel (Vivid HWE) vulnerability
25 août 2016	USN-3048-1	curl vulnerability
25 août 2016	USN-3033-1	libarchive vulnerability
18 août 2016	CVE-2016-5016	UAA accepts expired certificates
26 juil 2016	CVE-2016-5006	Cloud Controller API logs user-provided service credentials
13 juil 2016	USN-3010-1	Expat vulnerabilities
13 juil 2016	CVE-2016-4450	Nginx Vulnerabilities
13 juil 2016	USN-3012-1	Wget vulnerability
01 juil 2016	USN-3020-1	Linux kernel (Vivid HWE) vulnerabilities
30 juin 2016	CVE-2016-4468	UAA SQL Injection
15 juin 2016	USN-3001-1	Linux kernel (Vivid HWE) vulnerabilities
13 juin 2016	CVE-2016-4435	BOSH Agent Anonymous Endpoint
13 juin 2016	USN-2994-1	libxml2 vulnerabilities
13 juin 2016	USN-2991-1	nginx vulnerability
13 juin 2016	USN-2990-1	ImageMagick vulnerability (a.k.a. ImageTragick)
13 juin 2016	USN-2987-1	GD library vulnerabilities
13 juin 2016	USN-2985-2	GNU C Library regression
13 juin 2016	USN-2983-1	Expat vulnerability
13 juin 2016	USN-2981-1	libarchive vulnerabilities
13 juin 2016	USN-2966-1	OpenSSH vulnerabilities
13 juin 2016	USN-2961-1	Little CMS vulnerability
08 juin 2016	CVE-2013-7456	PHP vulnerabilities
03 juin 2016	USN-2970-1	Linux kernel (Vivid HWE) vulnerabilities
23 mai 2016	CVE-2016-3084	UAA Password Reset Vulnerability
19 mai 2016	USN-2977-1	Linux kernel (Vivid HWE) vulnerabilities
17 mai 2016	CVE-2016-3091	Diego log encoding vulnerability
06 mai 2016	USN-2959-1	OpenSSL vulnerabilities
06 mai 2016	USN-2957-1	Libtasn1 vulnerability
06 mai 2016	USN-2949-1	Linux kernel (Vivid HWE) vulnerabilities
06 mai 2016	USN-2943-1	PCRE vulnerabilities
06 mai 2016	USN-2935-2	PAM regression
02 mai 2016	CVE-2015-5170-5173	UAA Vulnerabilities
14 avril 2016	Badlock bug	Samba and Windows Vulnerabilities
24 mars 2016	USN-2939-1	LibTIFF vulnerabilities
24 mars 2016	USN-2927-1	Graphite2 vulnerabilities
24 mars 2016	USN-2925-1	Bind9 vulnerabilities
24 mars 2016	USN-2919-1	JasPer vulnerabilities
24 mars 2016	USN-2918-1	Pixman vulnerabilities
24 mars 2016	USN-2916-1	Perl vulnerabilities
24 mars 2016	USN-2914-1	OpenSSL vulnerabilities
24 mars 2016	NPM Ownership Issue	Warning about NPM modules
24 mars 2016	USN-2938-1	Git vulnerabilities
16 mars 2016	USN-2932-1	Linux kernel vulnerabilities
02 mars 2016	CVE-2016-0800	OpenSSL vulnerabilities
26 févr 2016	USN-2910-1	Linux kernel vulnerability
26 févr 2016	CVE-2016-0761	Docker Image Host Files Corruption
19 févr 2016	USN-2900-1	GNU libc vulnerability
02 févr 2016	CVE-2016-0732	Privilege Escalation
01 févr 2016	CVE-2016-0713	Gorouter XSS
22 janv 2016	USN-2871-1	Linux kernel vulnerability
20 janv 2016	CVE-2016-0715	Remote Information Disclosure
19 janv 2016	USN-2865-1	GnuTLS vulnerability
19 janv 2016	USN-2861-1	libpng vulnerability
19 janv 2016	USN-2868-1	DHCP vulnerability
19 janv 2016	USN-2869-1	OpenSSH vulnerability
18 janv 2016	CVE-2016-0708	Remote Information Disclosure
07 janv 2016	USN-2857-1	Linux kernel vulnerability
07 janv 2016	USN-2842-1/USN-2842-2	Linux kernel vulnerability
07 janv 2016	USN-2837-1	bind9 vulnerability
07 janv 2016	USN-2836-1	grub2 vulnerability
07 janv 2016	USN-2835-1	git vulnerability
07 janv 2016	USN-2834-1	libxml2 vulnerability
07 janv 2016	USN-2830-1	OpenSSL vulnerability
07 janv 2016	USN-2829-1	Linux kernel vulnerability
15 déc 2015	CVE-2015-5350	Garden Nstar vulnerability
04 déc 2015	USN-2821-1	GnuTLS vulnerability
04 déc 2015	USN-2820-1	dpkg vulnerability
02 déc 2015	USN-2815-1	PNG vulnerability
02 déc 2015	USN-2812-1	libxml2 vulnerability
02 déc 2015	USN-2810-1	Kerberos vulnerability
02 déc 2015	USN-2787-1	audiofile vulnerability
24 nov 2015	USN-2788-1/2788-2	unzip vulnerability
12 nov 2015	USN-2798-1	Linux kernel vulnerability
12 nov 2015	USN-2806-1	Linux kernel vulnerability
03 nov 2015	USN-2778-1	Linux kernel vulnerabilities
03 nov 2015	USN-2767-1	GDK-Pixbuf library vulnerability
07 oct 2015	Golang	Golang 1.4.3 CVE Fixes
07 oct 2015	USN-2722-1	GDK-PixBuf Vulnerabilities
07 oct 2015	USN-2711-1	Net-SNMP Vulnerabilities
07 oct 2015	USN-2739-1	FreeType Vulnerabilities
07 oct 2015	USN-2740-1	ICU Vulnerabilities
07 oct 2015	USN-2751-1	Linux Kernel (Vivid HWE) Vulnerability
07 oct 2015	USN-2756-1	rpcbind Vulnerability
07 oct 2015	USN-2765-1	Linux Kernel (Vivid HWE) Vulnerability
08 sept 2015	USN-2710-1	OpenSSH Vulnerabilities
08 sept 2015	USN-2698-1	SQLite Vulnerabilities
08 sept 2015	USN-2694-1	PCRE Vulnerabilities
08 sept 2015	USN-2718-1	Address Configuration Change Vulnerabilities
06 août 2015	USN-2696-1	OpenJDK 7 Vulnerabilities
29 juil 2015	CVE-2015-3290	Linux Kernel NMI Vulnerability
10 juil 2015	CVE-2015-1420	file_handle size verification
06 juil 2015	CVE-2015-1330	Unattended-Upgrades Vulnerability
25 juin 2015	CVE-2015-3189	Expire old reset password links
25 juin 2015	CVE-2015-3190	Open redirect on Login
25 juin 2015	CVE-2015-3191	CSRF attack on change email
12 juin 2015	USN-2639-1	OpenSSL vulnerabilities
12 juin 2015	CVE-2015-3636	ipv4 use-after-free
17 juin 2015	CVE-2015-1328	overlayfs privilege escalation
09 juin 2015	Redis LUA Sandbox	Redis LUA Exploit
22 mai 2015	CVE-2015-1834	Path Traversal Vulnerability
22 mai 2015	USN-2617-1	FUSE Vulnerability
30 avril 2015	CVE-2015-1855	Ruby OpenSSL Hostname Verification
23 mars 2015	CVE-2015-0282	Multiple GnuTLS Vulnerabilities
21 mars 2015	USN-2537-1	OpenSSL vulnerabilities
13 mars 2015	CVE-2014-8159	Linux Kernel Infiniband Vulnerability
09 févr 2015	CVE-2014-0227	Apache Tomcat Request Smuggling
28 janv 2015	CVE-2015-0235	GHOST
10 sept 2014	CVE-2013-4444	Remote Code Execution in Apache Tomcat
16 oct 2014	CVE-2014-3566	SSLV3 POODLE
29 sept 2014	CVE-2014-7186	Bash Out-of Bonds
25 sept 2014	CVE-2014-6271	Bash - ShellShock
19 sept 2014	CVE-2014-5119	glib_gconv_translit_find() exploit
18 août 2014	CVE-2014-3153	Futex requeue exploit
05 juin 2014	CVE-2014-0224	SSL/TLS MITM Vulnerability
10 avril 2014	CVE-2014-0160	Heartbleed

[1] This table is not yet a complete list of vulnerabilities in dependencies. Formulating such a list is an extensive undertaking which Pivotal is addressing systematically. When this table becomes a complete and comprehensive list, we will remove this footnote.

Thanks

Note: Reports of vulnerabilities in Pivotal products are listed in the credit section of the associated security announcement.