VMware Tanzu Advisories
Tanzu Security Advisories are currently published in two locations: On the VMware Security Advisories page and on this page. This page will be deprecated shortly. After the deprecation, information about USNs will be available in the form of a feed.
Reporting a vulnerability
The VMware Security Response team provides a single point of contact for the reporting of security vulnerabilities in VMware Tanzu products and coordinates the process of investigating any reported vulnerabilities.
To report a security vulnerability in a VMware service or product please refer to the VMware Security Response Policy.
VMware Tanzu Vulnerability Reports
| Date | CVE Reference | Description | ||
|---|---|---|---|---|
| 25 May 2021 | CVE-2021-22118 | Local Privilege Escalation within Spring Webflux Multipart Request Handling | ||
| 10 May 2021 | CVE-2021-22117 | RabbitMQ Sever vulnerable to arbitrary code execution attack | ||
| 10 May 2021 | CVE-2021-22116 | Denial-of-Service Vulnerability due to improper input validation in RabbitMQ server | ||
| 26 Feb 2021 | CVE-2021-22114 | Zip-slip mitigation bypass in Spring Integration Zip extension | ||
| 19 Feb 2021 | CVE-2021-22112 | Changing SecurityContext More Than Once in Single Request Can Fail to Save | ||
| 11 Feb 2021 | CVE-2021-22113 | Spring Cloud Netflix Zuul “Sensitive Headers” Bypass Vulnerability | ||
| 25 Jan 2021 | CVE-2020-5428 | Possibility of SQL Injection in Spring Cloud Task Execution Sorting Query | ||
| 25 Jan 2021 | CVE-2020-5427 | Possibility of SQL Injection in Spring Cloud Data Flow Task Execution Sorting Query | ||
| 01 Dec 2020 | CVE-2020-5423 | Cloud Controller is vulnerable to denial of service via YAML parsing | ||
| 16 Nov 2020 | CVE-2020-5417 | Cloud Controller may allow developers to claim sensitive routes | ||
| 12 Nov 2020 | CVE-2020-5422 | UAA password may appear in Operations Manager process arguments | ||
| 03 Nov 2020 | CVE-2020-5426 | Scheduler for TAS can transmit privileged UAA token in plaintext | ||
| 29 Oct 2020 | CVE-2020-5425 | User Impersonation possible in Tanzu SSO | ||
| 13 Oct 2020 | MYSQL-SECURITY-UPDATES-APR2020 | Various MySQL Security Updates from April 2020 | ||
| 13 Oct 2020 | MYSQL-SECURITY-UPDATES-JAN2020 | Various MySQL Security Updates from January 2020 | ||
| 17 Sep 2020 | CVE-2020-5421 | RFD Protection Bypass via jsessionid | ||
| 10 Sep 2020 | CVE-2020-5420 | Gorouter is vulnerable to DoS attack via invalid HTTP responses | ||
| 01 Sep 2020 | CVE-2020-5416 | TAS clusters with NGINX in front of them may be vulnerable to DoS | ||
| 27 Aug 2020 | CVE-2020-5419 | RabbitMQ arbitrary code execution using local binary planting | ||
| 11 Aug 2020 | CVE-2020-5415 | Concourse's GitLab auth allows impersonation | ||
| 04 Aug 2020 | CVE-2020-5412 | Hystrix Dashboard Proxy In spring-cloud-netflix-hystrix-dashboard | ||
| 30 Jul 2020 | CVE-2020-5414 | App Autoscaler logs credentials | ||
| 30 Jul 2020 | CVE-2020-5396 | JMX Insecure Default Configuration in GemFire | ||
| 30 Jul 2020 | MYSQL-SECURITY-UPDATES-OCT2019 | Various MySQL Security Updates from October 2019 | ||
| 30 Jul 2020 | MYSQL-SECURITY-UPDATES-JUL2019 | Various MySQL Security Updates from July 2019 | ||
| 30 Jul 2020 | CVE-2019-11286 | JMX Credential Deserialization in GemFire | ||
| 23 Jul 2020 | CVE-2020-5413 | Kryo Configuration Allows Code Execution with Unknown “Serialization Gadgets” | ||
| 16 Jul 2020 | CVE-2020-15586 | Gorouter is vulnerable to DoS Attack via Expect 100-continue requests | ||
| 10 Jun 2020 | CVE-2020-5411 | Jackson Configuration Allows Code Execution with Unknown “Serialization Gadgets” | ||
| 01 Jun 2020 | CVE-2020-5410 | Directory Traversal with spring-cloud-config-server | ||
| 26 May 2020 | CVE-2019-15605 | Node.js is vulnerable to request smuggling | ||
| 13 May 2020 | CVE-2020-5409 | Concourse Open Redirect in the /sky/login endpoint | ||
| 07 May 2020 | CVE-2020-5408 | Dictionary attack with Spring Security queryable text encryptor | ||
| 07 May 2020 | CVE-2020-5407 | Signature Wrapping Vulnerability with spring-security-saml2-service-provider | ||
| 14 Apr 2020 | CVE-2020-5402 | UAA fails to check the state parameter when authenticating with external IDPs | ||
| 09 Apr 2020 | CVE-2020-5406 | PCF Autoscaling logs its database credentials | ||
| 06 Apr 2020 | CVE-2019-11282 | UAA is vulnerable to a Blind SCIM injection leading to information disclosure | ||
| 06 Apr 2020 | CVE-2020-5400 | Cloud Controller logs environment variables from app manifests | ||
| 04 Mar 2020 | VARIOUS-JACKSON-CVES-UAA | Various CVEs UAA consumes vulnerable versions of FasterXML jackson-databind | ||
| 04 Mar 2020 | CVE-2019-11290 | UAA logs query parameters in tomcat access file | ||
| 03 Mar 2020 | CVE-2019-11253 | PKS is vulnerable to a YAML/JSON parsing "Billion Laughs" Attack | ||
| 27 Feb 2020 | CVE-2020-5403 | DoS Via Malformed URL with Reactor Netty HTTP Server | ||
| 27 Feb 2020 | CVE-2020-5404 | Authentication Leak On Redirect With Reactor Netty HttpClient | ||
| 26 Feb 2020 | CVE-2020-5405 | Directory Traversal with spring-cloud-config-server | ||
| 24 Feb 2020 | CVE-2020-5401 | GoRouter is vulnerable to a cache poisoning DoS | ||
| 12 Feb 2020 | CVE-2020-5399 | CredHub does not properly enable TLS for MySQL database connections | ||
| 11 Feb 2020 | CVE-2019-19604 | Git submodule loading vulnerability | ||
| 16 Jan 2020 | CVE-2020-5397 | CSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFlux | ||
| 16 Jan 2020 | CVE-2020-5398 | RFD Attack via “Content-Disposition” Header Sourced from Request Input by Spring MVC or Spring WebFlux Application | ||
| 15 Jan 2020 | CVE-2019-11288 | tc Server JMX Socket Listener Registry Rebinding Local Privilege Escalation | ||
| 10 Jan 2020 | CVE-2019-18802 | CVE-2019-18801, CVE-2019-18838, MySQL for Pivotal Platform consumes a vulnerable version of Envoy | ||
| 08 Jan 2020 | CVE-2019-11292 | Ops Manager logs query parameters in tomcat access file | ||
| 04 Dec 2019 | CVE-2019-19029 | SQL Injection via user-groups in VMware Harbor Container Registry for Pivotal Platform | ||
| 04 Dec 2019 | CVE-2019-19023 | Privilege Escalation Vulnerability in VMware Harbor Container Registry for Pivotal Platform | ||
| 04 Dec 2019 | CVE-2019-19026 | SQL Injection via project quotas in VMware Harbor Container Registry for Pivotal Platform | ||
| 04 Dec 2019 | CVE-2019-3990 | User Enumeration Flaw in VMware Harbor Container Registry for Pivotal Platform | ||
| 04 Dec 2019 | CVE-2019-19025 | Cross-Site Request Forgery Vulnerability in VMware Harbor Container Registry for Pivotal Platform | ||
| 04 Dec 2019 | CVE-2019-9517 | CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9518, CVE-2019-9511, CVE-2019-9516, Some Pivotal products are impacted by HTTP/2 denial of service attacks | ||
| 03 Dec 2019 | CVE-2019-11293 | UAA logs all query parameters with debug logging level | ||
| 22 Nov 2019 | CVE-2019-11291 | RabbitMQ XSS attack via federation and shovel endpoints | ||
| 22 Nov 2019 | CVE-2019-11287 | RabbitMQ Web Management Plugin DoS via heap overflow | ||
| 18 Nov 2019 | CVE-2019-11289 | A forged route service request using an invalid nonce can cause the gorouter to panic and crash | ||
| 06 Nov 2019 | CVE-2019-9893 | libseccomp incorrectly generate 64-bit syscall argument comparisons | ||
| 28 Oct 2019 | CVE-2019-16869 | Reactor Netty Consumes a Vulnerable Version of Netty | ||
| 24 Oct 2019 | CVE-2019-11249 | PKS consumes a vulnerable version of kubectl | ||
| 23 Oct 2019 | CVE-2019-11283 | Password leak in smbdriver logs | ||
| 17 Oct 2019 | CVE-2019-16919 | Broken access control vulnerability in Harbor API | ||
| 15 Oct 2019 | CVE-2019-11278 | Privilege Escalation via Blind SCIM Injection in UAA | ||
| 15 Oct 2019 | CVE-2019-11279 | Privilege Escalation via Scope Manipulation in UAA | ||
| 15 Oct 2019 | CVE-2019-11247 | Kubernetes API Server Vulnerability | ||
| 15 Oct 2019 | CVE-2018-15664 | Docker Symlink Directory Traversal Vulnerability | ||
| 15 Oct 2019 | CVE-2019-13139 | Docker build code execution | ||
| 14 Oct 2019 | CVE-2019-11281 | RabbitMQ XSS attack | ||
| 11 Oct 2019 | CVE-2019-11284 | Reactor Netty authentication leak in redirects | ||
| 25 Sep 2019 | CVE-2019-11275 | CSV Injection in usage report downloaded from Pivotal Application Manager | ||
| 23 Sep 2019 | CVE-2019-11277 | Volume Services is vulnerable to an LDAP injection attack | ||
| 19 Sep 2019 | CVE-2019-11280 | Privilege escalation through the invitations service | ||
| 20 Aug 2019 | CVE-2019-3775 | UAA allows users to modify their own email address | ||
| 20 Aug 2019 | CVE-2019-3788 | UAA redirect-uri allows wildcards in the subdomain | ||
| 20 Aug 2018 | CVE-2019-3787 | UAA defaults email address to an insecure domain | ||
| 20 Aug 2019 | CVE-2019-10164 | Critical Security Issue in PostgreSQL | ||
| 19 Aug 2019 | CVE-2019-11276 | Apps Manager sends tokens to Spring apps via HTTP | ||
| 15 Aug 2019 | CVE-2017-15694 | Pivotal GemFire and Cloud Cache consume vulnerable versions of Apache Geode | ||
| 14 Aug 2019 | CVE-2019-13232 | ClamAV Add-on for PCF consumes a vulnerable version of ClamAV | ||
| 01 Aug 2019 | CVE-2019-11270 | UAA clients.write vulnerability | ||
| 25 Jul 2019 | CVE-2019-3800 | CF CLI writes the client id and secret to config file | ||
| 25 Jul 2019 | CVE-2019-3781 | CF CLI does not sanitize user's password in verbose/trace/debug | ||
| 23 Jul 2019 | CVE-2019-11273 | PKS Telemetry logs credentials | ||
| 22 Jul 2019 | VARIOUS-SQL | Various MySQL Security Updates from July 2018 through January 2019 | ||
| 22 Jul 2019 | USN-4017-1 | Linux kernel vulnerabilities | ||
| 18 Jul 2019 | CVE-2019-3786 | BBR could run arbitrary scripts on deployment VMs | ||
| 28 Jun 2019 | CVE-2019-11271 | Bosh Deployment logs leak sensitive information | ||
| 19 Jun 2019 | CVE-2019-11272 | PlaintextPasswordEncoder authenticates encoded passwords that are null | ||
| 30 May 2019 | CVE-2019-5021 | Tile generator affected by insecure default password | ||
| 30 May 2019 | CVE-2019-11269 | Open Redirector in spring-security-oauth2 | ||
| 24 May 2019 | CVE-2019-3790 | Ops Manager uaa client issues tokens after refresh token expiration | ||
| 13 May 2019 | CVE-2019-3802 | Additional information exposure with Spring Data JPA example matcher | ||
| 25 Apr 2019 | CVE-2019-3801 | Java Projects using HTTP to fetch dependencies | ||
| 24 Apr 2019 | CVE-2019-3798 | Escalation of Privileges in Cloud Controller | ||
| 24 Apr 2019 | CVE-2019-3789 | Gorouter allows space developer to hijack route services hosted outside the platform | ||
| 16 Apr 2019 | CVE-2019-3799 | Directory Traversal with spring-cloud-config-server | ||
| 12 Apr 2019 | CVE-2019-3793 | Invitations Service supports HTTP connections | ||
| 08 Apr 2019 | CVE-2019-3797 | Additional information exposure with Spring Data JPA derived queries | ||
| 04 Apr 2019 | CVE-2019-3795 | Insecure Randomness When Using a SecureRandom Instance Constructed by Spring Security | ||
| 01 Apr 2019 | CVE-2019-9946 | Kubernetes affecting certain network configurations with CNI | ||
| 01 Apr 2019 | CVE-2019-1002100 | Kubernetes API Server Patch Request Consumes Excess Resource Cause Denial of Service | ||
| 01 Apr 2019 | CVE-2019-1002101 | Kubernetes kubectl - potential directory traversal | ||
| 25 Mar 2019 | CVE-2019-3792 | Concourse 5.0.0 SQL Injection vulnerability | ||
| 07 Mar 2019 | CVE-2019-8331 | Bootstrap XSS | ||
| 28 Feb 2019 | CVE-2018-15754 | UAA issues tokens across identity providers if users with matching usernames exist | ||
| 26 Feb 2019 | CVE-2019-3777 | Apps Manager unverified SSL certs in Cloud Controller proxy | ||
| 21 Feb 2019 | CVE-2019-3778 | Open Redirector in spring-security-oauth2 | ||
| 19 Feb 2019 | CVE-2019-3776 | Reflected XSS in Pivotal Operations Manager | ||
| 14 Feb 2019 | CVE-2019-3780 | Cloud Foundry Container Runtime Leaks IAAS Credentials | ||
| 14 Feb 2019 | CVE-2019-3779 | Pivotal Container Service allows a user to bypass security policy when talking to ETCD | ||
| 14 Jan 2019 | CVE-2019-3772 | XML External Entity Injection (XXE) | ||
| 14 Jan 2019 | CVE-2019-3773 | XML External Entity Injection (XXE) | ||
| 14 Jan 2019 | CVE-2019-3774 | XML External Entity Injection (XXE) | ||
| 08 Jan 2019 | KUBERNETES-API-SERVER | Kubernetes API Server acts as proxy for internal and external IPs | ||
| 08 Jan 2019 | CVE-2019-3803 | Concourse includes token in CLI authentication callback | ||
| 04 Jan 2019 | CVE-2018-18264 | Kubernetes Dashboard TLS Certificate Leak | ||
| 18 Dec 2018 | CVE-2018-15801 | Authorization Bypass During JWT Issuer Validation with spring-security | ||
| 13 Dec 2018 | CVE-2018-15798 | Pivotal Concourse allows malicious redirect urls on login | ||
| 05 Dec 2018 | CVE-2018-1279 | RabbitMQ cluster compromise due to deterministically generated cookie | ||
| 15 Nov 2018 | CVE-2018-15759 | On Demand Services SDK Timing Attack Vulnerability | ||
| 09 Nov 2018 | CVE-2018-15795 | CredHub Service Broker uses guessable client secret | ||
| 29 Oct 2018 | CVE-2018-15762 | Pivotal Operations Manager gives all users heightened privileges | ||
| 16 Oct 2018 | CVE-2018-15758 | Privilege Escalation in spring-security-oauth2 | ||
| 16 Oct 2018 | CVE-2018-15756 | DoS Attack via Range Requests | ||
| 10 Oct 2018 | CVE-2018-11084 | Garden-runC prevents deletion of some app environments | ||
| 10 Oct 2018 | CVE-2018-15755 | CF networking internal policy server SQL injection | ||
| 03 Oct 2018 | CVE-2018-11083 | BOSH accepts refresh token as access token | ||
| 02 Oct 2018 | CVE-2018-15763 | PKS leaks IaaS credentials to application logs | ||
| 27 Sep 2018 | CVE-2018-11081 | Ops Manager writes UAA credentials to disk | ||
| 13 Sep 2018 | CVE-2018-1198 | PCC bosh deployment logs print a superuser password in plain text | ||
| 13 Sep 2018 | CVE-2018-11088 | CF admin credentials accessible to developers through Applications Manager | ||
| 13 Sep 2018 | CVE-2018-11086 | CF admin credentials accessible to developers through usage service | ||
| 11 Sep 2018 | CVE-2018-11087 | RabbitMQ (Spring-AMQP) Host name verification | ||
| 23 Jul 2018 | CVE-2018-11044 | Apps Manager allows unescaped content in invitation emails | ||
| 10 Jul 2018 | CVE-2018-11045 | Operations Manager image contains static LRNG seed file | ||
| 20 Jun 2018 | CVE-2018-11046 | Operations Manager includes outdated NGINX packages | ||
| 14 Jun 2018 | CVE-2018-11040 | JSONP enabled by default in MappingJackson2JsonView | ||
| 14 Jun 2018 | CVE-2018-11039 | Cross Site Tracing (XST) with Spring Framework | ||
| 11 May 2018 | CVE-2018-1263 | Unsafe Unzip with spring-integration-zip | ||
| 10 May 2018 | CVE-2018-1278 | Apps Manager allows unauthorized org invitations | ||
| 09 May 2018 | CVE-2018-1261 | Unsafe Unzip with spring-integration-zip | ||
| 09 May 2018 | CVE-2018-1260 | Remote Code Execution with spring-security-oauth2 | ||
| 09 May 2018 | CVE-2018-1259 | XXE with Spring Data’s XMLBeam integration | ||
| 09 May 2018 | CVE-2018-1258 | Unauthorized Access with Spring Security Method Security | ||
| 09 May 2018 | CVE-2018-1257 | ReDoS Attack with spring-messaging | ||
| 07 May 2018 | CVE-2018-1280 | Blind SQL injection in Pivotal Greenplum Command Center | ||
| 30 Apr 2018 | CVE-2018-1256 | Issuer validation regression in Spring Cloud SSO Connector | ||
| 10 Apr 2018 | CVE-2018-1274 | Denial of Service with Spring Data | ||
| 10 Apr 2018 | CVE-2018-1273 | RCE with Spring Data Commons | ||
| 09 Apr 2018 | CVE-2018-1275 | Address partial fix for CVE-2018-1270 | ||
| 05 Apr 2018 | CVE-2018-1272 | Multipart Content Pollution with Spring Framework | ||
| 05 Apr 2018 | CVE-2018-1271 | Directory Traversal with Spring MVC on Windows | ||
| 05 Apr 2018 | CVE-2018-1270 | Remote Code Execution with spring-messaging | ||
| 16 Mar 2018 | CVE-2018-1230 | Spring Batch Admin vulnerable to Cross Site Request Forgery | ||
| 16 Mar 2018 | CVE-2018-1229 | Stored XSS in file upload of Spring Batch Admin | ||
| 13 Feb 2018 | CVE-2018-1200 | Apps Manager File Access Vulnerability | ||
| 30 Jan 2018 | CVE-2018-1196 | Symlink privilege escalation attack via Spring Boot launch script | ||
| 29 Jan 2018 | CVE-2018-1199 | Security bypass with static resources | ||
| 16 Oct 2017 | CVE-2017-8028 | Spring-LDAP authentication with userSearch and STARTTLS allows authentication with arbitrary password | ||
| 21 Sep 2017 | CVE-2017-8046 | RCE in PATCH requests in Spring Data REST | ||
| 19 Sep 2017 | CVE-2017-8045 | Remote code execution in spring-amqp | ||
| 15 Sep 2017 | CVE-2017-8039 | Data Binding Expression Vulnerability in Spring Web Flow | ||
| 31 Aug 2017 | CVE-2017-8044 | XSS vulnerability in Single Sign-On for PCF via DOM-based query parameters | ||
| 31 Aug 2017 | CVE-2017-8041 | XSS vulnerability in org name in Single Sign-On for PCF | ||
| 31 Aug 2017 | CVE-2017-8040 | XXE Vulnerability in Single Sign-On for PCF | ||
| 08 Jun 2017 | CVE-2017-4995 | Jackson Configuration Allows Code Execution with Unknown “Serialization Gadgets” | ||
| 31 May 2017 | CVE-2017-4971 | Data Binding Expression Vulnerability in Spring Web Flow | ||
| 15 May 2017 | CVE-2017-4975 | Tile generator sets open security groups | ||
| 04 May 2017 | CVE-2017-4966 | RabbitMQ local storage of credentials | ||
| 04 May 2017 | CVE-2017-4965 | XSS vulnerabilities in RabbitMQ management UI | ||
| 27 Mar 2017 | CVE-2017-2773 | Unauthenticated JWT signing algorithm in multiple components | ||
| 24 Mar 2017 | CVE-2017-4955 | Credentials in Elastic Runtime Notifications errand log | ||
| 14 Feb 2017 | CVE-2017-4959 | Pivotal Cloud Foundry account authorization vulnerability | ||
| 09 Feb 2017 | CVE-2016-9880 | Unauthenticated access to GemFire for PCF broker endpoints | ||
| 04 Jan 2017 | CVE-2016-9885 | gfsh exposed over go router for GemFire for PCF | ||
| 28 Dec 2016 | CVE-2016-9879 | Encoded "/" in path variables | ||
| 28 Dec 2016 | CVE-2016-0898 | Service backups log AWS key | ||
| 21 Dec 2016 | CVE-2016-9878 | Directory Traversal in the Spring Framework ResourceServlet | ||
| 19 Dec 2016 | CVE-2016-9877 | RabbitMQ authentication vulnerability | ||
| 31 Oct 2016 | CVE-2016-6657 | PCF Open Redirects | ||
| 31 Oct 2016 | CVE-2016-6656 | Code injection vulnerability via GPHDFS in Greenplum database | ||
| 30 Sep 2016 | CVE-2016-6652 | Spring Data JPA Blind SQL Injection Vulnerability | ||
| 12 Sep 2016 | CVE-2016-0930 | Ops Manager Compilation VMs Vulnerability on vSphere and vCloud | ||
| 27 Jul 2016 | CVE-2016-0896 | IaaS Metadata Endpoint Accessible from Application Containers | ||
| 15 Jul 2016 | CVE-2016-0929 | RabbitMQ for PCF vulnerability | ||
| 07 Jul 2016 | CVE-2016-5007 | Spring Security / MVC Path Matching Inconsistency | ||
| 07 Jul 2016 | CVE-2016-0926 | Apps Manager XSS vulnerability | ||
| 05 Jul 2016 | CVE-2016-4977 | Remote Code Execution (RCE) in Spring Security OAuth | ||
| 29 Jun 2016 | CVE-2016-0928 | PCF Open Redirects | ||
| 24 Jun 2016 | CVE-2016-0897 | Ops Manager vSphere and vCloud vulnerability | ||
| 23 Jun 2016 | CVE-2016-0927 | Ops Manager XSS vulnerability | ||
| 11 Apr 2016 | CVE-2016-2173 | Remote Code Execution in Spring AMQP | ||
| 23 Mar 2016 | CVE-2016-0780 | Cloud Controller Disk Quota Enforcement | ||
| 23 Mar 2016 | CVE-2016-2165 | Loggregator Request URL Paths | ||
| 23 Mar 2016 | CVE-2016-0781 | UAA Persistent XSS Vulnerability | ||
| 03 Feb 2016 | CVE-2016-0883 | Pivotal Ops Manager Weak Authentication Scheme | ||
| 12 Nov 2015 | CVE-2015-5258 | Spring Social CSRF | ||
| 15 Oct 2015 | CVE-2015-5211 | RFD Attack in Spring Framework | ||
| 30 Jun 2015 | CVE-2015-3192 | DoS Attack with XML Input | ||
| 06 Mar 2015 | CVE-2015-0201 | Insufficiently random session id in Java SockJS client | ||
| 13 Jan 2015 | CVE-2014-3626 | Directory Traversal in Grails Resources Plugin | ||
| 11 Nov 2014 | CVE-2014-3625 | Directory Traversal in Spring Framework | ||
| 05 Sep 2014 | CVE-2014-3578 | Directory Traversal in Spring Framework | ||
| 15 Aug 2014 | CVE-2014-3527 | Access Control Bypass in Spring Security | ||
| 28 May 2014 | CVE-2014-0225 | Information Disclosure when using Spring MVC | ||
| 11 Mar 2014 | CVE-2014-1904 | XSS when using Spring MVC | ||
| 11 Mar 2014 | CVE-2014-0097 | Blank password may bypass user authentication | ||
| 11 Mar 2014 | CVE-2014-0054 | Incomplete fix for CVE-2013-7315 / CVE-2013-6429 (XXE) | ||
| 19 Feb 2014 | CVE-2014-0053 | Information Disclosure when using Grails | ||
| 14 Jan 2014 | CVE-2013-6430 | Possible XSS when using Spring MVC | ||
| 14 Jan 2014 | CVE-2013-6429 | Incomplete fix for CVE-2013-7315 (XXE) | ||
| 22 Aug 2013 | CVE-2013-7315 | XML External Entity (XXE) injection in Spring Framework | ||
| 22 Aug 2013 | CVE-2013-4152 | XML eXternal Entity (XXE) injection in Spring Framework |
Notable Vulnerabilities in Dependencies
| Date | CVE Reference | Description | ||
|---|---|---|---|---|
| 16 Apr 2021 | USN-4755-1 | LibTIFF vulnerabilities | ||
| 16 Apr 2021 | USN-4754-4 | Python 2.7 vulnerability | ||
| 16 Apr 2021 | USN-4754-2 | Python regression | ||
| 16 Apr 2021 | USN-4754-1 | Python vulnerabilities | ||
| 16 Apr 2021 | USN-4749-1 | Linux kernel vulnerabilities | ||
| 16 Apr 2021 | USN-4738-1 | OpenSSL vulnerabilities | ||
| 01 Mar 2021 | USN-4705-1 | Sudo vulnerabilities | ||
| 01 Mar 2021 | USN-4700-1 | PyXDG vulnerability | ||
| 01 Mar 2021 | USN-4694-1 | Linux kernel vulnerability | ||
| 01 Mar 2021 | USN-4692-1 | tar vulnerabilities | ||
| 01 Mar 2021 | USN-4680-1 | Linux kernel vulnerabilities | ||
| 01 Mar 2021 | USN-4677-1 | p11-kit vulnerabilities | ||
| 01 Mar 2021 | USN-4676-1 | OpenEXR vulnerabilities | ||
| 01 Mar 2021 | USN-4673-1 | libproxy vulnerability | ||
| 01 Mar 2021 | USN-4668-3 | python-apt regression | ||
| 01 Mar 2021 | USN-4489-1 | Linux kernel vulnerability | ||
| 13 Jan 2021 | USN-4662-1 | OpenSSL vulnerability | ||
| 13 Jan 2021 | USN-4660-1 | Linux kernel vulnerabilities | ||
| 13 Jan 2021 | USN-4635-1 | Kerberos vulnerability | ||
| 13 Jan 2021 | USN-4628-2 | Intel Microcode regression | ||
| 13 Jan 2021 | USN-4628-1 | Intel Microcode vulnerabilities | ||
| 11 Dec 2020 | USN-4633-1 | PostgreSQL vulnerabilities | ||
| 11 Dec 2020 | USN-4613-1 | python-cryptography vulnerability | ||
| 11 Dec 2020 | USN-4428-1 | Python vulnerabilities | ||
| 11 Dec 2020 | USN-4416-1 | GNU C Library vulnerabilities | ||
| 11 Dec 2020 | USN-4360-2 | json-c regression | ||
| 11 Dec 2020 | USN-4360-1 | json-c vulnerability | ||
| 11 Dec 2020 | USN-4359-1 | APT vulnerability | ||
| 11 Dec 2020 | USN-4309-1 | Vim vulnerabilities | ||
| 20 Nov 2020 | USN-4593-1 | FreeType vulnerability | ||
| 20 Nov 2020 | USN-4591-1 | Linux kernel vulnerabilities | ||
| 20 Nov 2020 | USN-4582-1 | Vim vulnerabilities | ||
| 20 Nov 2020 | USN-4581-1 | Python vulnerability | ||
| 20 Nov 2020 | USN-4578-1 | Linux kernel vulnerabilities | ||
| 20 Nov 2020 | USN-4526-1 | Linux kernel vulnerabilities | ||
| 24 Sep 2020 | USN-4466-1 | curl vulnerability | ||
| 24 Sep 2020 | USN-4457-1 | Software Properties vulnerability | ||
| 28 Aug 2020 | USN-4414-1 | Linux kernel vulnerabilities | ||
| 28 Aug 2020 | USN-4402-1 | curl vulnerabilities | ||
| 28 Aug 2020 | USN-4398-1 | DBus vulnerability | ||
| 30 Jul 2020 | USN-4394-1 | SQLite vulnerabilities | ||
| 30 Jul 2020 | USN-4390-1 | Linux kernel vulnerabilities | ||
| 30 Jul 2020 | USN-4385-2 | Intel Microcode regression | ||
| 30 Jul 2020 | USN-4385-1 | Intel Microcode vulnerabilities | ||
| 30 Jul 2020 | USN-4377-1 | ca-certificates update | ||
| 30 Jul 2020 | USN-4376-1 | OpenSSL vulnerabilities | ||
| 30 Jul 2020 | USN-4360-4 | json-c vulnerability | ||
| 30 Jul 2020 | USN-3911-2 | file regression | ||
| 14 May 2020 | USN-4318-1 | Linux kernel vulnerabilities | ||
| 28 Apr 2020 | USN-4345-1 | Linux kernel vulnerabilities | ||
| 23 Apr 2020 | USN-4305-1 | ICU vulnerability | ||
| 23 Apr 2020 | USN-4302-1 | Linux kernel vulnerabilities | ||
| 23 Apr 2020 | USN-4298-1 | SQLite vulnerabilities | ||
| 21 Apr 2020 | USN-4333-1 | Python vulnerabilities | ||
| 08 Apr 2020 | USN-4292-1 | rsync vulnerabilities | ||
| 02 Mar 2020 | USN-4293-1 | libarchive vulnerabilities | ||
| 18 Feb 2020 | USN-4287-1 | Linux kernel vulnerabilities | ||
| 10 Feb 2020 | USN-4274-1 | libxml2 vulnerabilities | ||
| 05 Feb 2020 | USN-4269-1 | systemd vulnerabilities | ||
| 03 Feb 2020 | USN-4263-1 | Sudo vulnerability | ||
| 28 Jan 2020 | USN-4255-2 | Linux kernel (HWE) vulnerabilities | ||
| 28 Jan 2020 | USN-4256-1 | Cyrus SASL vulnerability | ||
| 27 Jan 2020 | USN-4252-1 | tcpdump vulnerabilities | ||
| 23 Jan 2020 | USN-4233-2 | GnuTLS update | ||
| 23 Jan 2020 | USN-4249-1 | e2fsprogs vulnerability | ||
| 22 Jan 2020 | USN-4247-1 | python-apt vulnerabilities | ||
| 22 Jan 2020 | USN-4247-2 | python-apt regression | ||
| 22 Jan 2020 | USN-4246-1 | zlib vulnerabilities | ||
| 20 Jan 2020 | USN-4242-1 | Sysstat vulnerabilities | ||
| 20 Jan 2020 | USN-4243-1 | libbsd vulnerabilities | ||
| 19 Jan 2020 | CVE-2020-0601 | Windows Stemcells vulnerable to Windows CryptoAPI Spoofing Vulnerability | ||
| 15 Jan 2020 | USN-4205-1 | SQLite vulnerabilities | ||
| 15 Jan 2020 | USN-4215-1 | NSS vulnerability | ||
| 15 Jan 2020 | USN-4182-3 | Intel Microcode regression | ||
| 15 Jan 2020 | USN-4220-1 | Git vulnerabilities | ||
| 15 Jan 2020 | USN-4210-1 | Linux kernel vulnerabilities | ||
| 14 Jan 2020 | USN-4236-2 | Libgcrypt vulnerability | ||
| 13 Jan 2020 | USN-4235-1 | nginx vulnerability | ||
| 09 Jan 2020 | USN-4233-1 | GnuTLS update | ||
| 08 Jan 2020 | USN-4231-1 | NSS vulnerability | ||
| 07 Jan 2020 | USN-4227-1 | Linux kernel vulnerabilities | ||
| 18 Dec 2019 | USN-4194-1 | postgresql-common vulnerability | ||
| 18 Dec 2019 | USN-4185-1 | Linux kernel vulnerabilities | ||
| 18 Dec 2019 | USN-4162-1 | Linux kernel vulnerabilities | ||
| 18 Dec 2019 | USN-4191-1 | QEMU vulnerabilities | ||
| 18 Dec 2019 | USN-4164-1 | Libxslt vulnerabilities | ||
| 18 Dec 2019 | USN-4190-1 | libjpeg-turbo vulnerabilities | ||
| 18 Dec 2019 | USN-4176-1 | GNU cpio vulnerability | ||
| 18 Dec 2019 | USN-4172-1 | file vulnerability | ||
| 18 Dec 2019 | USN-4203-1 | NSS vulnerability | ||
| 18 Dec 2019 | USN-4169-1 | libarchive vulnerability | ||
| 18 Dec 2019 | USN-4182-1 | Intel Microcode update | ||
| 18 Dec 2019 | USN-4185-3 | Linux kernel vulnerability and regression | ||
| 18 Dec 2019 | USN-4199-1 | libvpx vulnerabilities | ||
| 11 Dec 2019 | USN-4221-1 | libpcap vulnerability | ||
| 25 Nov 2019 | CVE-2019-15587 | Ops Manager contains a vulnerable Loofah gem | ||
| 14 Nov 2019 | USN-4004-1 | Berkeley DB vulnerability | ||
| 14 Nov 2019 | USN-4038-1 | bzip2 vulnerabilities | ||
| 14 Nov 2019 | USN-3911-1 | file vulnerabilities | ||
| 14 Nov 2019 | USN-4015-1 | DBus vulnerability | ||
| 14 Nov 2019 | USN-4011-1 | Jinja2 vulnerabilities | ||
| 14 Nov 2019 | USN-4008-2 | AppArmor update | ||
| 14 Nov 2019 | USN-3999-1 | GnuTLS vulnerabilities | ||
| 14 Nov 2019 | USN-3967-1 | FFmpeg vulnerabilities | ||
| 14 Nov 2019 | USN-3990-1 | urllib3 vulnerabilities | ||
| 14 Nov 2019 | USN-4040-1 | Expat vulnerability | ||
| 14 Nov 2019 | USN-3885-2 | OpenSSH vulnerability | ||
| 14 Nov 2019 | USN-3993-1 | curl vulnerabilities | ||
| 14 Nov 2019 | USN-4012-1 | elfutils vulnerabilities | ||
| 14 Nov 2019 | USN-3968-1 | Sudo vulnerabilities | ||
| 14 Nov 2019 | USN-4016-1 | Vim vulnerabilities | ||
| 14 Nov 2019 | USN-4019-1 | SQLite vulnerabilities | ||
| 06 Nov 2019 | USN-4151-1 | Python vulnerabilities | ||
| 06 Nov 2019 | USN-4144-1 | Linux kernel vulnerabilities | ||
| 06 Nov 2019 | USN-4142-1 | e2fsprogs vulnerability | ||
| 06 Nov 2019 | USN-4132-1 | Expat vulnerability | ||
| 06 Nov 2019 | USN-4129-1 | curl vulnerabilities | ||
| 06 Nov 2019 | USN-4127-1 | Python vulnerabilities | ||
| 06 Nov 2019 | USN-4126-1 | FreeType vulnerability | ||
| 30 Sep 2019 | USN-4135-1 | Linux kernel vulnerabilities | ||
| 30 Sep 2019 | USN-4115-2 | Linux kernel regression | ||
| 30 Sep 2019 | USN-4115-1 | Linux kernel vulnerabilities | ||
| 30 Sep 2019 | USN-4094-1 | Linux kernel vulnerabilities | ||
| 30 Sep 2019 | USN-4071-1 | Patch vulnerabilities | ||
| 30 Sep 2019 | USN-4049-3 | GLib regression | ||
| 24 Sep 2019 | CVE-2019-16097 | Harbor Privilege Escalation | ||
| 05 Sep 2019 | USN-4099-1 | nginx vulnerabilities | ||
| 05 Sep 2019 | USN-4090-1 | PostgreSQL vulnerabilities | ||
| 05 Sep 2019 | USN-4068-2 | Linux kernel (HWE) vulnerabilities | ||
| 05 Sep 2019 | USN-4060-1 | NSS vulnerabilities | ||
| 05 Sep 2019 | USN-4058-1 | Bash vulnerability | ||
| 05 Sep 2019 | USN-4049-1 | GLib vulnerability | ||
| 05 Sep 2019 | USN-4038-3 | bzip2 regression | ||
| 06 Aug 2019 | USN-4041-1 | Linux kernel update | ||
| 05 Aug 2019 | USN-4014-1 | GLib vulnerability | ||
| 05 Aug 2019 | USN-4001-1 | libseccomp vulnerability | ||
| 05 Aug 2019 | USN-3977-3 | Intel Microcode update (AKA ZombieLoad Attack) | ||
| 19 Jun 2019 | USN-3981-2 | Linux kernel (HWE) vulnerabilities (AKA ZombieLoad Attack) | ||
| 19 Jun 2019 | USN-3977-2 | Intel Microcode update (AKA ZombieLoad Attack) | ||
| 19 Jun 2019 | USN-3977-1 | Intel Microcode update (AKA ZombieLoad Attack) | ||
| 21 May 2019 | USN-3972-1 | PostgreSQL vulnerabilities | ||
| 21 May 2019 | USN-3962-1 | libpng vulnerability | ||
| 21 May 2019 | USN-3960-1 | WavPack vulnerability | ||
| 21 May 2019 | USN-3947-1 | Libxslt vulnerability | ||
| 21 May 2019 | USN-3943-1 | Wget vulnerabilities | ||
| 21 May 2019 | USN-3932-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 21 May 2019 | USN-3931-2 | Linux kernel (HWE) vulnerabilities | ||
| 08 May 2019 | USN-3935-1 | BusyBox vulnerabilities | ||
| 25 Apr 2019 | USN-3945-1 | Ruby vulnerabilities | ||
| 25 Apr 2019 | USN-3910-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 25 Apr 2019 | USN-3906-1 | LibTIFF vulnerabilities | ||
| 25 Apr 2019 | USN-3901-2 | Linux kernel (HWE) vulnerabilities | ||
| 25 Apr 2019 | USN-3900-1 | GD vulnerabilities | ||
| 25 Apr 2019 | USN-3899-1 | OpenSSL vulnerability | ||
| 25 Apr 2019 | USN-3898-1 | NSS vulnerability | ||
| 25 Apr 2019 | USN-3891-1 | systemd vulnerability | ||
| 25 Apr 2019 | USN-3885-1 | OpenSSH vulnerabilities | ||
| 25 Apr 2019 | USN-3884-1 | libarchive vulnerabilities | ||
| 25 Apr 2019 | USN-3882-1 | curl vulnerabilities | ||
| 25 Apr 2019 | USN-3879-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 25 Apr 2019 | USN-3871-4 | Linux kernel (HWE) vulnerabilities | ||
| 25 Apr 2019 | USN-3864-1 | LibTIFF vulnerabilities | ||
| 25 Apr 2019 | USN-3859-1 | libarchive vulnerabilities | ||
| 25 Apr 2019 | USN-3848-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 25 Apr 2019 | USN-3847-2 | Linux kernel (HWE) vulnerabilities | ||
| 25 Apr 2019 | USN-3840-1 | OpenSSL vulnerabilities | ||
| 25 Apr 2019 | USN-3834-1 | Perl vulnerabilities | ||
| 25 Apr 2019 | USN-3816-3 | systemd regression | ||
| 25 Apr 2019 | USN-3855-1 | systemd vulnerabilities | ||
| 25 Apr 2019 | USN-3863-1 | APT vulnerability | ||
| 13 Feb 2019 | CVE-2019-5736 | runC container breakout | ||
| 06 Feb 2019 | USN-3836-2 | Linux kernel (HWE) vulnerabilities | ||
| 06 Feb 2019 | USN-3841-1 | lxml vulnerability | ||
| 06 Feb 2019 | USN-3850-1 | NSS vulnerabilities | ||
| 03 Jan 2019 | USN-3843-1 | pixman vulnerability | ||
| 03 Jan 2019 | USN-3816-2 | systemd vulnerability | ||
| 03 Jan 2019 | USN-3839-1 | WavPack vulnerabilities | ||
| 03 Jan 2019 | USN-3829-1 | Git vulnerabilities | ||
| 14 Dec 2018 | USN-3805-1 | curl vulnerabilities | ||
| 14 Dec 2018 | USN-3809-1 | OpenSSH vulnerabilities | ||
| 14 Dec 2018 | USN-3812-1 | nginx vulnerabilities | ||
| 14 Dec 2018 | USN-3815-1 | gettext vulnerability | ||
| 14 Dec 2018 | USN-3817-1 | Python vulnerabilities | ||
| 14 Dec 2018 | USN-3821-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 12 Dec 2018 | USN-3820-2 | Linux kernel (HWE) vulnerabilities | ||
| 12 Dec 2018 | USN-3816-1 | systemd vulnerabilities | ||
| 12 Dec 2018 | USN-3806-1 | systemd vulnerability | ||
| 12 Dec 2018 | USN-3808-1 | Ruby vulnerabilities | ||
| 03 Dec 2018 | CVE-2018-15797 | NFS Volume release errand leaks cf admin credentials in logs | ||
| 03 Dec 2018 | CVE-2018-1002105 | Proxy request handling in kube-apiserver can leave vulnerable TCP connections | ||
| 28 Nov 2018 | USN-3797-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 08 Nov 2018 | USN-3800-1 | audiofile vulnerabilities | ||
| 08 Nov 2018 | USN-3791-1 | Git vulnerability | ||
| 08 Nov 2018 | USN-3786-1 | libxkbcommon vulnerabilities | ||
| 08 Nov 2018 | USN-3785-1 | ImageMagick vulnerabilities | ||
| 06 Nov 2018 | CVE-2018-15761 | UAA Privilege Escalation | ||
| 26 Oct 2018 | USN-3790-1 | Requests vulnerability | ||
| 26 Oct 2018 | USN-3777-2 | Linux kernel (HWE) vulnerabilities | ||
| 26 Oct 2018 | USN-3762-2 | Linux kernel (HWE) vulnerabilities | ||
| 09 Oct 2018 | USN-3752-2 | Linux kernel (HWE) vulnerabilities | ||
| 09 Oct 2018 | USN-3765-1 | curl vulnerability | ||
| 09 Oct 2018 | USN-3767-1 | GLib vulnerabilities | ||
| 09 Oct 2018 | USN-3770-1 | Little CMS vulnerabilities | ||
| 27 Sep 2018 | USN-3759-1 | libtirpc vulnerabilities | ||
| 27 Sep 2018 | USN-3758-1 | libx11 vulnerabilities | ||
| 27 Sep 2018 | USN-3756-1 | Intel Microcode vulnerabilities | ||
| 27 Sep 2018 | USN-3755-1 | GD vulnerabilities | ||
| 27 Sep 2018 | USN-3753-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 27 Sep 2018 | USN-3744-1 | PostgreSQL vulnerabilities | ||
| 27 Sep 2018 | USN-3741-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 27 Sep 2018 | USN-3739-1 | libxml2 vulnerabilities | ||
| 27 Sep 2018 | USN-3736-1 | libarchive vulnerabilities | ||
| 27 Sep 2018 | USN-3733-1 | GnuPG vulnerability | ||
| 27 Sep 2018 | USN-3729-1 | libxcursor vulnerability | ||
| 27 Sep 2018 | USN-3712-1 | libpng vulnerabilities | ||
| 27 Sep 2018 | USN-3696-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 27 Sep 2018 | USN-3692-1 | OpenSSL vulnerabilities | ||
| 27 Sep 2018 | USN-3690-2 | AMD Microcode regression | ||
| 27 Sep 2018 | USN-3690-1 | AMD Microcode update | ||
| 27 Sep 2018 | USN-3689-1 | Libgcrypt vulnerability | ||
| 27 Sep 2018 | USN-3605-1 | Sharutils vulnerability | ||
| 27 Sep 2018 | USN-3589-1 | PostgreSQL vulnerability | ||
| 27 Sep 2018 | USN-3564-1 | PostgreSQL vulnerability | ||
| 27 Sep 2018 | USN-3532-1 | GDK-PixBuf vulnerabilities | ||
| 27 Sep 2018 | USN-3509-4 | Linux kernel (Xenial HWE) regression | ||
| 27 Sep 2018 | USN-3352-1 | nginx vulnerability | ||
| 09 Aug 2018 | CVE-2018-8037 | Apache Tomcat - NIO/NIO2 connectors user sessions can get mixed up | ||
| 09 Aug 2018 | CVE-2018-1336 | Apache Tomcat - UTF-8 decoder can lead to DoS | ||
| 02 Aug 2018 | USN-3711-1 | ImageMagick vulnerabilities | ||
| 02 Aug 2018 | USN-3707-1 | NTP vulnerabilities | ||
| 02 Aug 2018 | USN-3706-1 | libjpeg-turbo vulnerabilities | ||
| 23 Jul 2018 | CVE-2018-11047 | UAA accepts refresh token as access token on admin endpoints | ||
| 20 Jul 2018 | USN-3693-1 | JasPer vulnerabilities | ||
| 20 Jul 2018 | USN-3686-1 | file vulnerabilities | ||
| 20 Jul 2018 | USN-3684-1 | Perl vulnerability | ||
| 20 Jul 2018 | USN-3681-1 | ImageMagick vulnerabilities | ||
| 20 Jul 2018 | USN-3676-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 20 Jul 2018 | USN-3675-1 | GnuPG vulnerabilities | ||
| 20 Jul 2018 | USN-3658-1 | procps-ng vulnerabilities | ||
| 17 Jul 2018 | CVE-2018-11041 | UAA open redirect | ||
| 16 Jul 2018 | CVE-2018-1269 | Loggregator does not properly close some TCP connections | ||
| 16 Jul 2018 | CVE-2018-1268 | Loggregator lacks app GUID validation | ||
| 19 Jun 2018 | CVE-2018-1265 | Diego does not properly sanitize file paths in tar/zip files | ||
| 21 Jun 2018 | USN-3671-1 | Git vulnerabilities | ||
| 21 Jun 2018 | USN-3654-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 21 Jun 2018 | USN-3648-1 | curl vulnerabilities | ||
| 14 Jun 2018 | USN-3643-1 | Wget vulnerability | ||
| 14 Jun 2018 | USN-3641-1 | Linux kernel vulnerabilities | ||
| 14 Jun 2018 | USN-3631-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 14 Jun 2018 | USN-3628-1 | OpenSSL vulnerability | ||
| 14 Jun 2018 | USN-3625-1 | Perl vulnerabilities | ||
| 14 Jun 2018 | USN-3624-1 | Patch vulnerabilities | ||
| 14 Jun 2018 | USN-3622-1 | Wayland vulnerability | ||
| 21 May 2018 | CVE-2018-1277 | Garden does not correctly enforce Docker image disc quotas | ||
| 21 May 2018 | CVE-2018-1276 | Windows2012R2 stemcell exposes IaaS metadata on vSphere | ||
| 10 May 2018 | MS-ISAC-2018-046 | MS-ISAC 2018-046 Multiple Vulnerabilities in PHP | ||
| 08 May 2018 | CVE-2018-1191 | Garden may log Docker passwords | ||
| 02 May 2018 | USN-3619-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 02 May 2018 | USN-3611-1 | OpenSSL vulnerability | ||
| 02 May 2018 | USN-3610-1 | ICU vulnerability | ||
| 02 May 2018 | USN-3606-1 | LibTIFF vulnerabilities | ||
| 02 May 2018 | USN-3604-1 | libvorbis vulnerabilities | ||
| 02 May 2018 | USN-3602-1 | LibTIFF vulnerabilities | ||
| 02 May 2018 | USN-3598-1 | curl vulnerabilities | ||
| 02 May 2018 | USN-3586-1 | DHCP vulnerabilities | ||
| 02 May 2018 | USN-3584-1 | sensible-utils vulnerability | ||
| 02 May 2018 | USN-3569-1 | libvorbis vulnerabilities | ||
| 02 May 2018 | USN-3554-1 | curl vulnerabilities | ||
| 02 May 2018 | USN-3547-1 | Libtasn1 vulnerabilities | ||
| 02 May 2018 | USN-3543-1 | rsync vulnerabilities | ||
| 02 May 2018 | USN-3534-1 | GNU C Library vulnerabilities | ||
| 02 May 2018 | USN-3506-1 | rsync vulnerabilities | ||
| 02 May 2018 | USN-3501-1 | libxcursor vulnerability | ||
| 02 May 2018 | USN-3346-2 | Bind regression | ||
| 30 Apr 2018 | CVE-2018-1197 | GCP Metadata Endpoint Accessible from Application Containers on Windows | ||
| 05 Apr 2018 | CVE-2018-1266 | Cloud Controller file modification via malicious application | ||
| 05 Apr 2018 | CVE-2018-1231 | BOSH CLI does not restrict access to configuration file | ||
| 03 Apr 2018 | USN-3582-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 28 Mar 2018 | CVE-2018-1195 | Cloud Controller API will accept a refresh token for authentication | ||
| 28 Mar 2018 | CVE-2018-1192 | UAA SessionID present in Audit Event Logs | ||
| 28 Mar 2018 | CVE-2018-1190 | XSS on UAA OpenID Connect check session iframe endpoint | ||
| 09 Mar 2018 | CVE-2018-1227 | Concourse-dot-ci Domain Issue | ||
| 27 Feb 2018 | VU475445 | VU#475445 SAML Authentication Bypass | ||
| 27 Feb 2018 | CVE-2018-1221 | Gorouter websocket handling vulnerability | ||
| 01 Feb 2018 | USN-3540-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 01 Feb 2018 | USN-3538-1 | OpenSSH vulnerabilities | ||
| 01 Feb 2018 | USN-3535-1 | Bind vulnerability | ||
| 01 Feb 2018 | USN-3522-4 | Linux (Xenial HWE) vulnerability | ||
| 01 Feb 2018 | USN-3522-2 | Linux (Xenial HWE) vulnerability | ||
| 01 Feb 2018 | USN-3513-1 | libxml2 vulnerability | ||
| 01 Feb 2018 | USN-3504-1 | libxml2 vulnerability | ||
| 03 Jan 2018 | Meltdown and Spectre Attacks | Meltdown and Spectre Attacks | ||
| 19 Dec 2017 | CVE-2017-1000353 | Jenkins unauthenticated remote code execution | ||
| 15 Dec 2017 | USN-3509-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 15 Dec 2017 | USN-3505-1 | Linux firmware vulnerabilities | ||
| 15 Dec 2017 | USN-3498-1 | curl vulnerabilities | ||
| 15 Dec 2017 | USN-3496-3 | Python vulnerability | ||
| 15 Dec 2017 | USN-3496-1 | Python vulnerability | ||
| 15 Dec 2017 | USN-3489-1 | Berkeley DB vulnerability | ||
| 15 Dec 2017 | USN-3485-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 15 Dec 2017 | USN-3478-1 | Perl vulnerabilities | ||
| 15 Dec 2017 | USN-3475-1 | OpenSSL vulnerabilities | ||
| 15 Dec 2017 | USN-3469-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 15 Dec 2017 | USN-3464-1 | Wget vulnerabilities | ||
| 15 Dec 2017 | USN-3458-1 | ICU vulnerability | ||
| 15 Dec 2017 | USN-3457-1 | curl vulnerability | ||
| 21 Nov 2017 | USN-3454-1 | libffi vulnerability | ||
| 21 Nov 2017 | USN-3444-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 21 Nov 2017 | USN-3441-1 | curl vulnerabilities | ||
| 21 Nov 2017 | USN-3437-1 | OCaml vulnerability | ||
| 21 Nov 2017 | USN-3434-1 | Libidn vulnerability | ||
| 21 Nov 2017 | USN-3432-1 | ca-certificates update | ||
| 21 Nov 2017 | USN-3424-1 | libxml2 vulnerabilities | ||
| 21 Nov 2017 | USN-3387-1 | Git vulnerability | ||
| 16 Nov 2017 | CVE-2017-8031 | UAA Denial of Service through client token revocation endpoint | ||
| 15 Nov 2017 | CVE-2017-14388 | GrootFS doesn’t validate DiffIDs | ||
| 11 Oct 2017 | CVE-2017-8048 | Cloud Controller API regression | ||
| 10 Oct 2017 | CVE-2017-8047 | Cloud Foundry router open redirect | ||
| 28 Sep 2017 | USN-3420-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 28 Sep 2017 | USN-3418-1 | GDK-PixBuf vulnerabilities | ||
| 28 Sep 2017 | USN-3415-1 | tcpdump vulnerabilities | ||
| 28 Sep 2017 | USN-3411-1 | Bazaar vulnerability | ||
| 28 Sep 2017 | USN-3410-1 | GD library vulnerability | ||
| 28 Sep 2017 | USN-3405-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 28 Sep 2017 | USN-3398-1 | graphite2 vulnerabilities | ||
| 08 Sep 2017 | CVE-2017-9805 | Apache Struts Remote Code Execution | ||
| 28 Aug 2017 | USN-3392-2 | Linux kernel (Xenial HWE) regression | ||
| 21 Aug 2017 | USN-3385-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 14 Aug 2017 | USN-3378-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 14 Aug 2017 | USN-3367-1 | gdb vulnerabilities | ||
| 14 Aug 2017 | USN-3364-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 14 Aug 2017 | USN-3363-2 | ImageMagick regression References | ||
| 14 Aug 2017 | USN-3363-1 | ImageMagick vulnerabilities | ||
| 14 Aug 2017 | USN-3356-1 | Expat vulnerability | ||
| 14 Aug 2017 | USN-3353-1 | Heimdal vulnerability | ||
| 14 Aug 2017 | USN-3349-1 | NTP vulnerabilities | ||
| 14 Aug 2017 | USN-3347-1 | Libgcrypt vulnerabilities | ||
| 14 Aug 2017 | USN-3346-1 | bind9 vulnerabilities | ||
| 14 Aug 2017 | USN-3344-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 07 Aug 2017 | CVE-2017-8037 | Incomplete fix for Cloud Controller API access to CC VM contents | ||
| 02 Aug 2017 | CVE-2017-9022/CVE-2017-9023 | strongSwan DOS Vulnerabilities | ||
| 01 Aug 2017 | CVE-2017-8038 | Credentials readable from CredHub endpoint | ||
| 25 Jul 2017 | CVE-2017-8036 | Cloud Controller API regression | ||
| 25 Jul 2017 | CVE-2017-8035 | Cloud Controller API access to CC VM contents | ||
| 25 Jul 2017 | CVE-2017-8033 | Cloud Controller API filesystem traversal vulnerability | ||
| 24 Jul 2017 | CVE-2017-8032 | UAA Identity Zone Admin Privilege Escalation | ||
| 05 Jul 2017 | CVE-2017-7485 | PostgreSQL vulnerabilities | ||
| 26 Jun 2017 | CVE-2017-5946 | Directory Traversal in Rubyzip | ||
| 26 Jun 2017 | USN-3334-1 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 26 Jun 2017 | USN-3323-1 | GNU C Library vulnerability | ||
| 26 Jun 2017 | USN-3318-1 | GnuTLS vulnerabilities | ||
| 26 Jun 2017 | USN-3312-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 26 Jun 2017 | USN-3311-1 | libnl vulnerability | ||
| 26 Jun 2017 | USN-3309-1 | Libtasn1 vulnerability | ||
| 26 Jun 2017 | USN-3302-1 | ImageMagick vulnerabilities | ||
| 26 Jun 2017 | USN-3212-2 | LibTIFF regression | ||
| 22 Jun 2017 | USN-3304-1 | Sudo vulnerability | ||
| 08 Jun 2017 | CVE-2017-4994 | Forwarded Headers in UAA | ||
| 08 Jun 2017 | USN-3295-1 | JasPer vulnerabilities | ||
| 08 Jun 2017 | USN-3294-1 | Bash vulnerabilities | ||
| 08 Jun 2017 | USN-3291-3 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 08 Jun 2017 | USN-3287-1 | Git vulnerability | ||
| 08 Jun 2017 | USN-3283-1 | rtmpdump vulnerabilities | ||
| 08 Jun 2017 | USN-3282-1 | FreeType vulnerabilities | ||
| 08 Jun 2017 | USN-3276-2 | shadow regression | ||
| 08 Jun 2017 | USN-3263-1 | FreeType vulnerability | ||
| 08 Jun 2017 | USN-3259-1 | Bind vulnerabilities | ||
| 08 Jun 2017 | USN-3246-1 | Eject vulnerability | ||
| 08 Jun 2017 | USN-3181-1 | OpenSSL vulnerabilities | ||
| 19 May 2017 | CVE-2017-4992 | Privilege escalation with user invitations | ||
| 19 May 2017 | CVE-2017-4991 | UAA password reset vulnerability | ||
| 02 May 2017 | USN-3265-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 01 May 2017 | CVE-2017-4974 | Blind SQL Injection with privileged UAA endpoints | ||
| 20 Apr 2017 | CVE-2015-3281 | HAProxy vulnerabilities | ||
| 20 Apr 2017 | CVE-2017-4973 | Privilege Escalation in UAA | ||
| 20 Apr 2017 | CVE-2017-4972 | Blind SQL Injection in UAA | ||
| 13 Apr 2017 | CVE-2017-4969 | Bug in CC allows users to exceed quotas | ||
| 12 Apr 2017 | USN-3256-2 | Linux kernel (HWE) vulnerability | ||
| 10 Apr 2017 | CVE-2017-4970 | Staticfile buildpack ignores basic authentication when misconfigured | ||
| 06 Apr 2017 | USN-3243-1 | Git vulnerability | ||
| 06 Apr 2017 | USN-3241-1 | audiofile vulnerabilities | ||
| 06 Apr 2017 | USN-3239-2 | GNU C Library Regression | ||
| 06 Apr 2017 | USN-3237-1 | FreeType vulnerability | ||
| 06 Apr 2017 | USN-3235-1 | libxml2 vulnerabilities | ||
| 06 Apr 2017 | USN-3232-1 | ImageMagick vulnerabilities | ||
| 06 Apr 2017 | USN-3227-1 | ICU vulnerabilities | ||
| 06 Apr 2017 | USN-3225-1 | libarchive vulnerabilities | ||
| 06 Apr 2017 | USN-3183-2 | GnuTLS vulnerability | ||
| 05 Apr 2017 | CVE-2017-5649 | Apache Geode privilege escalation vulnerability | ||
| 04 Apr 2017 | USN-3201-1 | Bind vulnerabilities | ||
| 04 Apr 2017 | USN-3234-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 04 Apr 2017 | USN-3228-1 | libevent vulnerabilities | ||
| 04 Apr 2017 | USN-3247-1 | AppArmor vulnerability | ||
| 04 Apr 2017 | USN-3249-2 | Linux kernel (Xenial HWE) vulnerability | ||
| 31 Mar 2017 | USN-3222-1 | ImageMagick vulnerabilities | ||
| 31 Mar 2017 | USN-3213-1 | GD library vulnerabilities | ||
| 31 Mar 2017 | USN-3212-1 | LibTIFF vulnerabilities | ||
| 31 Mar 2017 | USN-3205-1 | tcpdump vulnerabilities | ||
| 31 Mar 2017 | USN-3142-2 | ImageMagick vulnerabilities | ||
| 29 Mar 2017 | CVE-2017-4963 | Session Fixation for UAA External Authentication | ||
| 17 Mar 2017 | USN-3196-1 | Multiple PHP vulnerabilities | ||
| 17 Mar 2017 | USN-3185-1 | libXpm vulnerability | ||
| 17 Mar 2017 | USN-3193-1 | Nettle vulnerability | ||
| 17 Mar 2017 | USN-3183-1 | GnuTLS vulnerabilities | ||
| 14 Mar 2017 | USN-3189-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 14 Mar 2017 | CVE-2017-5638 | Apache Struts Remote Code Execution | ||
| 13 Mar 2017 | USN-3220-2 | Linux kernel (Xenial HWE) vulnerability | ||
| 09 Mar 2017 | CVE-2017-4960 | UAA OAuth DOS via lockout feature | ||
| 01 Mar 2017 | USN-3208-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 31 Jan 2017 | USN-3172-1 | Bind vulnerabilities | ||
| 31 Jan 2017 | USN-3169-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 31 Jan 2017 | USN-3161-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 23 Jan 2017 | CVE-2016-6660 | Cloud Controller logs application environment variables | ||
| 19 Jan 2017 | USN-3024-1 | tomcat6, tomcat7 vulnerabilities | ||
| 12 Jan 2017 | RunC Exec | RunC Exec Vulnerability | ||
| 10 Jan 2017 | CVE-2016-9882 | Cloud Foundry Logs Service Credentials | ||
| 29 Dec 2016 | CVE-2016-3958 and CVE-2016-3959 | Golang vulnerabilities | ||
| 27 Dec 2016 | USN-3146-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 27 Dec 2016 | USN-3128-2 | Linux kernel (Xenial HWE) vulnerability | ||
| 27 Dec 2016 | USN-3142-1 | ImageMagick vulnerabilities | ||
| 19 Dec 2016 | CVE-2016-8219 | Space Auditor can restage apps | ||
| 21 Dec 2016 | Multiple CVEs | httpoxy vulnerabilities | ||
| 20 Dec 2016 | USN-3156-1 | APT vulnerability | ||
| 19 Dec 2016 | USN-3131-1 | ImageMagick vulnerabilities | ||
| 19 Dec 2016 | USN-3067-1 | HarfBuzz vulnerabilities | ||
| 19 Dec 2016 | USN-3117-1 | GD library vulnerabilities | ||
| 14 Dec 2016 | USN-3132-1 | tar vulnerability | ||
| 14 Dec 2016 | USN-3134-1 | Python vulnerabilities | ||
| 14 Dec 2016 | USN-3139-1 | Vim vulnerability | ||
| 14 Dec 2016 | CVE-2016-6659 | UAA Privilege Escalation | ||
| 14 Dec 2016 | USN-3116-1 | DBus vulnerabilities | ||
| 14 Dec 2016 | USN-3119-1 | Bind vulnerability | ||
| 13 Dec 2016 | USN-3123-1 | curl vulnerabilities | ||
| 13 Dec 2016 | USN-3088-1 | Bind vulnerability | ||
| 09 Dec 2016 | CVE-2016-8218 | Unauthenticated JWT signing algorithm in routing | ||
| 07 Dec 2016 | USN-3151-2 | Linux kernel (Xenial HWE) vulnerability | ||
| 17 Nov 2016 | CVE-2016-6663/CVE-2016-6664 | MariaDB Root Privilege Escalation | ||
| 17 Nov 2016 | Several | PCRE vulnerabilities prior to version 8.39 | ||
| 07 Nov 2016 | USN-3096-1 | NTP vulnerabilities | ||
| 07 Nov 2016 | USN-3095-1 | PHP vulnerabilities | ||
| 02 Nov 2016 | CVE-2016-6658 | Incomplete fix for Credential Vulnerability for Custom Buildpacks | ||
| 21 Oct 2016 | CVE-2016-5195 | Linux kernel vulnerability | ||
| 17 Oct 2016 | CVE-2016-6655 | Utility Script Command Injection | ||
| 17 Oct 2016 | USN-3099-2 | Linux kernel vulnerabilities | ||
| 29 Sep 2016 | CVE-2016-6653 | MySQL Audit logs sent to Syslog | ||
| 28 Sep 2016 | USN-3087-2 | OpenSSL Regression | ||
| 28 Sep 2016 | USN-3083-1 | Linux kernel vulnerabilities | ||
| 28 Sep 2016 | USN-3068-1 | Libidn vulnerabilities | ||
| 28 Sep 2016 | CVE-2016-6662 | Multiple MySQL Vulnerabilities | ||
| 28 Sep 2016 | USN-3085-1 | GDK-PixBuf vulnerabilities | ||
| 26 Sep 2016 | CVE-2016-6651 | Privilege Escalation in UAA | ||
| 26 Sep 2016 | CVE-2016-6636 | UAA Open Redirect Vulnerability for Subdomains | ||
| 26 Sep 2016 | CVE-2016-6637 | UAA CSRF Vulnerability for OAuth Approvals | ||
| 21 Sep 2016 | CVE-2014-9130 | LibYAML vulnerability | ||
| 09 Sep 2016 | CVE-2016-6639 | PHP Buildpack exposes .profile file | ||
| 09 Sep 2016 | USN-3045-1 | PHP vulnerabilities | ||
| 25 Aug 2016 | USN-3065-1 | Libgcrypt vulnerability | ||
| 25 Aug 2016 | USN-3064-1 | GnuPG vulnerability | ||
| 25 Aug 2016 | USN-3063-1 | Fontconfig vulnerability | ||
| 25 Aug 2016 | USN-3061-1 | OpenSSH vulnerability | ||
| 25 Aug 2016 | USN-3030-1/USN-3060-1 | GD library vulnerability | ||
| 25 Aug 2016 | USN-3053-1/USN-3037-1 | Linux kernel (Vivid HWE) vulnerability | ||
| 25 Aug 2016 | USN-3048-1 | curl vulnerability | ||
| 25 Aug 2016 | USN-3033-1 | libarchive vulnerability | ||
| 18 Aug 2016 | CVE-2016-5016 | UAA accepts expired certificates | ||
| 26 Jul 2016 | CVE-2016-5006 | Cloud Controller API logs user-provided service credentials | ||
| 13 Jul 2016 | USN-3010-1 | Expat vulnerabilities | ||
| 13 Jul 2016 | CVE-2016-4450 | Nginx Vulnerabilities | ||
| 13 Jul 2016 | USN-3012-1 | Wget vulnerability | ||
| 01 Jul 2016 | USN-3020-1 | Linux kernel (Vivid HWE) vulnerabilities | ||
| 30 Jun 2016 | CVE-2016-4468 | UAA SQL Injection | ||
| 15 Jun 2016 | USN-3001-1 | Linux kernel (Vivid HWE) vulnerabilities | ||
| 13 Jun 2016 | CVE-2016-4435 | BOSH Agent Anonymous Endpoint | ||
| 13 Jun 2016 | USN-2994-1 | libxml2 vulnerabilities | ||
| 13 Jun 2016 | USN-2991-1 | nginx vulnerability | ||
| 13 Jun 2016 | USN-2990-1 | ImageMagick vulnerability (a.k.a. ImageTragick) | ||
| 13 Jun 2016 | USN-2987-1 | GD library vulnerabilities | ||
| 13 Jun 2016 | USN-2985-2 | GNU C Library regression | ||
| 13 Jun 2016 | USN-2983-1 | Expat vulnerability | ||
| 13 Jun 2016 | USN-2981-1 | libarchive vulnerabilities | ||
| 13 Jun 2016 | USN-2966-1 | OpenSSH vulnerabilities | ||
| 13 Jun 2016 | USN-2961-1 | Little CMS vulnerability | ||
| 08 Jun 2016 | CVE-2013-7456 | PHP vulnerabilities | ||
| 03 Jun 2016 | USN-2970-1 | Linux kernel (Vivid HWE) vulnerabilities | ||
| 23 May 2016 | CVE-2016-3084 | UAA Password Reset Vulnerability | ||
| 19 May 2016 | USN-2977-1 | Linux kernel (Vivid HWE) vulnerabilities | ||
| 17 May 2016 | CVE-2016-3091 | Diego log encoding vulnerability | ||
| 06 May 2016 | USN-2959-1 | OpenSSL vulnerabilities | ||
| 06 May 2016 | USN-2957-1 | Libtasn1 vulnerability | ||
| 06 May 2016 | USN-2949-1 | Linux kernel (Vivid HWE) vulnerabilities | ||
| 06 May 2016 | USN-2943-1 | PCRE vulnerabilities | ||
| 06 May 2016 | USN-2935-2 | PAM regression | ||
| 02 May 2016 | CVE-2015-5170-5173 | UAA Vulnerabilities | ||
| 14 Apr 2016 | Badlock bug | Samba and Windows Vulnerabilities | ||
| 24 Mar 2016 | USN-2939-1 | LibTIFF vulnerabilities | ||
| 24 Mar 2016 | USN-2927-1 | Graphite2 vulnerabilities | ||
| 24 Mar 2016 | USN-2925-1 | Bind9 vulnerabilities | ||
| 24 Mar 2016 | USN-2919-1 | JasPer vulnerabilities | ||
| 24 Mar 2016 | USN-2918-1 | Pixman vulnerabilities | ||
| 24 Mar 2016 | USN-2916-1 | Perl vulnerabilities | ||
| 24 Mar 2016 | USN-2914-1 | OpenSSL vulnerabilities | ||
| 24 Mar 2016 | NPM Ownership Issue | Warning about NPM modules | ||
| 24 Mar 2016 | USN-2938-1 | Git vulnerabilities | ||
| 16 Mar 2016 | USN-2932-1 | Linux kernel vulnerabilities | ||
| 02 Mar 2016 | CVE-2016-0800 | OpenSSL vulnerabilities | ||
| 26 Feb 2016 | USN-2910-1 | Linux kernel vulnerability | ||
| 26 Feb 2016 | CVE-2016-0761 | Docker Image Host Files Corruption | ||
| 19 Feb 2016 | USN-2900-1 | GNU libc vulnerability | ||
| 02 Feb 2016 | CVE-2016-0732 | Privilege Escalation | ||
| 01 Feb 2016 | CVE-2016-0713 | Gorouter XSS | ||
| 22 Jan 2016 | USN-2871-1 | Linux kernel vulnerability | ||
| 20 Jan 2016 | CVE-2016-0715 | Remote Information Disclosure | ||
| 19 Jan 2016 | USN-2865-1 | GnuTLS vulnerability | ||
| 19 Jan 2016 | USN-2861-1 | libpng vulnerability | ||
| 19 Jan 2016 | USN-2868-1 | DHCP vulnerability | ||
| 19 Jan 2016 | USN-2869-1 | OpenSSH vulnerability | ||
| 18 Jan 2016 | CVE-2016-0708 | Remote Information Disclosure | ||
| 07 Jan 2016 | USN-2857-1 | Linux kernel vulnerability | ||
| 07 Jan 2016 | USN-2842-1/USN-2842-2 | Linux kernel vulnerability | ||
| 07 Jan 2016 | USN-2837-1 | bind9 vulnerability | ||
| 07 Jan 2016 | USN-2836-1 | grub2 vulnerability | ||
| 07 Jan 2016 | USN-2835-1 | git vulnerability | ||
| 07 Jan 2016 | USN-2834-1 | libxml2 vulnerability | ||
| 07 Jan 2016 | USN-2830-1 | OpenSSL vulnerability | ||
| 07 Jan 2016 | USN-2829-1 | Linux kernel vulnerability | ||
| 15 Dec 2015 | CVE-2015-5350 | Garden Nstar vulnerability | ||
| 04 Dec 2015 | USN-2821-1 | GnuTLS vulnerability | ||
| 04 Dec 2015 | USN-2820-1 | dpkg vulnerability | ||
| 02 Dec 2015 | USN-2815-1 | PNG vulnerability | ||
| 02 Dec 2015 | USN-2812-1 | libxml2 vulnerability | ||
| 02 Dec 2015 | USN-2810-1 | Kerberos vulnerability | ||
| 02 Dec 2015 | USN-2787-1 | audiofile vulnerability | ||
| 24 Nov 2015 | USN-2788-1/2788-2 | unzip vulnerability | ||
| 12 Nov 2015 | USN-2798-1 | Linux kernel vulnerability | ||
| 12 Nov 2015 | USN-2806-1 | Linux kernel vulnerability | ||
| 03 Nov 2015 | USN-2778-1 | Linux kernel vulnerabilities | ||
| 03 Nov 2015 | USN-2767-1 | GDK-Pixbuf library vulnerability | ||
| 07 Oct 2015 | Golang | Golang 1.4.3 CVE Fixes | ||
| 07 Oct 2015 | USN-2722-1 | GDK-PixBuf Vulnerabilities | ||
| 07 Oct 2015 | USN-2711-1 | Net-SNMP Vulnerabilities | ||
| 07 Oct 2015 | USN-2739-1 | FreeType Vulnerabilities | ||
| 07 Oct 2015 | USN-2740-1 | ICU Vulnerabilities | ||
| 07 Oct 2015 | USN-2751-1 | Linux Kernel (Vivid HWE) Vulnerability | ||
| 07 Oct 2015 | USN-2756-1 | rpcbind Vulnerability | ||
| 07 Oct 2015 | USN-2765-1 | Linux Kernel (Vivid HWE) Vulnerability | ||
| 08 Sep 2015 | USN-2710-1 | OpenSSH Vulnerabilities | ||
| 08 Sep 2015 | USN-2698-1 | SQLite Vulnerabilities | ||
| 08 Sep 2015 | USN-2694-1 | PCRE Vulnerabilities | ||
| 08 Sep 2015 | USN-2718-1 | Address Configuration Change Vulnerabilities | ||
| 06 Aug 2015 | USN-2696-1 | OpenJDK 7 Vulnerabilities | ||
| 29 Jul 2015 | CVE-2015-3290 | Linux Kernel NMI Vulnerability | ||
| 10 Jul 2015 | CVE-2015-1420 | file_handle size verification | ||
| 06 Jul 2015 | CVE-2015-1330 | Unattended-Upgrades Vulnerability | ||
| 25 Jun 2015 | CVE-2015-3189 | Expire old reset password links | ||
| 25 Jun 2015 | CVE-2015-3190 | Open redirect on Login | ||
| 25 Jun 2015 | CVE-2015-3191 | CSRF attack on change email | ||
| 12 Jun 2015 | USN-2639-1 | OpenSSL vulnerabilities | ||
| 12 Jun 2015 | CVE-2015-3636 | ipv4 use-after-free | ||
| 17 Jun 2015 | CVE-2015-1328 | overlayfs privilege escalation | ||
| 09 Jun 2015 | Redis LUA Sandbox | Redis LUA Exploit | ||
| 22 May 2015 | CVE-2015-1834 | Path Traversal Vulnerability | ||
| 22 May 2015 | USN-2617-1 | FUSE Vulnerability | ||
| 30 Apr 2015 | CVE-2015-1855 | Ruby OpenSSL Hostname Verification | ||
| 23 Mar 2015 | CVE-2015-0282 | Multiple GnuTLS Vulnerabilities | ||
| 21 Mar 2015 | USN-2537-1 | OpenSSL vulnerabilities | ||
| 13 Mar 2015 | CVE-2014-8159 | Linux Kernel Infiniband Vulnerability | ||
| 09 Feb 2015 | CVE-2014-0227 | Apache Tomcat Request Smuggling | ||
| 28 Jan 2015 | CVE-2015-0235 | GHOST | ||
| 10 Sep 2014 | CVE-2013-4444 | Remote Code Execution in Apache Tomcat | ||
| 16 Oct 2014 | CVE-2014-3566 | SSLV3 POODLE | ||
| 29 Sep 2014 | CVE-2014-7186 | Bash Out-of Bonds | ||
| 25 Sep 2014 | CVE-2014-6271 | Bash - ShellShock | ||
| 19 Sep 2014 | CVE-2014-5119 | glib_gconv_translit_find() exploit | ||
| 18 Aug 2014 | CVE-2014-3153 | Futex requeue exploit | ||
| 05 Jun 2014 | CVE-2014-0224 | SSL/TLS MITM Vulnerability | ||
| 10 Apr 2014 | CVE-2014-0160 | Heartbleed |
Thanks
Reports of vulnerabilities in VMware Tanzu products are listed in the credit section of the associated security announcement.