VMware Tanzu Advisories

Tanzu Security Advisories are currently published in two locations: On the VMware Security Advisories page and on this page. This page will be deprecated shortly. After the deprecation, information about USNs will be available in the form of a feed.


Reporting a vulnerability

The VMware Security Response team provides a single point of contact for the reporting of security vulnerabilities in VMware Tanzu products and coordinates the process of investigating any reported vulnerabilities.

To report a security vulnerability in a VMware service or product please refer to the VMware Security Response Policy.



VMware Tanzu Vulnerability Reports

Date   CVE Reference   Description
25 May 2021 CVE-2021-22118   Local Privilege Escalation within Spring Webflux Multipart Request Handling
10 May 2021 CVE-2021-22117   RabbitMQ Sever vulnerable to arbitrary code execution attack
10 May 2021 CVE-2021-22116   Denial-of-Service Vulnerability due to improper input validation in RabbitMQ server
26 Feb 2021 CVE-2021-22114   Zip-slip mitigation bypass in Spring Integration Zip extension
19 Feb 2021 CVE-2021-22112   Changing SecurityContext More Than Once in Single Request Can Fail to Save
11 Feb 2021 CVE-2021-22113   Spring Cloud Netflix Zuul “Sensitive Headers” Bypass Vulnerability
25 Jan 2021 CVE-2020-5428   Possibility of SQL Injection in Spring Cloud Task Execution Sorting Query
25 Jan 2021 CVE-2020-5427   Possibility of SQL Injection in Spring Cloud Data Flow Task Execution Sorting Query
01 Dec 2020 CVE-2020-5423   Cloud Controller is vulnerable to denial of service via YAML parsing
16 Nov 2020 CVE-2020-5417   Cloud Controller may allow developers to claim sensitive routes
12 Nov 2020 CVE-2020-5422   UAA password may appear in Operations Manager process arguments
03 Nov 2020 CVE-2020-5426   Scheduler for TAS can transmit privileged UAA token in plaintext
29 Oct 2020 CVE-2020-5425   User Impersonation possible in Tanzu SSO
13 Oct 2020 MYSQL-SECURITY-UPDATES-APR2020   Various MySQL Security Updates from April 2020
13 Oct 2020 MYSQL-SECURITY-UPDATES-JAN2020   Various MySQL Security Updates from January 2020
17 Sep 2020 CVE-2020-5421   RFD Protection Bypass via jsessionid
10 Sep 2020 CVE-2020-5420   Gorouter is vulnerable to DoS attack via invalid HTTP responses
01 Sep 2020 CVE-2020-5416   TAS clusters with NGINX in front of them may be vulnerable to DoS
27 Aug 2020 CVE-2020-5419   RabbitMQ arbitrary code execution using local binary planting
11 Aug 2020 CVE-2020-5415   Concourse's GitLab auth allows impersonation
04 Aug 2020 CVE-2020-5412   Hystrix Dashboard Proxy In spring-cloud-netflix-hystrix-dashboard
30 Jul 2020 CVE-2020-5414   App Autoscaler logs credentials
30 Jul 2020 CVE-2020-5396   JMX Insecure Default Configuration in GemFire
30 Jul 2020 MYSQL-SECURITY-UPDATES-OCT2019   Various MySQL Security Updates from October 2019
30 Jul 2020 MYSQL-SECURITY-UPDATES-JUL2019   Various MySQL Security Updates from July 2019
30 Jul 2020 CVE-2019-11286   JMX Credential Deserialization in GemFire
23 Jul 2020 CVE-2020-5413   Kryo Configuration Allows Code Execution with Unknown “Serialization Gadgets”
16 Jul 2020 CVE-2020-15586   Gorouter is vulnerable to DoS Attack via Expect 100-continue requests
10 Jun 2020 CVE-2020-5411   Jackson Configuration Allows Code Execution with Unknown “Serialization Gadgets”
01 Jun 2020 CVE-2020-5410   Directory Traversal with spring-cloud-config-server
26 May 2020 CVE-2019-15605   Node.js is vulnerable to request smuggling
13 May 2020 CVE-2020-5409   Concourse Open Redirect in the /sky/login endpoint
07 May 2020 CVE-2020-5408   Dictionary attack with Spring Security queryable text encryptor
07 May 2020 CVE-2020-5407   Signature Wrapping Vulnerability with spring-security-saml2-service-provider
14 Apr 2020 CVE-2020-5402   UAA fails to check the state parameter when authenticating with external IDPs
09 Apr 2020 CVE-2020-5406   PCF Autoscaling logs its database credentials
06 Apr 2020 CVE-2019-11282   UAA is vulnerable to a Blind SCIM injection leading to information disclosure
06 Apr 2020 CVE-2020-5400   Cloud Controller logs environment variables from app manifests
04 Mar 2020 VARIOUS-JACKSON-CVES-UAA   Various CVEs UAA consumes vulnerable versions of FasterXML jackson-databind
04 Mar 2020 CVE-2019-11290   UAA logs query parameters in tomcat access file
03 Mar 2020 CVE-2019-11253   PKS is vulnerable to a YAML/JSON parsing "Billion Laughs" Attack
27 Feb 2020 CVE-2020-5403   DoS Via Malformed URL with Reactor Netty HTTP Server
27 Feb 2020 CVE-2020-5404   Authentication Leak On Redirect With Reactor Netty HttpClient
26 Feb 2020 CVE-2020-5405   Directory Traversal with spring-cloud-config-server
24 Feb 2020 CVE-2020-5401   GoRouter is vulnerable to a cache poisoning DoS
12 Feb 2020 CVE-2020-5399   CredHub does not properly enable TLS for MySQL database connections
11 Feb 2020 CVE-2019-19604   Git submodule loading vulnerability
16 Jan 2020 CVE-2020-5397   CSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFlux
16 Jan 2020 CVE-2020-5398   RFD Attack via “Content-Disposition” Header Sourced from Request Input by Spring MVC or Spring WebFlux Application
15 Jan 2020 CVE-2019-11288   tc Server JMX Socket Listener Registry Rebinding Local Privilege Escalation
10 Jan 2020 CVE-2019-18802   CVE-2019-18801, CVE-2019-18838, MySQL for Pivotal Platform consumes a vulnerable version of Envoy
08 Jan 2020 CVE-2019-11292   Ops Manager logs query parameters in tomcat access file
04 Dec 2019 CVE-2019-19029   SQL Injection via user-groups in VMware Harbor Container Registry for Pivotal Platform
04 Dec 2019 CVE-2019-19023   Privilege Escalation Vulnerability in VMware Harbor Container Registry for Pivotal Platform
04 Dec 2019 CVE-2019-19026   SQL Injection via project quotas in VMware Harbor Container Registry for Pivotal Platform
04 Dec 2019 CVE-2019-3990   User Enumeration Flaw in VMware Harbor Container Registry for Pivotal Platform
04 Dec 2019 CVE-2019-19025   Cross-Site Request Forgery Vulnerability in VMware Harbor Container Registry for Pivotal Platform
04 Dec 2019 CVE-2019-9517   CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9518, CVE-2019-9511, CVE-2019-9516, Some Pivotal products are impacted by HTTP/2 denial of service attacks
03 Dec 2019 CVE-2019-11293   UAA logs all query parameters with debug logging level
22 Nov 2019 CVE-2019-11291   RabbitMQ XSS attack via federation and shovel endpoints
22 Nov 2019 CVE-2019-11287   RabbitMQ Web Management Plugin DoS via heap overflow
18 Nov 2019 CVE-2019-11289   A forged route service request using an invalid nonce can cause the gorouter to panic and crash
06 Nov 2019 CVE-2019-9893   libseccomp incorrectly generate 64-bit syscall argument comparisons
28 Oct 2019 CVE-2019-16869   Reactor Netty Consumes a Vulnerable Version of Netty
24 Oct 2019 CVE-2019-11249   PKS consumes a vulnerable version of kubectl
23 Oct 2019 CVE-2019-11283   Password leak in smbdriver logs
17 Oct 2019 CVE-2019-16919   Broken access control vulnerability in Harbor API
15 Oct 2019 CVE-2019-11278   Privilege Escalation via Blind SCIM Injection in UAA
15 Oct 2019 CVE-2019-11279   Privilege Escalation via Scope Manipulation in UAA
15 Oct 2019 CVE-2019-11247   Kubernetes API Server Vulnerability
15 Oct 2019 CVE-2018-15664   Docker Symlink Directory Traversal Vulnerability
15 Oct 2019 CVE-2019-13139   Docker build code execution
14 Oct 2019 CVE-2019-11281   RabbitMQ XSS attack
11 Oct 2019 CVE-2019-11284   Reactor Netty authentication leak in redirects
25 Sep 2019 CVE-2019-11275   CSV Injection in usage report downloaded from Pivotal Application Manager
23 Sep 2019 CVE-2019-11277   Volume Services is vulnerable to an LDAP injection attack
19 Sep 2019 CVE-2019-11280   Privilege escalation through the invitations service
20 Aug 2019 CVE-2019-3775   UAA allows users to modify their own email address
20 Aug 2019 CVE-2019-3788   UAA redirect-uri allows wildcards in the subdomain
20 Aug 2018 CVE-2019-3787   UAA defaults email address to an insecure domain
20 Aug 2019 CVE-2019-10164   Critical Security Issue in PostgreSQL
19 Aug 2019 CVE-2019-11276   Apps Manager sends tokens to Spring apps via HTTP
15 Aug 2019 CVE-2017-15694   Pivotal GemFire and Cloud Cache consume vulnerable versions of Apache Geode
14 Aug 2019 CVE-2019-13232   ClamAV Add-on for PCF consumes a vulnerable version of ClamAV
01 Aug 2019 CVE-2019-11270   UAA clients.write vulnerability
25 Jul 2019 CVE-2019-3800   CF CLI writes the client id and secret to config file
25 Jul 2019 CVE-2019-3781   CF CLI does not sanitize user's password in verbose/trace/debug
23 Jul 2019 CVE-2019-11273   PKS Telemetry logs credentials
22 Jul 2019 VARIOUS-SQL   Various MySQL Security Updates from July 2018 through January 2019
22 Jul 2019 USN-4017-1   Linux kernel vulnerabilities
18 Jul 2019 CVE-2019-3786   BBR could run arbitrary scripts on deployment VMs
28 Jun 2019 CVE-2019-11271   Bosh Deployment logs leak sensitive information
19 Jun 2019 CVE-2019-11272   PlaintextPasswordEncoder authenticates encoded passwords that are null
30 May 2019 CVE-2019-5021   Tile generator affected by insecure default password
30 May 2019 CVE-2019-11269   Open Redirector in spring-security-oauth2
24 May 2019 CVE-2019-3790   Ops Manager uaa client issues tokens after refresh token expiration
13 May 2019 CVE-2019-3802   Additional information exposure with Spring Data JPA example matcher
25 Apr 2019 CVE-2019-3801   Java Projects using HTTP to fetch dependencies
24 Apr 2019 CVE-2019-3798   Escalation of Privileges in Cloud Controller
24 Apr 2019 CVE-2019-3789   Gorouter allows space developer to hijack route services hosted outside the platform
16 Apr 2019 CVE-2019-3799   Directory Traversal with spring-cloud-config-server
12 Apr 2019 CVE-2019-3793   Invitations Service supports HTTP connections
08 Apr 2019 CVE-2019-3797   Additional information exposure with Spring Data JPA derived queries
04 Apr 2019 CVE-2019-3795   Insecure Randomness When Using a SecureRandom Instance Constructed by Spring Security
01 Apr 2019 CVE-2019-9946   Kubernetes affecting certain network configurations with CNI
01 Apr 2019 CVE-2019-1002100   Kubernetes API Server Patch Request Consumes Excess Resource Cause Denial of Service
01 Apr 2019 CVE-2019-1002101   Kubernetes kubectl - potential directory traversal
25 Mar 2019 CVE-2019-3792   Concourse 5.0.0 SQL Injection vulnerability
07 Mar 2019 CVE-2019-8331   Bootstrap XSS
28 Feb 2019 CVE-2018-15754   UAA issues tokens across identity providers if users with matching usernames exist
26 Feb 2019 CVE-2019-3777   Apps Manager unverified SSL certs in Cloud Controller proxy
21 Feb 2019 CVE-2019-3778   Open Redirector in spring-security-oauth2
19 Feb 2019 CVE-2019-3776   Reflected XSS in Pivotal Operations Manager
14 Feb 2019 CVE-2019-3780   Cloud Foundry Container Runtime Leaks IAAS Credentials
14 Feb 2019 CVE-2019-3779   Pivotal Container Service allows a user to bypass security policy when talking to ETCD
14 Jan 2019 CVE-2019-3772   XML External Entity Injection (XXE)
14 Jan 2019 CVE-2019-3773   XML External Entity Injection (XXE)
14 Jan 2019 CVE-2019-3774   XML External Entity Injection (XXE)
08 Jan 2019 KUBERNETES-API-SERVER   Kubernetes API Server acts as proxy for internal and external IPs
08 Jan 2019 CVE-2019-3803   Concourse includes token in CLI authentication callback
04 Jan 2019 CVE-2018-18264   Kubernetes Dashboard TLS Certificate Leak
18 Dec 2018 CVE-2018-15801   Authorization Bypass During JWT Issuer Validation with spring-security
13 Dec 2018 CVE-2018-15798   Pivotal Concourse allows malicious redirect urls on login
05 Dec 2018 CVE-2018-1279   RabbitMQ cluster compromise due to deterministically generated cookie
15 Nov 2018 CVE-2018-15759   On Demand Services SDK Timing Attack Vulnerability
09 Nov 2018 CVE-2018-15795   CredHub Service Broker uses guessable client secret
29 Oct 2018 CVE-2018-15762   Pivotal Operations Manager gives all users heightened privileges
16 Oct 2018 CVE-2018-15758   Privilege Escalation in spring-security-oauth2
16 Oct 2018 CVE-2018-15756   DoS Attack via Range Requests
10 Oct 2018 CVE-2018-11084   Garden-runC prevents deletion of some app environments
10 Oct 2018 CVE-2018-15755   CF networking internal policy server SQL injection
03 Oct 2018 CVE-2018-11083   BOSH accepts refresh token as access token
02 Oct 2018 CVE-2018-15763   PKS leaks IaaS credentials to application logs
27 Sep 2018 CVE-2018-11081   Ops Manager writes UAA credentials to disk
13 Sep 2018 CVE-2018-1198   PCC bosh deployment logs print a superuser password in plain text
13 Sep 2018 CVE-2018-11088   CF admin credentials accessible to developers through Applications Manager
13 Sep 2018 CVE-2018-11086   CF admin credentials accessible to developers through usage service
11 Sep 2018 CVE-2018-11087   RabbitMQ (Spring-AMQP) Host name verification
23 Jul 2018 CVE-2018-11044   Apps Manager allows unescaped content in invitation emails
10 Jul 2018 CVE-2018-11045   Operations Manager image contains static LRNG seed file
20 Jun 2018 CVE-2018-11046   Operations Manager includes outdated NGINX packages
14 Jun 2018 CVE-2018-11040   JSONP enabled by default in MappingJackson2JsonView
14 Jun 2018 CVE-2018-11039   Cross Site Tracing (XST) with Spring Framework
11 May 2018 CVE-2018-1263   Unsafe Unzip with spring-integration-zip
10 May 2018 CVE-2018-1278   Apps Manager allows unauthorized org invitations
09 May 2018 CVE-2018-1261   Unsafe Unzip with spring-integration-zip
09 May 2018 CVE-2018-1260   Remote Code Execution with spring-security-oauth2
09 May 2018 CVE-2018-1259   XXE with Spring Data’s XMLBeam integration
09 May 2018 CVE-2018-1258   Unauthorized Access with Spring Security Method Security
09 May 2018 CVE-2018-1257   ReDoS Attack with spring-messaging
07 May 2018 CVE-2018-1280   Blind SQL injection in Pivotal Greenplum Command Center
30 Apr 2018 CVE-2018-1256   Issuer validation regression in Spring Cloud SSO Connector
10 Apr 2018 CVE-2018-1274   Denial of Service with Spring Data
10 Apr 2018 CVE-2018-1273   RCE with Spring Data Commons
09 Apr 2018 CVE-2018-1275   Address partial fix for CVE-2018-1270
05 Apr 2018 CVE-2018-1272   Multipart Content Pollution with Spring Framework
05 Apr 2018 CVE-2018-1271   Directory Traversal with Spring MVC on Windows
05 Apr 2018 CVE-2018-1270   Remote Code Execution with spring-messaging
16 Mar 2018 CVE-2018-1230   Spring Batch Admin vulnerable to Cross Site Request Forgery
16 Mar 2018 CVE-2018-1229   Stored XSS in file upload of Spring Batch Admin
13 Feb 2018 CVE-2018-1200   Apps Manager File Access Vulnerability
30 Jan 2018 CVE-2018-1196   Symlink privilege escalation attack via Spring Boot launch script
29 Jan 2018 CVE-2018-1199   Security bypass with static resources
16 Oct 2017 CVE-2017-8028   Spring-LDAP authentication with userSearch and STARTTLS allows authentication with arbitrary password
21 Sep 2017 CVE-2017-8046   RCE in PATCH requests in Spring Data REST
19 Sep 2017 CVE-2017-8045   Remote code execution in spring-amqp
15 Sep 2017 CVE-2017-8039   Data Binding Expression Vulnerability in Spring Web Flow
31 Aug 2017 CVE-2017-8044   XSS vulnerability in Single Sign-On for PCF via DOM-based query parameters
31 Aug 2017 CVE-2017-8041   XSS vulnerability in org name in Single Sign-On for PCF
31 Aug 2017 CVE-2017-8040   XXE Vulnerability in Single Sign-On for PCF
08 Jun 2017 CVE-2017-4995   Jackson Configuration Allows Code Execution with Unknown “Serialization Gadgets”
31 May 2017 CVE-2017-4971   Data Binding Expression Vulnerability in Spring Web Flow
15 May 2017 CVE-2017-4975   Tile generator sets open security groups
04 May 2017 CVE-2017-4966   RabbitMQ local storage of credentials
04 May 2017 CVE-2017-4965   XSS vulnerabilities in RabbitMQ management UI
27 Mar 2017 CVE-2017-2773   Unauthenticated JWT signing algorithm in multiple components
24 Mar 2017 CVE-2017-4955   Credentials in Elastic Runtime Notifications errand log
14 Feb 2017 CVE-2017-4959   Pivotal Cloud Foundry account authorization vulnerability
09 Feb 2017 CVE-2016-9880   Unauthenticated access to GemFire for PCF broker endpoints
04 Jan 2017 CVE-2016-9885   gfsh exposed over go router for GemFire for PCF
28 Dec 2016 CVE-2016-9879   Encoded "/" in path variables
28 Dec 2016 CVE-2016-0898   Service backups log AWS key
21 Dec 2016 CVE-2016-9878   Directory Traversal in the Spring Framework ResourceServlet
19 Dec 2016 CVE-2016-9877   RabbitMQ authentication vulnerability
31 Oct 2016 CVE-2016-6657   PCF Open Redirects
31 Oct 2016 CVE-2016-6656   Code injection vulnerability via GPHDFS in Greenplum database
30 Sep 2016 CVE-2016-6652   Spring Data JPA Blind SQL Injection Vulnerability
12 Sep 2016 CVE-2016-0930   Ops Manager Compilation VMs Vulnerability on vSphere and vCloud
27 Jul 2016 CVE-2016-0896   IaaS Metadata Endpoint Accessible from Application Containers
15 Jul 2016 CVE-2016-0929   RabbitMQ for PCF vulnerability
07 Jul 2016 CVE-2016-5007   Spring Security / MVC Path Matching Inconsistency
07 Jul 2016 CVE-2016-0926   Apps Manager XSS vulnerability
05 Jul 2016 CVE-2016-4977   Remote Code Execution (RCE) in Spring Security OAuth
29 Jun 2016 CVE-2016-0928   PCF Open Redirects
24 Jun 2016 CVE-2016-0897   Ops Manager vSphere and vCloud vulnerability
23 Jun 2016 CVE-2016-0927   Ops Manager XSS vulnerability
11 Apr 2016 CVE-2016-2173   Remote Code Execution in Spring AMQP
23 Mar 2016 CVE-2016-0780   Cloud Controller Disk Quota Enforcement
23 Mar 2016 CVE-2016-2165   Loggregator Request URL Paths
23 Mar 2016 CVE-2016-0781   UAA Persistent XSS Vulnerability
03 Feb 2016 CVE-2016-0883   Pivotal Ops Manager Weak Authentication Scheme
12 Nov 2015 CVE-2015-5258   Spring Social CSRF
15 Oct 2015 CVE-2015-5211   RFD Attack in Spring Framework
30 Jun 2015 CVE-2015-3192   DoS Attack with XML Input
06 Mar 2015 CVE-2015-0201   Insufficiently random session id in Java SockJS client
13 Jan 2015 CVE-2014-3626   Directory Traversal in Grails Resources Plugin
11 Nov 2014 CVE-2014-3625   Directory Traversal in Spring Framework
05 Sep 2014 CVE-2014-3578   Directory Traversal in Spring Framework
15 Aug 2014 CVE-2014-3527   Access Control Bypass in Spring Security
28 May 2014 CVE-2014-0225   Information Disclosure when using Spring MVC
11 Mar 2014 CVE-2014-1904   XSS when using Spring MVC
11 Mar 2014 CVE-2014-0097   Blank password may bypass user authentication
11 Mar 2014 CVE-2014-0054   Incomplete fix for CVE-2013-7315 / CVE-2013-6429 (XXE)
19 Feb 2014 CVE-2014-0053   Information Disclosure when using Grails
14 Jan 2014 CVE-2013-6430   Possible XSS when using Spring MVC
14 Jan 2014 CVE-2013-6429   Incomplete fix for CVE-2013-7315 (XXE)
22 Aug 2013 CVE-2013-7315   XML External Entity (XXE) injection in Spring Framework
22 Aug 2013 CVE-2013-4152   XML eXternal Entity (XXE) injection in Spring Framework
Afficher tout


Notable Vulnerabilities in Dependencies

Date   CVE Reference   Description
16 Apr 2021 USN-4755-1   LibTIFF vulnerabilities
16 Apr 2021 USN-4754-4   Python 2.7 vulnerability
16 Apr 2021 USN-4754-2   Python regression
16 Apr 2021 USN-4754-1   Python vulnerabilities
16 Apr 2021 USN-4749-1   Linux kernel vulnerabilities
16 Apr 2021 USN-4738-1   OpenSSL vulnerabilities
01 Mar 2021 USN-4705-1   Sudo vulnerabilities
01 Mar 2021 USN-4700-1   PyXDG vulnerability
01 Mar 2021 USN-4694-1   Linux kernel vulnerability
01 Mar 2021 USN-4692-1   tar vulnerabilities
01 Mar 2021 USN-4680-1   Linux kernel vulnerabilities
01 Mar 2021 USN-4677-1   p11-kit vulnerabilities
01 Mar 2021 USN-4676-1   OpenEXR vulnerabilities
01 Mar 2021 USN-4673-1   libproxy vulnerability
01 Mar 2021 USN-4668-3   python-apt regression
01 Mar 2021 USN-4489-1   Linux kernel vulnerability
13 Jan 2021 USN-4662-1   OpenSSL vulnerability
13 Jan 2021 USN-4660-1   Linux kernel vulnerabilities
13 Jan 2021 USN-4635-1   Kerberos vulnerability
13 Jan 2021 USN-4628-2   Intel Microcode regression
13 Jan 2021 USN-4628-1   Intel Microcode vulnerabilities
11 Dec 2020 USN-4633-1   PostgreSQL vulnerabilities
11 Dec 2020 USN-4613-1   python-cryptography vulnerability
11 Dec 2020 USN-4428-1   Python vulnerabilities
11 Dec 2020 USN-4416-1   GNU C Library vulnerabilities
11 Dec 2020 USN-4360-2   json-c regression
11 Dec 2020 USN-4360-1   json-c vulnerability
11 Dec 2020 USN-4359-1   APT vulnerability
11 Dec 2020 USN-4309-1   Vim vulnerabilities
20 Nov 2020 USN-4593-1   FreeType vulnerability
20 Nov 2020 USN-4591-1   Linux kernel vulnerabilities
20 Nov 2020 USN-4582-1   Vim vulnerabilities
20 Nov 2020 USN-4581-1   Python vulnerability
20 Nov 2020 USN-4578-1   Linux kernel vulnerabilities
20 Nov 2020 USN-4526-1   Linux kernel vulnerabilities
24 Sep 2020 USN-4466-1   curl vulnerability
24 Sep 2020 USN-4457-1   Software Properties vulnerability
28 Aug 2020 USN-4414-1   Linux kernel vulnerabilities
28 Aug 2020 USN-4402-1   curl vulnerabilities
28 Aug 2020 USN-4398-1   DBus vulnerability
30 Jul 2020 USN-4394-1   SQLite vulnerabilities
30 Jul 2020 USN-4390-1   Linux kernel vulnerabilities
30 Jul 2020 USN-4385-2   Intel Microcode regression
30 Jul 2020 USN-4385-1   Intel Microcode vulnerabilities
30 Jul 2020 USN-4377-1   ca-certificates update
30 Jul 2020 USN-4376-1   OpenSSL vulnerabilities
30 Jul 2020 USN-4360-4   json-c vulnerability
30 Jul 2020 USN-3911-2   file regression
14 May 2020 USN-4318-1   Linux kernel vulnerabilities
28 Apr 2020 USN-4345-1   Linux kernel vulnerabilities
23 Apr 2020 USN-4305-1   ICU vulnerability
23 Apr 2020 USN-4302-1   Linux kernel vulnerabilities
23 Apr 2020 USN-4298-1   SQLite vulnerabilities
21 Apr 2020 USN-4333-1   Python vulnerabilities
08 Apr 2020 USN-4292-1   rsync vulnerabilities
02 Mar 2020 USN-4293-1   libarchive vulnerabilities
18 Feb 2020 USN-4287-1   Linux kernel vulnerabilities
10 Feb 2020 USN-4274-1   libxml2 vulnerabilities
05 Feb 2020 USN-4269-1   systemd vulnerabilities
03 Feb 2020 USN-4263-1   Sudo vulnerability
28 Jan 2020 USN-4255-2   Linux kernel (HWE) vulnerabilities
28 Jan 2020 USN-4256-1   Cyrus SASL vulnerability
27 Jan 2020 USN-4252-1   tcpdump vulnerabilities
23 Jan 2020 USN-4233-2   GnuTLS update
23 Jan 2020 USN-4249-1   e2fsprogs vulnerability
22 Jan 2020 USN-4247-1   python-apt vulnerabilities
22 Jan 2020 USN-4247-2   python-apt regression
22 Jan 2020 USN-4246-1   zlib vulnerabilities
20 Jan 2020 USN-4242-1   Sysstat vulnerabilities
20 Jan 2020 USN-4243-1   libbsd vulnerabilities
19 Jan 2020 CVE-2020-0601   Windows Stemcells vulnerable to Windows CryptoAPI Spoofing Vulnerability
15 Jan 2020 USN-4205-1   SQLite vulnerabilities
15 Jan 2020 USN-4215-1   NSS vulnerability
15 Jan 2020 USN-4182-3   Intel Microcode regression
15 Jan 2020 USN-4220-1   Git vulnerabilities
15 Jan 2020 USN-4210-1   Linux kernel vulnerabilities
14 Jan 2020 USN-4236-2   Libgcrypt vulnerability
13 Jan 2020 USN-4235-1   nginx vulnerability
09 Jan 2020 USN-4233-1   GnuTLS update
08 Jan 2020 USN-4231-1   NSS vulnerability
07 Jan 2020 USN-4227-1   Linux kernel vulnerabilities
18 Dec 2019 USN-4194-1   postgresql-common vulnerability
18 Dec 2019 USN-4185-1   Linux kernel vulnerabilities
18 Dec 2019 USN-4162-1   Linux kernel vulnerabilities
18 Dec 2019 USN-4191-1   QEMU vulnerabilities
18 Dec 2019 USN-4164-1   Libxslt vulnerabilities
18 Dec 2019 USN-4190-1   libjpeg-turbo vulnerabilities
18 Dec 2019 USN-4176-1   GNU cpio vulnerability
18 Dec 2019 USN-4172-1   file vulnerability
18 Dec 2019 USN-4203-1   NSS vulnerability
18 Dec 2019 USN-4169-1   libarchive vulnerability
18 Dec 2019 USN-4182-1   Intel Microcode update
18 Dec 2019 USN-4185-3   Linux kernel vulnerability and regression
18 Dec 2019 USN-4199-1   libvpx vulnerabilities
11 Dec 2019 USN-4221-1   libpcap vulnerability
25 Nov 2019 CVE-2019-15587   Ops Manager contains a vulnerable Loofah gem
14 Nov 2019 USN-4004-1   Berkeley DB vulnerability
14 Nov 2019 USN-4038-1   bzip2 vulnerabilities
14 Nov 2019 USN-3911-1   file vulnerabilities
14 Nov 2019 USN-4015-1   DBus vulnerability
14 Nov 2019 USN-4011-1   Jinja2 vulnerabilities
14 Nov 2019 USN-4008-2   AppArmor update
14 Nov 2019 USN-3999-1   GnuTLS vulnerabilities
14 Nov 2019 USN-3967-1   FFmpeg vulnerabilities
14 Nov 2019 USN-3990-1   urllib3 vulnerabilities
14 Nov 2019 USN-4040-1   Expat vulnerability
14 Nov 2019 USN-3885-2   OpenSSH vulnerability
14 Nov 2019 USN-3993-1   curl vulnerabilities
14 Nov 2019 USN-4012-1   elfutils vulnerabilities
14 Nov 2019 USN-3968-1   Sudo vulnerabilities
14 Nov 2019 USN-4016-1   Vim vulnerabilities
14 Nov 2019 USN-4019-1   SQLite vulnerabilities
06 Nov 2019 USN-4151-1   Python vulnerabilities
06 Nov 2019 USN-4144-1   Linux kernel vulnerabilities
06 Nov 2019 USN-4142-1   e2fsprogs vulnerability
06 Nov 2019 USN-4132-1   Expat vulnerability
06 Nov 2019 USN-4129-1   curl vulnerabilities
06 Nov 2019 USN-4127-1   Python vulnerabilities
06 Nov 2019 USN-4126-1   FreeType vulnerability
30 Sep 2019 USN-4135-1   Linux kernel vulnerabilities
30 Sep 2019 USN-4115-2   Linux kernel regression
30 Sep 2019 USN-4115-1   Linux kernel vulnerabilities
30 Sep 2019 USN-4094-1   Linux kernel vulnerabilities
30 Sep 2019 USN-4071-1   Patch vulnerabilities
30 Sep 2019 USN-4049-3   GLib regression
24 Sep 2019 CVE-2019-16097   Harbor Privilege Escalation
05 Sep 2019 USN-4099-1   nginx vulnerabilities
05 Sep 2019 USN-4090-1   PostgreSQL vulnerabilities
05 Sep 2019 USN-4068-2   Linux kernel (HWE) vulnerabilities
05 Sep 2019 USN-4060-1   NSS vulnerabilities
05 Sep 2019 USN-4058-1   Bash vulnerability
05 Sep 2019 USN-4049-1   GLib vulnerability
05 Sep 2019 USN-4038-3   bzip2 regression
06 Aug 2019 USN-4041-1   Linux kernel update
05 Aug 2019 USN-4014-1   GLib vulnerability
05 Aug 2019 USN-4001-1   libseccomp vulnerability
05 Aug 2019 USN-3977-3   Intel Microcode update (AKA ZombieLoad Attack)
19 Jun 2019 USN-3981-2   Linux kernel (HWE) vulnerabilities (AKA ZombieLoad Attack)
19 Jun 2019 USN-3977-2   Intel Microcode update (AKA ZombieLoad Attack)
19 Jun 2019 USN-3977-1   Intel Microcode update (AKA ZombieLoad Attack)
21 May 2019 USN-3972-1   PostgreSQL vulnerabilities
21 May 2019 USN-3962-1   libpng vulnerability
21 May 2019 USN-3960-1   WavPack vulnerability
21 May 2019 USN-3947-1   Libxslt vulnerability
21 May 2019 USN-3943-1   Wget vulnerabilities
21 May 2019 USN-3932-2   Linux kernel (Xenial HWE) vulnerabilities
21 May 2019 USN-3931-2   Linux kernel (HWE) vulnerabilities
08 May 2019 USN-3935-1   BusyBox vulnerabilities
25 Apr 2019 USN-3945-1   Ruby vulnerabilities
25 Apr 2019 USN-3910-2   Linux kernel (Xenial HWE) vulnerabilities
25 Apr 2019 USN-3906-1   LibTIFF vulnerabilities
25 Apr 2019 USN-3901-2   Linux kernel (HWE) vulnerabilities
25 Apr 2019 USN-3900-1   GD vulnerabilities
25 Apr 2019 USN-3899-1   OpenSSL vulnerability
25 Apr 2019 USN-3898-1   NSS vulnerability
25 Apr 2019 USN-3891-1   systemd vulnerability
25 Apr 2019 USN-3885-1   OpenSSH vulnerabilities
25 Apr 2019 USN-3884-1   libarchive vulnerabilities
25 Apr 2019 USN-3882-1   curl vulnerabilities
25 Apr 2019 USN-3879-2   Linux kernel (Xenial HWE) vulnerabilities
25 Apr 2019 USN-3871-4   Linux kernel (HWE) vulnerabilities
25 Apr 2019 USN-3864-1   LibTIFF vulnerabilities
25 Apr 2019 USN-3859-1   libarchive vulnerabilities
25 Apr 2019 USN-3848-2   Linux kernel (Xenial HWE) vulnerabilities
25 Apr 2019 USN-3847-2   Linux kernel (HWE) vulnerabilities
25 Apr 2019 USN-3840-1   OpenSSL vulnerabilities
25 Apr 2019 USN-3834-1   Perl vulnerabilities
25 Apr 2019 USN-3816-3   systemd regression
25 Apr 2019 USN-3855-1   systemd vulnerabilities
25 Apr 2019 USN-3863-1   APT vulnerability
13 Feb 2019 CVE-2019-5736   runC container breakout
06 Feb 2019 USN-3836-2   Linux kernel (HWE) vulnerabilities
06 Feb 2019 USN-3841-1   lxml vulnerability
06 Feb 2019 USN-3850-1   NSS vulnerabilities
03 Jan 2019 USN-3843-1   pixman vulnerability
03 Jan 2019 USN-3816-2   systemd vulnerability
03 Jan 2019 USN-3839-1   WavPack vulnerabilities
03 Jan 2019 USN-3829-1   Git vulnerabilities
14 Dec 2018 USN-3805-1   curl vulnerabilities
14 Dec 2018 USN-3809-1   OpenSSH vulnerabilities
14 Dec 2018 USN-3812-1   nginx vulnerabilities
14 Dec 2018 USN-3815-1   gettext vulnerability
14 Dec 2018 USN-3817-1   Python vulnerabilities
14 Dec 2018 USN-3821-2   Linux kernel (Xenial HWE) vulnerabilities
12 Dec 2018 USN-3820-2   Linux kernel (HWE) vulnerabilities
12 Dec 2018 USN-3816-1   systemd vulnerabilities
12 Dec 2018 USN-3806-1   systemd vulnerability
12 Dec 2018 USN-3808-1   Ruby vulnerabilities
03 Dec 2018 CVE-2018-15797   NFS Volume release errand leaks cf admin credentials in logs
03 Dec 2018 CVE-2018-1002105   Proxy request handling in kube-apiserver can leave vulnerable TCP connections
28 Nov 2018 USN-3797-2   Linux kernel (Xenial HWE) vulnerabilities
08 Nov 2018 USN-3800-1   audiofile vulnerabilities
08 Nov 2018 USN-3791-1   Git vulnerability
08 Nov 2018 USN-3786-1   libxkbcommon vulnerabilities
08 Nov 2018 USN-3785-1   ImageMagick vulnerabilities
06 Nov 2018 CVE-2018-15761   UAA Privilege Escalation
26 Oct 2018 USN-3790-1   Requests vulnerability
26 Oct 2018 USN-3777-2   Linux kernel (HWE) vulnerabilities
26 Oct 2018 USN-3762-2   Linux kernel (HWE) vulnerabilities
09 Oct 2018 USN-3752-2   Linux kernel (HWE) vulnerabilities
09 Oct 2018 USN-3765-1   curl vulnerability
09 Oct 2018 USN-3767-1   GLib vulnerabilities
09 Oct 2018 USN-3770-1   Little CMS vulnerabilities
27 Sep 2018 USN-3759-1   libtirpc vulnerabilities
27 Sep 2018 USN-3758-1   libx11 vulnerabilities
27 Sep 2018 USN-3756-1   Intel Microcode vulnerabilities
27 Sep 2018 USN-3755-1   GD vulnerabilities
27 Sep 2018 USN-3753-2   Linux kernel (Xenial HWE) vulnerabilities
27 Sep 2018 USN-3744-1   PostgreSQL vulnerabilities
27 Sep 2018 USN-3741-2   Linux kernel (Xenial HWE) vulnerabilities
27 Sep 2018 USN-3739-1   libxml2 vulnerabilities
27 Sep 2018 USN-3736-1   libarchive vulnerabilities
27 Sep 2018 USN-3733-1   GnuPG vulnerability
27 Sep 2018 USN-3729-1   libxcursor vulnerability
27 Sep 2018 USN-3712-1   libpng vulnerabilities
27 Sep 2018 USN-3696-2   Linux kernel (Xenial HWE) vulnerabilities
27 Sep 2018 USN-3692-1   OpenSSL vulnerabilities
27 Sep 2018 USN-3690-2   AMD Microcode regression
27 Sep 2018 USN-3690-1   AMD Microcode update
27 Sep 2018 USN-3689-1   Libgcrypt vulnerability
27 Sep 2018 USN-3605-1   Sharutils vulnerability
27 Sep 2018 USN-3589-1   PostgreSQL vulnerability
27 Sep 2018 USN-3564-1   PostgreSQL vulnerability
27 Sep 2018 USN-3532-1   GDK-PixBuf vulnerabilities
27 Sep 2018 USN-3509-4   Linux kernel (Xenial HWE) regression
27 Sep 2018 USN-3352-1   nginx vulnerability
09 Aug 2018 CVE-2018-8037   Apache Tomcat - NIO/NIO2 connectors user sessions can get mixed up
09 Aug 2018 CVE-2018-1336   Apache Tomcat - UTF-8 decoder can lead to DoS
02 Aug 2018 USN-3711-1   ImageMagick vulnerabilities
02 Aug 2018 USN-3707-1   NTP vulnerabilities
02 Aug 2018 USN-3706-1   libjpeg-turbo vulnerabilities
23 Jul 2018 CVE-2018-11047   UAA accepts refresh token as access token on admin endpoints
20 Jul 2018 USN-3693-1   JasPer vulnerabilities
20 Jul 2018 USN-3686-1   file vulnerabilities
20 Jul 2018 USN-3684-1   Perl vulnerability
20 Jul 2018 USN-3681-1   ImageMagick vulnerabilities
20 Jul 2018 USN-3676-2   Linux kernel (Xenial HWE) vulnerabilities
20 Jul 2018 USN-3675-1   GnuPG vulnerabilities
20 Jul 2018 USN-3658-1   procps-ng vulnerabilities
17 Jul 2018 CVE-2018-11041   UAA open redirect
16 Jul 2018 CVE-2018-1269   Loggregator does not properly close some TCP connections
16 Jul 2018 CVE-2018-1268   Loggregator lacks app GUID validation
19 Jun 2018 CVE-2018-1265   Diego does not properly sanitize file paths in tar/zip files
21 Jun 2018 USN-3671-1   Git vulnerabilities
21 Jun 2018 USN-3654-2   Linux kernel (Xenial HWE) vulnerabilities
21 Jun 2018 USN-3648-1   curl vulnerabilities
14 Jun 2018 USN-3643-1   Wget vulnerability
14 Jun 2018 USN-3641-1   Linux kernel vulnerabilities
14 Jun 2018 USN-3631-2   Linux kernel (Xenial HWE) vulnerabilities
14 Jun 2018 USN-3628-1   OpenSSL vulnerability
14 Jun 2018 USN-3625-1   Perl vulnerabilities
14 Jun 2018 USN-3624-1   Patch vulnerabilities
14 Jun 2018 USN-3622-1   Wayland vulnerability
21 May 2018 CVE-2018-1277   Garden does not correctly enforce Docker image disc quotas
21 May 2018 CVE-2018-1276   Windows2012R2 stemcell exposes IaaS metadata on vSphere
10 May 2018 MS-ISAC-2018-046   MS-ISAC 2018-046 Multiple Vulnerabilities in PHP
08 May 2018 CVE-2018-1191   Garden may log Docker passwords
02 May 2018 USN-3619-2   Linux kernel (Xenial HWE) vulnerabilities
02 May 2018 USN-3611-1   OpenSSL vulnerability
02 May 2018 USN-3610-1   ICU vulnerability
02 May 2018 USN-3606-1   LibTIFF vulnerabilities
02 May 2018 USN-3604-1   libvorbis vulnerabilities
02 May 2018 USN-3602-1   LibTIFF vulnerabilities
02 May 2018 USN-3598-1   curl vulnerabilities
02 May 2018 USN-3586-1   DHCP vulnerabilities
02 May 2018 USN-3584-1   sensible-utils vulnerability
02 May 2018 USN-3569-1   libvorbis vulnerabilities
02 May 2018 USN-3554-1   curl vulnerabilities
02 May 2018 USN-3547-1   Libtasn1 vulnerabilities
02 May 2018 USN-3543-1   rsync vulnerabilities
02 May 2018 USN-3534-1   GNU C Library vulnerabilities
02 May 2018 USN-3506-1   rsync vulnerabilities
02 May 2018 USN-3501-1   libxcursor vulnerability
02 May 2018 USN-3346-2   Bind regression
30 Apr 2018 CVE-2018-1197   GCP Metadata Endpoint Accessible from Application Containers on Windows
05 Apr 2018 CVE-2018-1266   Cloud Controller file modification via malicious application
05 Apr 2018 CVE-2018-1231   BOSH CLI does not restrict access to configuration file
03 Apr 2018 USN-3582-2   Linux kernel (Xenial HWE) vulnerabilities
28 Mar 2018 CVE-2018-1195   Cloud Controller API will accept a refresh token for authentication
28 Mar 2018 CVE-2018-1192   UAA SessionID present in Audit Event Logs
28 Mar 2018 CVE-2018-1190   XSS on UAA OpenID Connect check session iframe endpoint
09 Mar 2018 CVE-2018-1227   Concourse-dot-ci Domain Issue
27 Feb 2018 VU475445   VU#475445 SAML Authentication Bypass
27 Feb 2018 CVE-2018-1221   Gorouter websocket handling vulnerability
01 Feb 2018 USN-3540-2   Linux kernel (Xenial HWE) vulnerabilities
01 Feb 2018 USN-3538-1   OpenSSH vulnerabilities
01 Feb 2018 USN-3535-1   Bind vulnerability
01 Feb 2018 USN-3522-4   Linux (Xenial HWE) vulnerability
01 Feb 2018 USN-3522-2   Linux (Xenial HWE) vulnerability
01 Feb 2018 USN-3513-1   libxml2 vulnerability
01 Feb 2018 USN-3504-1   libxml2 vulnerability
03 Jan 2018 Meltdown and Spectre Attacks   Meltdown and Spectre Attacks
19 Dec 2017 CVE-2017-1000353   Jenkins unauthenticated remote code execution
15 Dec 2017 USN-3509-2   Linux kernel (Xenial HWE) vulnerabilities
15 Dec 2017 USN-3505-1   Linux firmware vulnerabilities
15 Dec 2017 USN-3498-1   curl vulnerabilities
15 Dec 2017 USN-3496-3   Python vulnerability
15 Dec 2017 USN-3496-1   Python vulnerability
15 Dec 2017 USN-3489-1   Berkeley DB vulnerability
15 Dec 2017 USN-3485-2   Linux kernel (Xenial HWE) vulnerabilities
15 Dec 2017 USN-3478-1   Perl vulnerabilities
15 Dec 2017 USN-3475-1   OpenSSL vulnerabilities
15 Dec 2017 USN-3469-2   Linux kernel (Xenial HWE) vulnerabilities
15 Dec 2017 USN-3464-1   Wget vulnerabilities
15 Dec 2017 USN-3458-1   ICU vulnerability
15 Dec 2017 USN-3457-1   curl vulnerability
21 Nov 2017 USN-3454-1   libffi vulnerability
21 Nov 2017 USN-3444-2   Linux kernel (Xenial HWE) vulnerabilities
21 Nov 2017 USN-3441-1   curl vulnerabilities
21 Nov 2017 USN-3437-1   OCaml vulnerability
21 Nov 2017 USN-3434-1   Libidn vulnerability
21 Nov 2017 USN-3432-1   ca-certificates update
21 Nov 2017 USN-3424-1   libxml2 vulnerabilities
21 Nov 2017 USN-3387-1   Git vulnerability
16 Nov 2017 CVE-2017-8031   UAA Denial of Service through client token revocation endpoint
15 Nov 2017 CVE-2017-14388   GrootFS doesn’t validate DiffIDs
11 Oct 2017 CVE-2017-8048   Cloud Controller API regression
10 Oct 2017 CVE-2017-8047   Cloud Foundry router open redirect
28 Sep 2017 USN-3420-2   Linux kernel (Xenial HWE) vulnerabilities
28 Sep 2017 USN-3418-1   GDK-PixBuf vulnerabilities
28 Sep 2017 USN-3415-1   tcpdump vulnerabilities
28 Sep 2017 USN-3411-1   Bazaar vulnerability
28 Sep 2017 USN-3410-1   GD library vulnerability
28 Sep 2017 USN-3405-2   Linux kernel (Xenial HWE) vulnerabilities
28 Sep 2017 USN-3398-1   graphite2 vulnerabilities
08 Sep 2017 CVE-2017-9805   Apache Struts Remote Code Execution
28 Aug 2017 USN-3392-2   Linux kernel (Xenial HWE) regression
21 Aug 2017 USN-3385-2   Linux kernel (Xenial HWE) vulnerabilities
14 Aug 2017 USN-3378-2   Linux kernel (Xenial HWE) vulnerabilities
14 Aug 2017 USN-3367-1   gdb vulnerabilities
14 Aug 2017 USN-3364-2   Linux kernel (Xenial HWE) vulnerabilities
14 Aug 2017 USN-3363-2   ImageMagick regression References
14 Aug 2017 USN-3363-1   ImageMagick vulnerabilities
14 Aug 2017 USN-3356-1   Expat vulnerability
14 Aug 2017 USN-3353-1   Heimdal vulnerability
14 Aug 2017 USN-3349-1   NTP vulnerabilities
14 Aug 2017 USN-3347-1   Libgcrypt vulnerabilities
14 Aug 2017 USN-3346-1   bind9 vulnerabilities
14 Aug 2017 USN-3344-2   Linux kernel (Xenial HWE) vulnerabilities
07 Aug 2017 CVE-2017-8037   Incomplete fix for Cloud Controller API access to CC VM contents
02 Aug 2017 CVE-2017-9022/CVE-2017-9023   strongSwan DOS Vulnerabilities
01 Aug 2017 CVE-2017-8038   Credentials readable from CredHub endpoint
25 Jul 2017 CVE-2017-8036   Cloud Controller API regression
25 Jul 2017 CVE-2017-8035   Cloud Controller API access to CC VM contents
25 Jul 2017 CVE-2017-8033   Cloud Controller API filesystem traversal vulnerability
24 Jul 2017 CVE-2017-8032   UAA Identity Zone Admin Privilege Escalation
05 Jul 2017 CVE-2017-7485   PostgreSQL vulnerabilities
26 Jun 2017 CVE-2017-5946   Directory Traversal in Rubyzip
26 Jun 2017 USN-3334-1   Linux kernel (Xenial HWE) vulnerabilities
26 Jun 2017 USN-3323-1   GNU C Library vulnerability
26 Jun 2017 USN-3318-1   GnuTLS vulnerabilities
26 Jun 2017 USN-3312-2   Linux kernel (Xenial HWE) vulnerabilities
26 Jun 2017 USN-3311-1   libnl vulnerability
26 Jun 2017 USN-3309-1   Libtasn1 vulnerability
26 Jun 2017 USN-3302-1   ImageMagick vulnerabilities
26 Jun 2017 USN-3212-2   LibTIFF regression
22 Jun 2017 USN-3304-1   Sudo vulnerability
08 Jun 2017 CVE-2017-4994   Forwarded Headers in UAA
08 Jun 2017 USN-3295-1   JasPer vulnerabilities
08 Jun 2017 USN-3294-1   Bash vulnerabilities
08 Jun 2017 USN-3291-3   Linux kernel (Xenial HWE) vulnerabilities
08 Jun 2017 USN-3287-1   Git vulnerability
08 Jun 2017 USN-3283-1   rtmpdump vulnerabilities
08 Jun 2017 USN-3282-1   FreeType vulnerabilities
08 Jun 2017 USN-3276-2   shadow regression
08 Jun 2017 USN-3263-1   FreeType vulnerability
08 Jun 2017 USN-3259-1   Bind vulnerabilities
08 Jun 2017 USN-3246-1   Eject vulnerability
08 Jun 2017 USN-3181-1   OpenSSL vulnerabilities
19 May 2017 CVE-2017-4992   Privilege escalation with user invitations
19 May 2017 CVE-2017-4991   UAA password reset vulnerability
02 May 2017 USN-3265-2   Linux kernel (Xenial HWE) vulnerabilities
01 May 2017 CVE-2017-4974   Blind SQL Injection with privileged UAA endpoints
20 Apr 2017 CVE-2015-3281   HAProxy vulnerabilities
20 Apr 2017 CVE-2017-4973   Privilege Escalation in UAA
20 Apr 2017 CVE-2017-4972   Blind SQL Injection in UAA
13 Apr 2017 CVE-2017-4969   Bug in CC allows users to exceed quotas
12 Apr 2017 USN-3256-2   Linux kernel (HWE) vulnerability
10 Apr 2017 CVE-2017-4970   Staticfile buildpack ignores basic authentication when misconfigured
06 Apr 2017 USN-3243-1   Git vulnerability
06 Apr 2017 USN-3241-1   audiofile vulnerabilities
06 Apr 2017 USN-3239-2   GNU C Library Regression
06 Apr 2017 USN-3237-1   FreeType vulnerability
06 Apr 2017 USN-3235-1   libxml2 vulnerabilities
06 Apr 2017 USN-3232-1   ImageMagick vulnerabilities
06 Apr 2017 USN-3227-1   ICU vulnerabilities
06 Apr 2017 USN-3225-1   libarchive vulnerabilities
06 Apr 2017 USN-3183-2   GnuTLS vulnerability
05 Apr 2017 CVE-2017-5649   Apache Geode privilege escalation vulnerability
04 Apr 2017 USN-3201-1   Bind vulnerabilities
04 Apr 2017 USN-3234-2   Linux kernel (Xenial HWE) vulnerabilities
04 Apr 2017 USN-3228-1   libevent vulnerabilities
04 Apr 2017 USN-3247-1   AppArmor vulnerability
04 Apr 2017 USN-3249-2   Linux kernel (Xenial HWE) vulnerability
31 Mar 2017 USN-3222-1   ImageMagick vulnerabilities
31 Mar 2017 USN-3213-1   GD library vulnerabilities
31 Mar 2017 USN-3212-1   LibTIFF vulnerabilities
31 Mar 2017 USN-3205-1   tcpdump vulnerabilities
31 Mar 2017 USN-3142-2   ImageMagick vulnerabilities
29 Mar 2017 CVE-2017-4963   Session Fixation for UAA External Authentication
17 Mar 2017 USN-3196-1   Multiple PHP vulnerabilities
17 Mar 2017 USN-3185-1   libXpm vulnerability
17 Mar 2017 USN-3193-1   Nettle vulnerability
17 Mar 2017 USN-3183-1   GnuTLS vulnerabilities
14 Mar 2017 USN-3189-2   Linux kernel (Xenial HWE) vulnerabilities
14 Mar 2017 CVE-2017-5638   Apache Struts Remote Code Execution
13 Mar 2017 USN-3220-2   Linux kernel (Xenial HWE) vulnerability
09 Mar 2017 CVE-2017-4960   UAA OAuth DOS via lockout feature
01 Mar 2017 USN-3208-2   Linux kernel (Xenial HWE) vulnerabilities
31 Jan 2017 USN-3172-1   Bind vulnerabilities
31 Jan 2017 USN-3169-2   Linux kernel (Xenial HWE) vulnerabilities
31 Jan 2017 USN-3161-2   Linux kernel (Xenial HWE) vulnerabilities
23 Jan 2017 CVE-2016-6660   Cloud Controller logs application environment variables
19 Jan 2017 USN-3024-1   tomcat6, tomcat7 vulnerabilities
12 Jan 2017 RunC Exec   RunC Exec Vulnerability
10 Jan 2017 CVE-2016-9882   Cloud Foundry Logs Service Credentials
29 Dec 2016 CVE-2016-3958 and CVE-2016-3959   Golang vulnerabilities
27 Dec 2016 USN-3146-2   Linux kernel (Xenial HWE) vulnerabilities
27 Dec 2016 USN-3128-2   Linux kernel (Xenial HWE) vulnerability
27 Dec 2016 USN-3142-1   ImageMagick vulnerabilities
19 Dec 2016 CVE-2016-8219   Space Auditor can restage apps
21 Dec 2016 Multiple CVEs   httpoxy vulnerabilities
20 Dec 2016 USN-3156-1   APT vulnerability
19 Dec 2016 USN-3131-1   ImageMagick vulnerabilities
19 Dec 2016 USN-3067-1   HarfBuzz vulnerabilities
19 Dec 2016 USN-3117-1   GD library vulnerabilities
14 Dec 2016 USN-3132-1   tar vulnerability
14 Dec 2016 USN-3134-1   Python vulnerabilities
14 Dec 2016 USN-3139-1   Vim vulnerability
14 Dec 2016 CVE-2016-6659   UAA Privilege Escalation
14 Dec 2016 USN-3116-1   DBus vulnerabilities
14 Dec 2016 USN-3119-1   Bind vulnerability
13 Dec 2016 USN-3123-1   curl vulnerabilities
13 Dec 2016 USN-3088-1   Bind vulnerability
09 Dec 2016 CVE-2016-8218   Unauthenticated JWT signing algorithm in routing
07 Dec 2016 USN-3151-2   Linux kernel (Xenial HWE) vulnerability
17 Nov 2016 CVE-2016-6663/CVE-2016-6664   MariaDB Root Privilege Escalation
17 Nov 2016 Several   PCRE vulnerabilities prior to version 8.39
07 Nov 2016 USN-3096-1   NTP vulnerabilities
07 Nov 2016 USN-3095-1   PHP vulnerabilities
02 Nov 2016 CVE-2016-6658   Incomplete fix for Credential Vulnerability for Custom Buildpacks
21 Oct 2016 CVE-2016-5195   Linux kernel vulnerability
17 Oct 2016 CVE-2016-6655   Utility Script Command Injection
17 Oct 2016 USN-3099-2   Linux kernel vulnerabilities
29 Sep 2016 CVE-2016-6653   MySQL Audit logs sent to Syslog
28 Sep 2016 USN-3087-2   OpenSSL Regression
28 Sep 2016 USN-3083-1   Linux kernel vulnerabilities
28 Sep 2016 USN-3068-1   Libidn vulnerabilities
28 Sep 2016 CVE-2016-6662   Multiple MySQL Vulnerabilities
28 Sep 2016 USN-3085-1   GDK-PixBuf vulnerabilities
26 Sep 2016 CVE-2016-6651   Privilege Escalation in UAA
26 Sep 2016 CVE-2016-6636   UAA Open Redirect Vulnerability for Subdomains
26 Sep 2016 CVE-2016-6637   UAA CSRF Vulnerability for OAuth Approvals
21 Sep 2016 CVE-2014-9130   LibYAML vulnerability
09 Sep 2016 CVE-2016-6639   PHP Buildpack exposes .profile file
09 Sep 2016 USN-3045-1   PHP vulnerabilities
25 Aug 2016 USN-3065-1   Libgcrypt vulnerability
25 Aug 2016 USN-3064-1   GnuPG vulnerability
25 Aug 2016 USN-3063-1   Fontconfig vulnerability
25 Aug 2016 USN-3061-1   OpenSSH vulnerability
25 Aug 2016 USN-3030-1/USN-3060-1   GD library vulnerability
25 Aug 2016 USN-3053-1/USN-3037-1   Linux kernel (Vivid HWE) vulnerability
25 Aug 2016 USN-3048-1   curl vulnerability
25 Aug 2016 USN-3033-1   libarchive vulnerability
18 Aug 2016 CVE-2016-5016   UAA accepts expired certificates
26 Jul 2016 CVE-2016-5006   Cloud Controller API logs user-provided service credentials
13 Jul 2016 USN-3010-1   Expat vulnerabilities
13 Jul 2016 CVE-2016-4450   Nginx Vulnerabilities
13 Jul 2016 USN-3012-1   Wget vulnerability
01 Jul 2016 USN-3020-1   Linux kernel (Vivid HWE) vulnerabilities
30 Jun 2016 CVE-2016-4468   UAA SQL Injection
15 Jun 2016 USN-3001-1   Linux kernel (Vivid HWE) vulnerabilities
13 Jun 2016 CVE-2016-4435   BOSH Agent Anonymous Endpoint
13 Jun 2016 USN-2994-1   libxml2 vulnerabilities
13 Jun 2016 USN-2991-1   nginx vulnerability
13 Jun 2016 USN-2990-1   ImageMagick vulnerability (a.k.a. ImageTragick)
13 Jun 2016 USN-2987-1   GD library vulnerabilities
13 Jun 2016 USN-2985-2   GNU C Library regression
13 Jun 2016 USN-2983-1   Expat vulnerability
13 Jun 2016 USN-2981-1   libarchive vulnerabilities
13 Jun 2016 USN-2966-1   OpenSSH vulnerabilities
13 Jun 2016 USN-2961-1   Little CMS vulnerability
08 Jun 2016 CVE-2013-7456   PHP vulnerabilities
03 Jun 2016 USN-2970-1   Linux kernel (Vivid HWE) vulnerabilities
23 May 2016 CVE-2016-3084   UAA Password Reset Vulnerability
19 May 2016 USN-2977-1   Linux kernel (Vivid HWE) vulnerabilities
17 May 2016 CVE-2016-3091   Diego log encoding vulnerability
06 May 2016 USN-2959-1   OpenSSL vulnerabilities
06 May 2016 USN-2957-1   Libtasn1 vulnerability
06 May 2016 USN-2949-1   Linux kernel (Vivid HWE) vulnerabilities
06 May 2016 USN-2943-1   PCRE vulnerabilities
06 May 2016 USN-2935-2   PAM regression
02 May 2016 CVE-2015-5170-5173   UAA Vulnerabilities
14 Apr 2016 Badlock bug   Samba and Windows Vulnerabilities
24 Mar 2016 USN-2939-1   LibTIFF vulnerabilities
24 Mar 2016 USN-2927-1   Graphite2 vulnerabilities
24 Mar 2016 USN-2925-1   Bind9 vulnerabilities
24 Mar 2016 USN-2919-1   JasPer vulnerabilities
24 Mar 2016 USN-2918-1   Pixman vulnerabilities
24 Mar 2016 USN-2916-1   Perl vulnerabilities
24 Mar 2016 USN-2914-1   OpenSSL vulnerabilities
24 Mar 2016 NPM Ownership Issue   Warning about NPM modules
24 Mar 2016 USN-2938-1   Git vulnerabilities
16 Mar 2016 USN-2932-1   Linux kernel vulnerabilities
02 Mar 2016 CVE-2016-0800   OpenSSL vulnerabilities
26 Feb 2016 USN-2910-1   Linux kernel vulnerability
26 Feb 2016 CVE-2016-0761   Docker Image Host Files Corruption
19 Feb 2016 USN-2900-1   GNU libc vulnerability
02 Feb 2016 CVE-2016-0732   Privilege Escalation
01 Feb 2016 CVE-2016-0713   Gorouter XSS
22 Jan 2016 USN-2871-1   Linux kernel vulnerability
20 Jan 2016 CVE-2016-0715   Remote Information Disclosure
19 Jan 2016 USN-2865-1   GnuTLS vulnerability
19 Jan 2016 USN-2861-1   libpng vulnerability
19 Jan 2016 USN-2868-1   DHCP vulnerability
19 Jan 2016 USN-2869-1   OpenSSH vulnerability
18 Jan 2016 CVE-2016-0708   Remote Information Disclosure
07 Jan 2016 USN-2857-1   Linux kernel vulnerability
07 Jan 2016 USN-2842-1/USN-2842-2   Linux kernel vulnerability
07 Jan 2016 USN-2837-1   bind9 vulnerability
07 Jan 2016 USN-2836-1   grub2 vulnerability
07 Jan 2016 USN-2835-1   git vulnerability
07 Jan 2016 USN-2834-1   libxml2 vulnerability
07 Jan 2016 USN-2830-1   OpenSSL vulnerability
07 Jan 2016 USN-2829-1   Linux kernel vulnerability
15 Dec 2015 CVE-2015-5350   Garden Nstar vulnerability
04 Dec 2015 USN-2821-1   GnuTLS vulnerability
04 Dec 2015 USN-2820-1   dpkg vulnerability
02 Dec 2015 USN-2815-1   PNG vulnerability
02 Dec 2015 USN-2812-1   libxml2 vulnerability
02 Dec 2015 USN-2810-1   Kerberos vulnerability
02 Dec 2015 USN-2787-1   audiofile vulnerability
24 Nov 2015 USN-2788-1/2788-2   unzip vulnerability
12 Nov 2015 USN-2798-1   Linux kernel vulnerability
12 Nov 2015 USN-2806-1   Linux kernel vulnerability
03 Nov 2015 USN-2778-1   Linux kernel vulnerabilities
03 Nov 2015 USN-2767-1   GDK-Pixbuf library vulnerability
07 Oct 2015 Golang   Golang 1.4.3 CVE Fixes
07 Oct 2015 USN-2722-1   GDK-PixBuf Vulnerabilities
07 Oct 2015 USN-2711-1   Net-SNMP Vulnerabilities
07 Oct 2015 USN-2739-1   FreeType Vulnerabilities
07 Oct 2015 USN-2740-1   ICU Vulnerabilities
07 Oct 2015 USN-2751-1   Linux Kernel (Vivid HWE) Vulnerability
07 Oct 2015 USN-2756-1   rpcbind Vulnerability
07 Oct 2015 USN-2765-1   Linux Kernel (Vivid HWE) Vulnerability
08 Sep 2015 USN-2710-1   OpenSSH Vulnerabilities
08 Sep 2015 USN-2698-1   SQLite Vulnerabilities
08 Sep 2015 USN-2694-1   PCRE Vulnerabilities
08 Sep 2015 USN-2718-1   Address Configuration Change Vulnerabilities
06 Aug 2015 USN-2696-1   OpenJDK 7 Vulnerabilities
29 Jul 2015 CVE-2015-3290   Linux Kernel NMI Vulnerability
10 Jul 2015 CVE-2015-1420   file_handle size verification
06 Jul 2015 CVE-2015-1330   Unattended-Upgrades Vulnerability
25 Jun 2015 CVE-2015-3189   Expire old reset password links
25 Jun 2015 CVE-2015-3190   Open redirect on Login
25 Jun 2015 CVE-2015-3191   CSRF attack on change email
12 Jun 2015 USN-2639-1   OpenSSL vulnerabilities
12 Jun 2015 CVE-2015-3636   ipv4 use-after-free
17 Jun 2015 CVE-2015-1328   overlayfs privilege escalation
09 Jun 2015 Redis LUA Sandbox   Redis LUA Exploit
22 May 2015 CVE-2015-1834   Path Traversal Vulnerability
22 May 2015 USN-2617-1   FUSE Vulnerability
30 Apr 2015 CVE-2015-1855   Ruby OpenSSL Hostname Verification
23 Mar 2015 CVE-2015-0282   Multiple GnuTLS Vulnerabilities
21 Mar 2015 USN-2537-1   OpenSSL vulnerabilities
13 Mar 2015 CVE-2014-8159   Linux Kernel Infiniband Vulnerability
09 Feb 2015 CVE-2014-0227   Apache Tomcat Request Smuggling
28 Jan 2015 CVE-2015-0235   GHOST
10 Sep 2014 CVE-2013-4444   Remote Code Execution in Apache Tomcat
16 Oct 2014 CVE-2014-3566   SSLV3 POODLE
29 Sep 2014 CVE-2014-7186   Bash Out-of Bonds
25 Sep 2014 CVE-2014-6271   Bash - ShellShock
19 Sep 2014 CVE-2014-5119   glib_gconv_translit_find() exploit
18 Aug 2014 CVE-2014-3153   Futex requeue exploit
05 Jun 2014 CVE-2014-0224   SSL/TLS MITM Vulnerability
10 Apr 2014 CVE-2014-0160   Heartbleed
Afficher tout



Thanks

Reports of vulnerabilities in VMware Tanzu products are listed in the credit section of the associated security announcement.