Pivotal Application Security Team
Overview
The Pivotal Application Security Team provides a single point of contact for the reporting of security vulnerabilities in Pivotal products and coordinates the process of investigating any reported vulnerabilities.
If you would like to subscribe to updates to this page, the RSS feed for all vulnerability reports is available at https://tanzu.vmware.com/security/rss or https://tanzu.vmware.com/security/parsed/rss. The RSS feed for just the notable vulnerabilities in dependences is available at https://tanzu.vmware.com/security/dependencies/rss and the RSS feed for just Pivotal product vulnerabilities is available at https://tanzu.vmware.com/security/pivotal/rss.
Reporting a vulnerability
We strongly encourage people to report security vulnerabilities privately to our security team before disclosing them in a public forum.
Please note that the e-mail address below should only be used for reporting undisclosed security vulnerabilities in Pivotal products and managing the process of fixing such vulnerabilities. We cannot accept regular bug reports or other security related queries at this address.
The e-mail address to use to contact the Pivotal Application Security Team is security@pivotal.io.
The fingerprint is: AA8F D966 7001 70B7 087E B407 04A1 595B 8F19 137B
It can be obtained from a public key server such as pgp.mit.edu.
Pivotal Product Vulnerability Reports
| Date | CVE Reference | Description | ||
| 01 juin 2020 | CVE-2020-5410 | Directory Traversal with spring-cloud-config-server | ||
| 26 mai 2020 | CVE-2019-15605 | Node.js is vulnerable to request smuggling | ||
| 13 mai 2020 | CVE-2020-5409 | Concourse Open Redirect in the /sky/login endpoint | ||
| 07 mai 2020 | CVE-2020-5408 | Dictionary attack with Spring Security queryable text encryptor | ||
| 07 mai 2020 | CVE-2020-5407 | Signature Wrapping Vulnerability with spring-security-saml2-service-provider | ||
| 14 avril 2020 | CVE-2020-5402 | UAA fails to check the state parameter when authenticating with external IDPs | ||
| 09 avril 2020 | CVE-2020-5406 | PCF Autoscaling logs its database credentials | ||
| 06 avril 2020 | CVE-2019-11282 | UAA is vulnerable to a Blind SCIM injection leading to information disclosure | ||
| 06 avril 2020 | CVE-2020-5400 | Cloud Controller logs environment variables from app manifests | ||
| 04 mars 2020 | CVE-2019-11290 | UAA logs query parameters in tomcat access file | ||
| 04 mars 2020 | VARIOUS-JACKSON-CVES-UAA | Various CVEs UAA consumes vulnerable versions of FasterXML jackson-databind | ||
| 03 mars 2020 | CVE-2019-11253 | PKS is vulnerable to a YAML/JSON parsing "Billion Laughs" Attack | ||
| 27 févr 2020 | CVE-2020-5404 | Authentication Leak On Redirect With Reactor Netty HttpClient | ||
| 27 févr 2020 | CVE-2020-5403 | DoS Via Malformed URL with Reactor Netty HTTP Server | ||
| 26 févr 2020 | CVE-2020-5405 | Directory Traversal with spring-cloud-config-server | ||
| 24 févr 2020 | CVE-2020-5401 | GoRouter is vulnerable to a cache poisoning DoS | ||
| 12 févr 2020 | CVE-2020-5399 | CredHub does not properly enable TLS for MySQL database connections | ||
| 11 févr 2020 | CVE-2019-19604 | Git submodule loading vulnerability | ||
| 16 janv 2020 | CVE-2020-5398 | RFD Attack via “Content-Disposition” Header Sourced from Request Input by Spring MVC or Spring WebFlux Application | ||
| 16 janv 2020 | CVE-2020-5397 | CSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFlux | ||
| 15 janv 2020 | CVE-2019-11288 | tc Server JMX Socket Listener Registry Rebinding Local Privilege Escalation | ||
| 10 janv 2020 | CVE-2019-18802 | CVE-2019-18801, CVE-2019-18838, MySQL for Pivotal Platform consumes a vulnerable version of Envoy | ||
| 08 janv 2020 | CVE-2019-11292 | Ops Manager logs query parameters in tomcat access file | ||
| 04 déc 2019 | CVE-2019-9517 | CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9518, CVE-2019-9511, CVE-2019-9516, Some Pivotal products are impacted by HTTP/2 denial of service attacks | ||
| 04 déc 2019 | CVE-2019-19029 | SQL Injection via user-groups in VMware Harbor Container Registry for Pivotal Platform | ||
| 04 déc 2019 | CVE-2019-19026 | SQL Injection via project quotas in VMware Harbor Container Registry for Pivotal Platform | ||
| 04 déc 2019 | CVE-2019-19025 | Cross-Site Request Forgery Vulnerability in VMware Harbor Container Registry for Pivotal Platform | ||
| 04 déc 2019 | CVE-2019-19023 | Privilege Escalation Vulnerability in VMware Harbor Container Registry for Pivotal Platform | ||
| 04 déc 2019 | CVE-2019-3990 | User Enumeration Flaw in VMware Harbor Container Registry for Pivotal Platform | ||
| 03 déc 2019 | CVE-2019-11293 | UAA logs all query parameters with debug logging level | ||
| 22 nov 2019 | CVE-2019-11287 | RabbitMQ Web Management Plugin DoS via heap overflow | ||
| 22 nov 2019 | CVE-2019-11291 | RabbitMQ XSS attack via federation and shovel endpoints | ||
| 18 nov 2019 | CVE-2019-11289 | A forged route service request using an invalid nonce can cause the gorouter to panic and crash | ||
| 06 nov 2019 | CVE-2019-9893 | libseccomp incorrectly generate 64-bit syscall argument comparisons | ||
| 28 oct 2019 | CVE-2019-16869 | Reactor Netty Consumes a Vulnerable Version of Netty | ||
| 24 oct 2019 | CVE-2019-11249 | PKS consumes a vulnerable version of kubectl | ||
| 23 oct 2019 | CVE-2019-11283 | Password leak in smbdriver logs | ||
| 17 oct 2019 | CVE-2019-16919 | Broken access control vulnerability in Harbor API | ||
| 15 oct 2019 | CVE-2019-11278 | Privilege Escalation via Blind SCIM Injection in UAA | ||
| 15 oct 2019 | CVE-2019-11279 | Privilege Escalation via Scope Manipulation in UAA | ||
| 15 oct 2019 | CVE-2019-11247 | Kubernetes API Server Vulnerability | ||
| 15 oct 2019 | CVE-2018-15664 | Docker Symlink Directory Traversal Vulnerability | ||
| 15 oct 2019 | CVE-2019-13139 | Docker build code execution | ||
| 14 oct 2019 | CVE-2019-11281 | RabbitMQ XSS attack | ||
| 11 oct 2019 | CVE-2019-11284 | Reactor Netty authentication leak in redirects | ||
| 25 sept 2019 | CVE-2019-11275 | CSV Injection in usage report downloaded from Pivotal Application Manager | ||
| 23 sept 2019 | CVE-2019-11277 | Volume Services is vulnerable to an LDAP injection attack | ||
| 19 sept 2019 | CVE-2019-11280 | Privilege escalation through the invitations service | ||
| 20 août 2019 | CVE-2019-3775 | UAA allows users to modify their own email address | ||
| 20 août 2019 | CVE-2019-3788 | UAA redirect-uri allows wildcards in the subdomain | ||
| 20 août 2018 | CVE-2019-3787 | UAA defaults email address to an insecure domain | ||
| 20 août 2019 | CVE-2019-10164 | Critical Security Issue in PostgreSQL | ||
| 19 août 2019 | CVE-2019-11276 | Apps Manager sends tokens to Spring apps via HTTP | ||
| 15 août 2019 | CVE-2017-15694 | Pivotal GemFire and Cloud Cache consume vulnerable versions of Apache Geode | ||
| 14 août 2019 | CVE-2019-13232 | ClamAV Add-on for PCF consumes a vulnerable version of ClamAV | ||
| 01 août 2019 | CVE-2019-11270 | UAA clients.write vulnerability | ||
| 25 juil 2019 | CVE-2019-3800 | CF CLI writes the client id and secret to config file | ||
| 25 juil 2019 | CVE-2019-3781 | CF CLI does not sanitize user's password in verbose/trace/debug | ||
| 23 juil 2019 | CVE-2019-11273 | PKS Telemetry logs credentials | ||
| 22 juil 2019 | VARIOUS-SQL | Various MySQL Security Updates from July 2018 through January 2019 | ||
| 22 juil 2019 | USN-4017-1 | Linux kernel vulnerabilities | ||
| 18 juil 2019 | CVE-2019-3786 | BBR could run arbitrary scripts on deployment VMs | ||
| 28 juin 2019 | CVE-2019-11271 | Bosh Deployment logs leak sensitive information | ||
| 19 juin 2019 | CVE-2019-11272 | PlaintextPasswordEncoder authenticates encoded passwords that are null | ||
| 30 mai 2019 | CVE-2019-5021 | Tile generator affected by insecure default password | ||
| 30 mai 2019 | CVE-2019-11269 | Open Redirector in spring-security-oauth2 | ||
| 24 mai 2019 | CVE-2019-3790 | Ops Manager uaa client issues tokens after refresh token expiration | ||
| 13 mai 2019 | CVE-2019-3802 | Additional information exposure with Spring Data JPA example matcher | ||
| 25 avril 2019 | CVE-2019-3801 | Java Projects using HTTP to fetch dependencies | ||
| 24 avril 2019 | CVE-2019-3798 | Escalation of Privileges in Cloud Controller | ||
| 24 avril 2019 | CVE-2019-3789 | Gorouter allows space developer to hijack route services hosted outside the platform | ||
| 16 avril 2019 | CVE-2019-3799 | Directory Traversal with spring-cloud-config-server | ||
| 12 avril 2019 | CVE-2019-3793 | Invitations Service supports HTTP connections | ||
| 08 avril 2019 | CVE-2019-3797 | Additional information exposure with Spring Data JPA derived queries | ||
| 04 avril 2019 | CVE-2019-3795 | Insecure Randomness When Using a SecureRandom Instance Constructed by Spring Security | ||
| 01 avril 2019 | CVE-2019-9946 | Kubernetes affecting certain network configurations with CNI | ||
| 01 avril 2019 | CVE-2019-1002100 | Kubernetes API Server Patch Request Consumes Excess Resource Cause Denial of Service | ||
| 01 avril 2019 | CVE-2019-1002101 | Kubernetes kubectl - potential directory traversal | ||
| 25 mars 2019 | CVE-2019-3792 | Concourse 5.0.0 SQL Injection vulnerability | ||
| 07 mars 2019 | CVE-2019-8331 | Bootstrap XSS | ||
| 28 févr 2019 | CVE-2018-15754 | UAA issues tokens across identity providers if users with matching usernames exist | ||
| 26 févr 2019 | CVE-2019-3777 | Apps Manager unverified SSL certs in Cloud Controller proxy | ||
| 21 févr 2019 | CVE-2019-3778 | Open Redirector in spring-security-oauth2 | ||
| 19 févr 2019 | CVE-2019-3776 | Reflected XSS in Pivotal Operations Manager | ||
| 14 févr 2019 | CVE-2019-3780 | Cloud Foundry Container Runtime Leaks IAAS Credentials | ||
| 14 févr 2019 | CVE-2019-3779 | Pivotal Container Service allows a user to bypass security policy when talking to ETCD | ||
| 14 janv 2019 | CVE-2019-3772 | XML External Entity Injection (XXE) | ||
| 14 janv 2019 | CVE-2019-3773 | XML External Entity Injection (XXE) | ||
| 14 janv 2019 | CVE-2019-3774 | XML External Entity Injection (XXE) | ||
| 08 janv 2019 | KUBERNETES-API-SERVER | Kubernetes API Server acts as proxy for internal and external IPs | ||
| 08 janv 2019 | CVE-2019-3803 | Concourse includes token in CLI authentication callback | ||
| 04 janv 2019 | CVE-2018-18264 | Kubernetes Dashboard TLS Certificate Leak | ||
| 18 déc 2018 | CVE-2018-15801 | Authorization Bypass During JWT Issuer Validation with spring-security | ||
| 13 déc 2018 | CVE-2018-15798 | Pivotal Concourse allows malicious redirect urls on login | ||
| 05 déc 2018 | CVE-2018-1279 | RabbitMQ cluster compromise due to deterministically generated cookie | ||
| 15 nov 2018 | CVE-2018-15759 | On Demand Services SDK Timing Attack Vulnerability | ||
| 09 nov 2018 | CVE-2018-15795 | CredHub Service Broker uses guessable client secret | ||
| 29 oct 2018 | CVE-2018-15762 | Pivotal Operations Manager gives all users heightened privileges | ||
| 16 oct 2018 | CVE-2018-15758 | Privilege Escalation in spring-security-oauth2 | ||
| 16 oct 2018 | CVE-2018-15756 | DoS Attack via Range Requests | ||
| 10 oct 2018 | CVE-2018-11084 | Garden-runC prevents deletion of some app environments | ||
| 10 oct 2018 | CVE-2018-15755 | CF networking internal policy server SQL injection | ||
| 03 oct 2018 | CVE-2018-11083 | BOSH accepts refresh token as access token | ||
| 02 oct 2018 | CVE-2018-15763 | PKS leaks IaaS credentials to application logs | ||
| 27 sept 2018 | CVE-2018-11081 | Ops Manager writes UAA credentials to disk | ||
| 13 sept 2018 | CVE-2018-1198 | PCC bosh deployment logs print a superuser password in plain text | ||
| 13 sept 2018 | CVE-2018-11088 | CF admin credentials accessible to developers through Applications Manager | ||
| 13 sept 2018 | CVE-2018-11086 | CF admin credentials accessible to developers through usage service | ||
| 11 sept 2018 | CVE-2018-11087 | RabbitMQ (Spring-AMQP) Host name verification | ||
| 23 juil 2018 | CVE-2018-11044 | Apps Manager allows unescaped content in invitation emails | ||
| 10 juil 2018 | CVE-2018-11045 | Operations Manager image contains static LRNG seed file | ||
| 20 juin 2018 | CVE-2018-11046 | Operations Manager includes outdated NGINX packages | ||
| 14 juin 2018 | CVE-2018-11040 | JSONP enabled by default in MappingJackson2JsonView | ||
| 14 juin 2018 | CVE-2018-11039 | Cross Site Tracing (XST) with Spring Framework | ||
| 11 mai 2018 | CVE-2018-1263 | Unsafe Unzip with spring-integration-zip | ||
| 10 mai 2018 | CVE-2018-1278 | Apps Manager allows unauthorized org invitations | ||
| 09 mai 2018 | CVE-2018-1261 | Unsafe Unzip with spring-integration-zip | ||
| 09 mai 2018 | CVE-2018-1260 | Remote Code Execution with spring-security-oauth2 | ||
| 09 mai 2018 | CVE-2018-1259 | XXE with Spring Data’s XMLBeam integration | ||
| 09 mai 2018 | CVE-2018-1258 | Unauthorized Access with Spring Security Method Security | ||
| 09 mai 2018 | CVE-2018-1257 | ReDoS Attack with spring-messaging | ||
| 07 mai 2018 | CVE-2018-1280 | Blind SQL injection in Pivotal Greenplum Command Center | ||
| 30 avril 2018 | CVE-2018-1256 | Issuer validation regression in Spring Cloud SSO Connector | ||
| 10 avril 2018 | CVE-2018-1274 | Denial of Service with Spring Data | ||
| 10 avril 2018 | CVE-2018-1273 | RCE with Spring Data Commons | ||
| 09 avril 2018 | CVE-2018-1275 | Address partial fix for CVE-2018-1270 | ||
| 05 avril 2018 | CVE-2018-1272 | Multipart Content Pollution with Spring Framework | ||
| 05 avril 2018 | CVE-2018-1271 | Directory Traversal with Spring MVC on Windows | ||
| 05 avril 2018 | CVE-2018-1270 | Remote Code Execution with spring-messaging | ||
| 16 mars 2018 | CVE-2018-1230 | Spring Batch Admin vulnerable to Cross Site Request Forgery | ||
| 16 mars 2018 | CVE-2018-1229 | Stored XSS in file upload of Spring Batch Admin | ||
| 13 févr 2018 | CVE-2018-1200 | Apps Manager File Access Vulnerability | ||
| 30 janv 2018 | CVE-2018-1196 | Symlink privilege escalation attack via Spring Boot launch script | ||
| 29 janv 2018 | CVE-2018-1199 | Security bypass with static resources | ||
| 16 oct 2017 | CVE-2017-8028 | Spring-LDAP authentication with userSearch and STARTTLS allows authentication with arbitrary password | ||
| 21 sept 2017 | CVE-2017-8046 | RCE in PATCH requests in Spring Data REST | ||
| 19 sept 2017 | CVE-2017-8045 | Remote code execution in spring-amqp | ||
| 15 sept 2017 | CVE-2017-8039 | Data Binding Expression Vulnerability in Spring Web Flow | ||
| 31 août 2017 | CVE-2017-8044 | XSS vulnerability in Single Sign-On for PCF via DOM-based query parameters | ||
| 31 août 2017 | CVE-2017-8041 | XSS vulnerability in org name in Single Sign-On for PCF | ||
| 31 août 2017 | CVE-2017-8040 | XXE Vulnerability in Single Sign-On for PCF | ||
| 08 juin 2017 | CVE-2017-4995 | Jackson Configuration Allows Code Execution with Unknown “Serialization Gadgets” | ||
| 31 mai 2017 | CVE-2017-4971 | Data Binding Expression Vulnerability in Spring Web Flow | ||
| 15 mai 2017 | CVE-2017-4975 | Tile generator sets open security groups | ||
| 04 mai 2017 | CVE-2017-4966 | RabbitMQ local storage of credentials | ||
| 04 mai 2017 | CVE-2017-4965 | XSS vulnerabilities in RabbitMQ management UI | ||
| 27 mars 2017 | CVE-2017-2773 | Unauthenticated JWT signing algorithm in multiple components | ||
| 24 mars 2017 | CVE-2017-4955 | Credentials in Elastic Runtime Notifications errand log | ||
| 14 févr 2017 | CVE-2017-4959 | Pivotal Cloud Foundry account authorization vulnerability | ||
| 09 févr 2017 | CVE-2016-9880 | Unauthenticated access to GemFire for PCF broker endpoints | ||
| 04 janv 2017 | CVE-2016-9885 | gfsh exposed over go router for GemFire for PCF | ||
| 28 déc 2016 | CVE-2016-9879 | Encoded "/" in path variables | ||
| 28 déc 2016 | CVE-2016-0898 | Service backups log AWS key | ||
| 21 déc 2016 | CVE-2016-9878 | Directory Traversal in the Spring Framework ResourceServlet | ||
| 19 déc 2016 | CVE-2016-9877 | RabbitMQ authentication vulnerability | ||
| 31 oct 2016 | CVE-2016-6657 | PCF Open Redirects | ||
| 31 oct 2016 | CVE-2016-6656 | Code injection vulnerability via GPHDFS in Greenplum database | ||
| 30 sept 2016 | CVE-2016-6652 | Spring Data JPA Blind SQL Injection Vulnerability | ||
| 12 sept 2016 | CVE-2016-0930 | Ops Manager Compilation VMs Vulnerability on vSphere and vCloud | ||
| 27 juil 2016 | CVE-2016-0896 | IaaS Metadata Endpoint Accessible from Application Containers | ||
| 15 juil 2016 | CVE-2016-0929 | RabbitMQ for PCF vulnerability | ||
| 07 juil 2016 | CVE-2016-5007 | Spring Security / MVC Path Matching Inconsistency | ||
| 07 juil 2016 | CVE-2016-0926 | Apps Manager XSS vulnerability | ||
| 05 juil 2016 | CVE-2016-4977 | Remote Code Execution (RCE) in Spring Security OAuth | ||
| 29 juin 2016 | CVE-2016-0928 | PCF Open Redirects | ||
| 24 juin 2016 | CVE-2016-0897 | Ops Manager vSphere and vCloud vulnerability | ||
| 23 juin 2016 | CVE-2016-0927 | Ops Manager XSS vulnerability | ||
| 11 avril 2016 | CVE-2016-2173 | Remote Code Execution in Spring AMQP | ||
| 23 mars 2016 | CVE-2016-0780 | Cloud Controller Disk Quota Enforcement | ||
| 23 mars 2016 | CVE-2016-2165 | Loggregator Request URL Paths | ||
| 23 mars 2016 | CVE-2016-0781 | UAA Persistent XSS Vulnerability | ||
| 03 févr 2016 | CVE-2016-0883 | Pivotal Ops Manager Weak Authentication Scheme | ||
| 12 nov 2015 | CVE-2015-5258 | Spring Social CSRF | ||
| 15 oct 2015 | CVE-2015-5211 | RFD Attack in Spring Framework | ||
| 30 juin 2015 | CVE-2015-3192 | DoS Attack with XML Input | ||
| 06 mars 2015 | CVE-2015-0201 | Insufficiently random session id in Java SockJS client | ||
| 13 janv 2015 | CVE-2014-3626 | Directory Traversal in Grails Resources Plugin | ||
| 11 nov 2014 | CVE-2014-3625 | Directory Traversal in Spring Framework | ||
| 05 sept 2014 | CVE-2014-3578 | Directory Traversal in Spring Framework | ||
| 15 août 2014 | CVE-2014-3527 | Access Control Bypass in Spring Security | ||
| 28 mai 2014 | CVE-2014-0225 | Information Disclosure when using Spring MVC | ||
| 11 mars 2014 | CVE-2014-1904 | XSS when using Spring MVC | ||
| 11 mars 2014 | CVE-2014-0097 | Blank password may bypass user authentication | ||
| 11 mars 2014 | CVE-2014-0054 | Incomplete fix for CVE-2013-7315 / CVE-2013-6429 (XXE) | ||
| 19 févr 2014 | CVE-2014-0053 | Information Disclosure when using Grails | ||
| 14 janv 2014 | CVE-2013-6430 | Possible XSS when using Spring MVC | ||
| 14 janv 2014 | CVE-2013-6429 | Incomplete fix for CVE-2013-7315 (XXE) | ||
| 22 août 2013 | CVE-2013-7315 | XML External Entity (XXE) injection in Spring Framework | ||
| 22 août 2013 | CVE-2013-4152 | XML eXternal Entity (XXE) injection in Spring Framework |
Notable Vulnerabilities in Dependencies[1]
| Date | CVE Reference | Description | ||
| 14 mai 2020 | USN-4318-1 | Linux kernel vulnerabilities | ||
| 23 avril 2020 | USN-4305-1 | ICU vulnerability | ||
| 23 avril 2020 | USN-4302-1 | Linux kernel vulnerabilities | ||
| 23 avril 2020 | USN-4298-1 | SQLite vulnerabilities | ||
| 08 avril 2020 | USN-4292-1 | rsync vulnerabilities | ||
| 02 mars 2020 | USN-4293-1 | libarchive vulnerabilities | ||
| 18 févr 2020 | USN-4287-1 | Linux kernel vulnerabilities | ||
| 10 févr 2020 | USN-4274-1 | libxml2 vulnerabilities | ||
| 05 févr 2020 | USN-4269-1 | systemd vulnerabilities | ||
| 03 févr 2020 | USN-4263-1 | Sudo vulnerability | ||
| 28 janv 2020 | USN-4256-1 | Cyrus SASL vulnerability | ||
| 28 janv 2020 | USN-4255-2 | Linux kernel (HWE) vulnerabilities | ||
| 27 janv 2020 | USN-4252-1 | tcpdump vulnerabilities | ||
| 23 janv 2020 | USN-4249-1 | e2fsprogs vulnerability | ||
| 23 janv 2020 | USN-4233-2 | GnuTLS update | ||
| 22 janv 2020 | USN-4247-2 | python-apt regression | ||
| 22 janv 2020 | USN-4247-1 | python-apt vulnerabilities | ||
| 22 janv 2020 | USN-4246-1 | zlib vulnerabilities | ||
| 20 janv 2020 | USN-4243-1 | libbsd vulnerabilities | ||
| 20 janv 2020 | USN-4242-1 | Sysstat vulnerabilities | ||
| 19 janv 2020 | CVE-2020-0601 | Windows Stemcells vulnerable to Windows CryptoAPI Spoofing Vulnerability | ||
| 15 janv 2020 | USN-4220-1 | Git vulnerabilities | ||
| 15 janv 2020 | USN-4215-1 | NSS vulnerability | ||
| 15 janv 2020 | USN-4210-1 | Linux kernel vulnerabilities | ||
| 15 janv 2020 | USN-4205-1 | SQLite vulnerabilities | ||
| 15 janv 2020 | USN-4182-3 | Intel Microcode regression | ||
| 14 janv 2020 | USN-4236-2 | Libgcrypt vulnerability | ||
| 13 janv 2020 | USN-4235-1 | nginx vulnerability | ||
| 09 janv 2020 | USN-4233-1 | GnuTLS update | ||
| 08 janv 2020 | USN-4231-1 | NSS vulnerability | ||
| 07 janv 2020 | USN-4227-1 | Linux kernel vulnerabilities | ||
| 18 déc 2019 | USN-4203-1 | NSS vulnerability | ||
| 18 déc 2019 | USN-4199-1 | libvpx vulnerabilities | ||
| 18 déc 2019 | USN-4194-1 | postgresql-common vulnerability | ||
| 18 déc 2019 | USN-4191-1 | QEMU vulnerabilities | ||
| 18 déc 2019 | USN-4190-1 | libjpeg-turbo vulnerabilities | ||
| 18 déc 2019 | USN-4185-3 | Linux kernel vulnerability and regression | ||
| 18 déc 2019 | USN-4185-1 | Linux kernel vulnerabilities | ||
| 18 déc 2019 | USN-4182-1 | Intel Microcode update | ||
| 18 déc 2019 | USN-4176-1 | GNU cpio vulnerability | ||
| 18 déc 2019 | USN-4172-1 | file vulnerability | ||
| 18 déc 2019 | USN-4169-1 | libarchive vulnerability | ||
| 18 déc 2019 | USN-4164-1 | Libxslt vulnerabilities | ||
| 18 déc 2019 | USN-4162-1 | Linux kernel vulnerabilities | ||
| 11 déc 2019 | USN-4221-1 | libpcap vulnerability | ||
| 25 nov 2019 | CVE-2019-15587 | Ops Manager contains a vulnerable Loofah gem | ||
| 14 nov 2019 | USN-3885-2 | OpenSSH vulnerability | ||
| 14 nov 2019 | USN-4040-1 | Expat vulnerability | ||
| 14 nov 2019 | USN-4038-1 | bzip2 vulnerabilities | ||
| 14 nov 2019 | USN-4019-1 | SQLite vulnerabilities | ||
| 14 nov 2019 | USN-4016-1 | Vim vulnerabilities | ||
| 14 nov 2019 | USN-4015-1 | DBus vulnerability | ||
| 14 nov 2019 | USN-4012-1 | elfutils vulnerabilities | ||
| 14 nov 2019 | USN-4011-1 | Jinja2 vulnerabilities | ||
| 14 nov 2019 | USN-4008-2 | AppArmor update | ||
| 14 nov 2019 | USN-4004-1 | Berkeley DB vulnerability | ||
| 14 nov 2019 | USN-3999-1 | GnuTLS vulnerabilities | ||
| 14 nov 2019 | USN-3993-1 | curl vulnerabilities | ||
| 14 nov 2019 | USN-3990-1 | urllib3 vulnerabilities | ||
| 14 nov 2019 | USN-3968-1 | Sudo vulnerabilities | ||
| 14 nov 2019 | USN-3967-1 | FFmpeg vulnerabilities | ||
| 14 nov 2019 | USN-3911-1 | file vulnerabilities | ||
| 06 nov 2019 | USN-4151-1 | Python vulnerabilities | ||
| 06 nov 2019 | USN-4144-1 | Linux kernel vulnerabilities | ||
| 06 nov 2019 | USN-4142-1 | e2fsprogs vulnerability | ||
| 06 nov 2019 | USN-4132-1 | Expat vulnerability | ||
| 06 nov 2019 | USN-4129-1 | curl vulnerabilities | ||
| 06 nov 2019 | USN-4127-1 | Python vulnerabilities | ||
| 06 nov 2019 | USN-4126-1 | FreeType vulnerability | ||
| 30 sept 2019 | USN-4135-1 | Linux kernel vulnerabilities | ||
| 30 sept 2019 | USN-4115-2 | Linux kernel regression | ||
| 30 sept 2019 | USN-4115-1 | Linux kernel vulnerabilities | ||
| 30 sept 2019 | USN-4094-1 | Linux kernel vulnerabilities | ||
| 30 sept 2019 | USN-4071-1 | Patch vulnerabilities | ||
| 30 sept 2019 | USN-4049-3 | GLib regression | ||
| 24 sept 2019 | CVE-2019-16097 | Harbor Privilege Escalation | ||
| 05 sept 2019 | USN-4099-1 | nginx vulnerabilities | ||
| 05 sept 2019 | USN-4090-1 | PostgreSQL vulnerabilities | ||
| 05 sept 2019 | USN-4068-2 | Linux kernel (HWE) vulnerabilities | ||
| 05 sept 2019 | USN-4060-1 | NSS vulnerabilities | ||
| 05 sept 2019 | USN-4058-1 | Bash vulnerability | ||
| 05 sept 2019 | USN-4049-1 | GLib vulnerability | ||
| 05 sept 2019 | USN-4038-3 | bzip2 regression | ||
| 06 août 2019 | USN-4041-1 | Linux kernel update | ||
| 05 août 2019 | USN-4014-1 | GLib vulnerability | ||
| 05 août 2019 | USN-4001-1 | libseccomp vulnerability | ||
| 05 août 2019 | USN-3977-3 | Intel Microcode update (AKA ZombieLoad Attack) | ||
| 19 juin 2019 | USN-3981-2 | Linux kernel (HWE) vulnerabilities (AKA ZombieLoad Attack) | ||
| 19 juin 2019 | USN-3977-2 | Intel Microcode update (AKA ZombieLoad Attack) | ||
| 19 juin 2019 | USN-3977-1 | Intel Microcode update (AKA ZombieLoad Attack) | ||
| 21 mai 2019 | USN-3972-1 | PostgreSQL vulnerabilities | ||
| 21 mai 2019 | USN-3962-1 | libpng vulnerability | ||
| 21 mai 2019 | USN-3960-1 | WavPack vulnerability | ||
| 21 mai 2019 | USN-3947-1 | Libxslt vulnerability | ||
| 21 mai 2019 | USN-3943-1 | Wget vulnerabilities | ||
| 21 mai 2019 | USN-3932-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 21 mai 2019 | USN-3931-2 | Linux kernel (HWE) vulnerabilities | ||
| 08 mai 2019 | USN-3935-1 | BusyBox vulnerabilities | ||
| 25 avril 2019 | USN-3945-1 | Ruby vulnerabilities | ||
| 25 avril 2019 | USN-3910-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 25 avril 2019 | USN-3906-1 | LibTIFF vulnerabilities | ||
| 25 avril 2019 | USN-3901-2 | Linux kernel (HWE) vulnerabilities | ||
| 25 avril 2019 | USN-3900-1 | GD vulnerabilities | ||
| 25 avril 2019 | USN-3899-1 | OpenSSL vulnerability | ||
| 25 avril 2019 | USN-3898-1 | NSS vulnerability | ||
| 25 avril 2019 | USN-3891-1 | systemd vulnerability | ||
| 25 avril 2019 | USN-3885-1 | OpenSSH vulnerabilities | ||
| 25 avril 2019 | USN-3884-1 | libarchive vulnerabilities | ||
| 25 avril 2019 | USN-3882-1 | curl vulnerabilities | ||
| 25 avril 2019 | USN-3879-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 25 avril 2019 | USN-3871-4 | Linux kernel (HWE) vulnerabilities | ||
| 25 avril 2019 | USN-3864-1 | LibTIFF vulnerabilities | ||
| 25 avril 2019 | USN-3859-1 | libarchive vulnerabilities | ||
| 25 avril 2019 | USN-3848-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 25 avril 2019 | USN-3847-2 | Linux kernel (HWE) vulnerabilities | ||
| 25 avril 2019 | USN-3840-1 | OpenSSL vulnerabilities | ||
| 25 avril 2019 | USN-3834-1 | Perl vulnerabilities | ||
| 25 avril 2019 | USN-3816-3 | systemd regression | ||
| 25 avril 2019 | USN-3855-1 | systemd vulnerabilities | ||
| 25 avril 2019 | USN-3863-1 | APT vulnerability | ||
| 13 févr 2019 | CVE-2019-5736 | runC container breakout | ||
| 06 févr 2019 | USN-3836-2 | Linux kernel (HWE) vulnerabilities | ||
| 06 févr 2019 | USN-3841-1 | lxml vulnerability | ||
| 06 févr 2019 | USN-3850-1 | NSS vulnerabilities | ||
| 03 janv 2019 | USN-3843-1 | pixman vulnerability | ||
| 03 janv 2019 | USN-3816-2 | systemd vulnerability | ||
| 03 janv 2019 | USN-3839-1 | WavPack vulnerabilities | ||
| 03 janv 2019 | USN-3829-1 | Git vulnerabilities | ||
| 14 déc 2018 | USN-3805-1 | curl vulnerabilities | ||
| 14 déc 2018 | USN-3809-1 | OpenSSH vulnerabilities | ||
| 14 déc 2018 | USN-3812-1 | nginx vulnerabilities | ||
| 14 déc 2018 | USN-3815-1 | gettext vulnerability | ||
| 14 déc 2018 | USN-3817-1 | Python vulnerabilities | ||
| 14 déc 2018 | USN-3821-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 12 déc 2018 | USN-3820-2 | Linux kernel (HWE) vulnerabilities | ||
| 12 déc 2018 | USN-3816-1 | systemd vulnerabilities | ||
| 12 déc 2018 | USN-3806-1 | systemd vulnerability | ||
| 12 déc 2018 | USN-3808-1 | Ruby vulnerabilities | ||
| 03 déc 2018 | CVE-2018-15797 | NFS Volume release errand leaks cf admin credentials in logs | ||
| 03 déc 2018 | CVE-2018-1002105 | Proxy request handling in kube-apiserver can leave vulnerable TCP connections | ||
| 28 nov 2018 | USN-3797-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 08 nov 2018 | USN-3800-1 | audiofile vulnerabilities | ||
| 08 nov 2018 | USN-3791-1 | Git vulnerability | ||
| 08 nov 2018 | USN-3786-1 | libxkbcommon vulnerabilities | ||
| 08 nov 2018 | USN-3785-1 | ImageMagick vulnerabilities | ||
| 06 nov 2018 | CVE-2018-15761 | UAA Privilege Escalation | ||
| 26 oct 2018 | USN-3790-1 | Requests vulnerability | ||
| 26 oct 2018 | USN-3777-2 | Linux kernel (HWE) vulnerabilities | ||
| 26 oct 2018 | USN-3762-2 | Linux kernel (HWE) vulnerabilities | ||
| 09 oct 2018 | USN-3752-2 | Linux kernel (HWE) vulnerabilities | ||
| 09 oct 2018 | USN-3765-1 | curl vulnerability | ||
| 09 oct 2018 | USN-3767-1 | GLib vulnerabilities | ||
| 09 oct 2018 | USN-3770-1 | Little CMS vulnerabilities | ||
| 27 sept 2018 | USN-3759-1 | libtirpc vulnerabilities | ||
| 27 sept 2018 | USN-3758-1 | libx11 vulnerabilities | ||
| 27 sept 2018 | USN-3756-1 | Intel Microcode vulnerabilities | ||
| 27 sept 2018 | USN-3755-1 | GD vulnerabilities | ||
| 27 sept 2018 | USN-3753-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 27 sept 2018 | USN-3744-1 | PostgreSQL vulnerabilities | ||
| 27 sept 2018 | USN-3741-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 27 sept 2018 | USN-3739-1 | libxml2 vulnerabilities | ||
| 27 sept 2018 | USN-3736-1 | libarchive vulnerabilities | ||
| 27 sept 2018 | USN-3733-1 | GnuPG vulnerability | ||
| 27 sept 2018 | USN-3729-1 | libxcursor vulnerability | ||
| 27 sept 2018 | USN-3712-1 | libpng vulnerabilities | ||
| 27 sept 2018 | USN-3696-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 27 sept 2018 | USN-3692-1 | OpenSSL vulnerabilities | ||
| 27 sept 2018 | USN-3690-2 | AMD Microcode regression | ||
| 27 sept 2018 | USN-3690-1 | AMD Microcode update | ||
| 27 sept 2018 | USN-3689-1 | Libgcrypt vulnerability | ||
| 27 sept 2018 | USN-3605-1 | Sharutils vulnerability | ||
| 27 sept 2018 | USN-3589-1 | PostgreSQL vulnerability | ||
| 27 sept 2018 | USN-3564-1 | PostgreSQL vulnerability | ||
| 27 sept 2018 | USN-3532-1 | GDK-PixBuf vulnerabilities | ||
| 27 sept 2018 | USN-3509-4 | Linux kernel (Xenial HWE) regression | ||
| 27 sept 2018 | USN-3352-1 | nginx vulnerability | ||
| 09 août 2018 | CVE-2018-8037 | Apache Tomcat - NIO/NIO2 connectors user sessions can get mixed up | ||
| 09 août 2018 | CVE-2018-1336 | Apache Tomcat - UTF-8 decoder can lead to DoS | ||
| 02 août 2018 | USN-3711-1 | ImageMagick vulnerabilities | ||
| 02 août 2018 | USN-3707-1 | NTP vulnerabilities | ||
| 02 août 2018 | USN-3706-1 | libjpeg-turbo vulnerabilities | ||
| 23 juil 2018 | CVE-2018-11047 | UAA accepts refresh token as access token on admin endpoints | ||
| 20 juil 2018 | USN-3693-1 | JasPer vulnerabilities | ||
| 20 juil 2018 | USN-3686-1 | file vulnerabilities | ||
| 20 juil 2018 | USN-3684-1 | Perl vulnerability | ||
| 20 juil 2018 | USN-3681-1 | ImageMagick vulnerabilities | ||
| 20 juil 2018 | USN-3676-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 20 juil 2018 | USN-3675-1 | GnuPG vulnerabilities | ||
| 20 juil 2018 | USN-3658-1 | procps-ng vulnerabilities | ||
| 17 juil 2018 | CVE-2018-11041 | UAA open redirect | ||
| 16 juil 2018 | CVE-2018-1269 | Loggregator does not properly close some TCP connections | ||
| 16 juil 2018 | CVE-2018-1268 | Loggregator lacks app GUID validation | ||
| 19 juin 2018 | CVE-2018-1265 | Diego does not properly sanitize file paths in tar/zip files | ||
| 21 juin 2018 | USN-3671-1 | Git vulnerabilities | ||
| 21 juin 2018 | USN-3654-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 21 juin 2018 | USN-3648-1 | curl vulnerabilities | ||
| 14 juin 2018 | USN-3643-1 | Wget vulnerability | ||
| 14 juin 2018 | USN-3641-1 | Linux kernel vulnerabilities | ||
| 14 juin 2018 | USN-3631-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 14 juin 2018 | USN-3628-1 | OpenSSL vulnerability | ||
| 14 juin 2018 | USN-3625-1 | Perl vulnerabilities | ||
| 14 juin 2018 | USN-3624-1 | Patch vulnerabilities | ||
| 14 juin 2018 | USN-3622-1 | Wayland vulnerability | ||
| 21 mai 2018 | CVE-2018-1277 | Garden does not correctly enforce Docker image disc quotas | ||
| 21 mai 2018 | CVE-2018-1276 | Windows2012R2 stemcell exposes IaaS metadata on vSphere | ||
| 10 mai 2018 | MS-ISAC-2018-046 | MS-ISAC 2018-046 Multiple Vulnerabilities in PHP | ||
| 08 mai 2018 | CVE-2018-1191 | Garden may log Docker passwords | ||
| 02 mai 2018 | USN-3619-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 02 mai 2018 | USN-3611-1 | OpenSSL vulnerability | ||
| 02 mai 2018 | USN-3610-1 | ICU vulnerability | ||
| 02 mai 2018 | USN-3606-1 | LibTIFF vulnerabilities | ||
| 02 mai 2018 | USN-3604-1 | libvorbis vulnerabilities | ||
| 02 mai 2018 | USN-3602-1 | LibTIFF vulnerabilities | ||
| 02 mai 2018 | USN-3598-1 | curl vulnerabilities | ||
| 02 mai 2018 | USN-3586-1 | DHCP vulnerabilities | ||
| 02 mai 2018 | USN-3584-1 | sensible-utils vulnerability | ||
| 02 mai 2018 | USN-3569-1 | libvorbis vulnerabilities | ||
| 02 mai 2018 | USN-3554-1 | curl vulnerabilities | ||
| 02 mai 2018 | USN-3547-1 | Libtasn1 vulnerabilities | ||
| 02 mai 2018 | USN-3543-1 | rsync vulnerabilities | ||
| 02 mai 2018 | USN-3534-1 | GNU C Library vulnerabilities | ||
| 02 mai 2018 | USN-3506-1 | rsync vulnerabilities | ||
| 02 mai 2018 | USN-3501-1 | libxcursor vulnerability | ||
| 02 mai 2018 | USN-3346-2 | Bind regression | ||
| 30 avril 2018 | CVE-2018-1197 | GCP Metadata Endpoint Accessible from Application Containers on Windows | ||
| 05 avril 2018 | CVE-2018-1266 | Cloud Controller file modification via malicious application | ||
| 05 avril 2018 | CVE-2018-1231 | BOSH CLI does not restrict access to configuration file | ||
| 03 avril 2018 | USN-3582-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 28 mars 2018 | CVE-2018-1195 | Cloud Controller API will accept a refresh token for authentication | ||
| 28 mars 2018 | CVE-2018-1192 | UAA SessionID present in Audit Event Logs | ||
| 28 mars 2018 | CVE-2018-1190 | XSS on UAA OpenID Connect check session iframe endpoint | ||
| 09 mars 2018 | CVE-2018-1227 | Concourse-dot-ci Domain Issue | ||
| 27 févr 2018 | VU475445 | VU#475445 SAML Authentication Bypass | ||
| 27 févr 2018 | CVE-2018-1221 | Gorouter websocket handling vulnerability | ||
| 01 févr 2018 | USN-3540-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 01 févr 2018 | USN-3538-1 | OpenSSH vulnerabilities | ||
| 01 févr 2018 | USN-3535-1 | Bind vulnerability | ||
| 01 févr 2018 | USN-3522-4 | Linux (Xenial HWE) vulnerability | ||
| 01 févr 2018 | USN-3522-2 | Linux (Xenial HWE) vulnerability | ||
| 01 févr 2018 | USN-3513-1 | libxml2 vulnerability | ||
| 01 févr 2018 | USN-3504-1 | libxml2 vulnerability | ||
| 03 janv 2018 | Meltdown and Spectre Attacks | Meltdown and Spectre Attacks | ||
| 19 déc 2017 | CVE-2017-1000353 | Jenkins unauthenticated remote code execution | ||
| 15 déc 2017 | USN-3509-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 15 déc 2017 | USN-3505-1 | Linux firmware vulnerabilities | ||
| 15 déc 2017 | USN-3498-1 | curl vulnerabilities | ||
| 15 déc 2017 | USN-3496-3 | Python vulnerability | ||
| 15 déc 2017 | USN-3496-1 | Python vulnerability | ||
| 15 déc 2017 | USN-3489-1 | Berkeley DB vulnerability | ||
| 15 déc 2017 | USN-3485-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 15 déc 2017 | USN-3478-1 | Perl vulnerabilities | ||
| 15 déc 2017 | USN-3475-1 | OpenSSL vulnerabilities | ||
| 15 déc 2017 | USN-3469-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 15 déc 2017 | USN-3464-1 | Wget vulnerabilities | ||
| 15 déc 2017 | USN-3458-1 | ICU vulnerability | ||
| 15 déc 2017 | USN-3457-1 | curl vulnerability | ||
| 21 nov 2017 | USN-3454-1 | libffi vulnerability | ||
| 21 nov 2017 | USN-3444-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 21 nov 2017 | USN-3441-1 | curl vulnerabilities | ||
| 21 nov 2017 | USN-3437-1 | OCaml vulnerability | ||
| 21 nov 2017 | USN-3434-1 | Libidn vulnerability | ||
| 21 nov 2017 | USN-3432-1 | ca-certificates update | ||
| 21 nov 2017 | USN-3424-1 | libxml2 vulnerabilities | ||
| 21 nov 2017 | USN-3387-1 | Git vulnerability | ||
| 16 nov 2017 | CVE-2017-8031 | UAA Denial of Service through client token revocation endpoint | ||
| 15 nov 2017 | CVE-2017-14388 | GrootFS doesn’t validate DiffIDs | ||
| 11 oct 2017 | CVE-2017-8048 | Cloud Controller API regression | ||
| 10 oct 2017 | CVE-2017-8047 | Cloud Foundry router open redirect | ||
| 28 sept 2017 | USN-3420-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 28 sept 2017 | USN-3418-1 | GDK-PixBuf vulnerabilities | ||
| 28 sept 2017 | USN-3415-1 | tcpdump vulnerabilities | ||
| 28 sept 2017 | USN-3411-1 | Bazaar vulnerability | ||
| 28 sept 2017 | USN-3410-1 | GD library vulnerability | ||
| 28 sept 2017 | USN-3405-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 28 sept 2017 | USN-3398-1 | graphite2 vulnerabilities | ||
| 08 sept 2017 | CVE-2017-9805 | Apache Struts Remote Code Execution | ||
| 28 août 2017 | USN-3392-2 | Linux kernel (Xenial HWE) regression | ||
| 21 août 2017 | USN-3385-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 14 août 2017 | USN-3378-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 14 août 2017 | USN-3367-1 | gdb vulnerabilities | ||
| 14 août 2017 | USN-3364-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 14 août 2017 | USN-3363-2 | ImageMagick regression References | ||
| 14 août 2017 | USN-3363-1 | ImageMagick vulnerabilities | ||
| 14 août 2017 | USN-3356-1 | Expat vulnerability | ||
| 14 août 2017 | USN-3353-1 | Heimdal vulnerability | ||
| 14 août 2017 | USN-3349-1 | NTP vulnerabilities | ||
| 14 août 2017 | USN-3347-1 | Libgcrypt vulnerabilities | ||
| 14 août 2017 | USN-3346-1 | bind9 vulnerabilities | ||
| 14 août 2017 | USN-3344-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 07 août 2017 | CVE-2017-8037 | Incomplete fix for Cloud Controller API access to CC VM contents | ||
| 02 août 2017 | CVE-2017-9022/CVE-2017-9023 | strongSwan DOS Vulnerabilities | ||
| 01 août 2017 | CVE-2017-8038 | Credentials readable from CredHub endpoint | ||
| 25 juil 2017 | CVE-2017-8036 | Cloud Controller API regression | ||
| 25 juil 2017 | CVE-2017-8035 | Cloud Controller API access to CC VM contents | ||
| 25 juil 2017 | CVE-2017-8033 | Cloud Controller API filesystem traversal vulnerability | ||
| 24 juil 2017 | CVE-2017-8032 | UAA Identity Zone Admin Privilege Escalation | ||
| 05 juil 2017 | CVE-2017-7485 | PostgreSQL vulnerabilities | ||
| 26 juin 2017 | CVE-2017-5946 | Directory Traversal in Rubyzip | ||
| 26 juin 2017 | USN-3334-1 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 26 juin 2017 | USN-3323-1 | GNU C Library vulnerability | ||
| 26 juin 2017 | USN-3318-1 | GnuTLS vulnerabilities | ||
| 26 juin 2017 | USN-3312-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 26 juin 2017 | USN-3311-1 | libnl vulnerability | ||
| 26 juin 2017 | USN-3309-1 | Libtasn1 vulnerability | ||
| 26 juin 2017 | USN-3302-1 | ImageMagick vulnerabilities | ||
| 26 juin 2017 | USN-3212-2 | LibTIFF regression | ||
| 22 juin 2017 | USN-3304-1 | Sudo vulnerability | ||
| 08 juin 2017 | CVE-2017-4994 | Forwarded Headers in UAA | ||
| 08 juin 2017 | USN-3295-1 | JasPer vulnerabilities | ||
| 08 juin 2017 | USN-3294-1 | Bash vulnerabilities | ||
| 08 juin 2017 | USN-3291-3 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 08 juin 2017 | USN-3287-1 | Git vulnerability | ||
| 08 juin 2017 | USN-3283-1 | rtmpdump vulnerabilities | ||
| 08 juin 2017 | USN-3282-1 | FreeType vulnerabilities | ||
| 08 juin 2017 | USN-3276-2 | shadow regression | ||
| 08 juin 2017 | USN-3263-1 | FreeType vulnerability | ||
| 08 juin 2017 | USN-3259-1 | Bind vulnerabilities | ||
| 08 juin 2017 | USN-3246-1 | Eject vulnerability | ||
| 08 juin 2017 | USN-3181-1 | OpenSSL vulnerabilities | ||
| 19 mai 2017 | CVE-2017-4992 | Privilege escalation with user invitations | ||
| 19 mai 2017 | CVE-2017-4991 | UAA password reset vulnerability | ||
| 02 mai 2017 | USN-3265-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 01 mai 2017 | CVE-2017-4974 | Blind SQL Injection with privileged UAA endpoints | ||
| 20 avril 2017 | CVE-2015-3281 | HAProxy vulnerabilities | ||
| 20 avril 2017 | CVE-2017-4973 | Privilege Escalation in UAA | ||
| 20 avril 2017 | CVE-2017-4972 | Blind SQL Injection in UAA | ||
| 13 avril 2017 | CVE-2017-4969 | Bug in CC allows users to exceed quotas | ||
| 12 avril 2017 | USN-3256-2 | Linux kernel (HWE) vulnerability | ||
| 10 avril 2017 | CVE-2017-4970 | Staticfile buildpack ignores basic authentication when misconfigured | ||
| 06 avril 2017 | USN-3243-1 | Git vulnerability | ||
| 06 avril 2017 | USN-3241-1 | audiofile vulnerabilities | ||
| 06 avril 2017 | USN-3239-2 | GNU C Library Regression | ||
| 06 avril 2017 | USN-3237-1 | FreeType vulnerability | ||
| 06 avril 2017 | USN-3235-1 | libxml2 vulnerabilities | ||
| 06 avril 2017 | USN-3232-1 | ImageMagick vulnerabilities | ||
| 06 avril 2017 | USN-3227-1 | ICU vulnerabilities | ||
| 06 avril 2017 | USN-3225-1 | libarchive vulnerabilities | ||
| 06 avril 2017 | USN-3183-2 | GnuTLS vulnerability | ||
| 05 avril 2017 | CVE-2017-5649 | Apache Geode privilege escalation vulnerability | ||
| 04 avril 2017 | USN-3201-1 | Bind vulnerabilities | ||
| 04 avril 2017 | USN-3234-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 04 avril 2017 | USN-3228-1 | libevent vulnerabilities | ||
| 04 avril 2017 | USN-3247-1 | AppArmor vulnerability | ||
| 04 avril 2017 | USN-3249-2 | Linux kernel (Xenial HWE) vulnerability | ||
| 31 mars 2017 | USN-3222-1 | ImageMagick vulnerabilities | ||
| 31 mars 2017 | USN-3213-1 | GD library vulnerabilities | ||
| 31 mars 2017 | USN-3212-1 | LibTIFF vulnerabilities | ||
| 31 mars 2017 | USN-3205-1 | tcpdump vulnerabilities | ||
| 31 mars 2017 | USN-3142-2 | ImageMagick vulnerabilities | ||
| 29 mars 2017 | CVE-2017-4963 | Session Fixation for UAA External Authentication | ||
| 17 mars 2017 | USN-3196-1 | Multiple PHP vulnerabilities | ||
| 17 mars 2017 | USN-3185-1 | libXpm vulnerability | ||
| 17 mars 2017 | USN-3193-1 | Nettle vulnerability | ||
| 17 mars 2017 | USN-3183-1 | GnuTLS vulnerabilities | ||
| 14 mars 2017 | USN-3189-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 14 mars 2017 | CVE-2017-5638 | Apache Struts Remote Code Execution | ||
| 13 mars 2017 | USN-3220-2 | Linux kernel (Xenial HWE) vulnerability | ||
| 09 mars 2017 | CVE-2017-4960 | UAA OAuth DOS via lockout feature | ||
| 01 mars 2017 | USN-3208-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 31 janv 2017 | USN-3172-1 | Bind vulnerabilities | ||
| 31 janv 2017 | USN-3169-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 31 janv 2017 | USN-3161-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 23 janv 2017 | CVE-2016-6660 | Cloud Controller logs application environment variables | ||
| 19 janv 2017 | USN-3024-1 | tomcat6, tomcat7 vulnerabilities | ||
| 12 janv 2017 | RunC Exec | RunC Exec Vulnerability | ||
| 10 janv 2017 | CVE-2016-9882 | Cloud Foundry Logs Service Credentials | ||
| 29 déc 2016 | CVE-2016-3958 and CVE-2016-3959 | Golang vulnerabilities | ||
| 27 déc 2016 | USN-3146-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 27 déc 2016 | USN-3128-2 | Linux kernel (Xenial HWE) vulnerability | ||
| 27 déc 2016 | USN-3142-1 | ImageMagick vulnerabilities | ||
| 19 déc 2016 | CVE-2016-8219 | Space Auditor can restage apps | ||
| 21 déc 2016 | Multiple CVEs | httpoxy vulnerabilities | ||
| 20 déc 2016 | USN-3156-1 | APT vulnerability | ||
| 19 déc 2016 | USN-3131-1 | ImageMagick vulnerabilities | ||
| 19 déc 2016 | USN-3067-1 | HarfBuzz vulnerabilities | ||
| 19 déc 2016 | USN-3117-1 | GD library vulnerabilities | ||
| 14 déc 2016 | USN-3132-1 | tar vulnerability | ||
| 14 déc 2016 | USN-3134-1 | Python vulnerabilities | ||
| 14 déc 2016 | USN-3139-1 | Vim vulnerability | ||
| 14 déc 2016 | CVE-2016-6659 | UAA Privilege Escalation | ||
| 14 déc 2016 | USN-3116-1 | DBus vulnerabilities | ||
| 14 déc 2016 | USN-3119-1 | Bind vulnerability | ||
| 13 déc 2016 | USN-3123-1 | curl vulnerabilities | ||
| 13 déc 2016 | USN-3088-1 | Bind vulnerability | ||
| 09 déc 2016 | CVE-2016-8218 | Unauthenticated JWT signing algorithm in routing | ||
| 07 déc 2016 | USN-3151-2 | Linux kernel (Xenial HWE) vulnerability | ||
| 17 nov 2016 | CVE-2016-6663/CVE-2016-6664 | MariaDB Root Privilege Escalation | ||
| 17 nov 2016 | Several | PCRE vulnerabilities prior to version 8.39 | ||
| 07 nov 2016 | USN-3096-1 | NTP vulnerabilities | ||
| 07 nov 2016 | USN-3095-1 | PHP vulnerabilities | ||
| 02 nov 2016 | CVE-2016-6658 | Incomplete fix for Credential Vulnerability for Custom Buildpacks | ||
| 21 oct 2016 | CVE-2016-5195 | Linux kernel vulnerability | ||
| 17 oct 2016 | CVE-2016-6655 | Utility Script Command Injection | ||
| 17 oct 2016 | USN-3099-2 | Linux kernel vulnerabilities | ||
| 29 sept 2016 | CVE-2016-6653 | MySQL Audit logs sent to Syslog | ||
| 28 sept 2016 | USN-3087-2 | OpenSSL Regression | ||
| 28 sept 2016 | USN-3083-1 | Linux kernel vulnerabilities | ||
| 28 sept 2016 | USN-3068-1 | Libidn vulnerabilities | ||
| 28 sept 2016 | CVE-2016-6662 | Multiple MySQL Vulnerabilities | ||
| 28 sept 2016 | USN-3085-1 | GDK-PixBuf vulnerabilities | ||
| 26 sept 2016 | CVE-2016-6651 | Privilege Escalation in UAA | ||
| 26 sept 2016 | CVE-2016-6636 | UAA Open Redirect Vulnerability for Subdomains | ||
| 26 sept 2016 | CVE-2016-6637 | UAA CSRF Vulnerability for OAuth Approvals | ||
| 21 sept 2016 | CVE-2014-9130 | LibYAML vulnerability | ||
| 09 sept 2016 | CVE-2016-6639 | PHP Buildpack exposes .profile file | ||
| 09 sept 2016 | USN-3045-1 | PHP vulnerabilities | ||
| 25 août 2016 | USN-3065-1 | Libgcrypt vulnerability | ||
| 25 août 2016 | USN-3064-1 | GnuPG vulnerability | ||
| 25 août 2016 | USN-3063-1 | Fontconfig vulnerability | ||
| 25 août 2016 | USN-3061-1 | OpenSSH vulnerability | ||
| 25 août 2016 | USN-3030-1/USN-3060-1 | GD library vulnerability | ||
| 25 août 2016 | USN-3053-1/USN-3037-1 | Linux kernel (Vivid HWE) vulnerability | ||
| 25 août 2016 | USN-3048-1 | curl vulnerability | ||
| 25 août 2016 | USN-3033-1 | libarchive vulnerability | ||
| 18 août 2016 | CVE-2016-5016 | UAA accepts expired certificates | ||
| 26 juil 2016 | CVE-2016-5006 | Cloud Controller API logs user-provided service credentials | ||
| 13 juil 2016 | USN-3010-1 | Expat vulnerabilities | ||
| 13 juil 2016 | CVE-2016-4450 | Nginx Vulnerabilities | ||
| 13 juil 2016 | USN-3012-1 | Wget vulnerability | ||
| 01 juil 2016 | USN-3020-1 | Linux kernel (Vivid HWE) vulnerabilities | ||
| 30 juin 2016 | CVE-2016-4468 | UAA SQL Injection | ||
| 15 juin 2016 | USN-3001-1 | Linux kernel (Vivid HWE) vulnerabilities | ||
| 13 juin 2016 | CVE-2016-4435 | BOSH Agent Anonymous Endpoint | ||
| 13 juin 2016 | USN-2994-1 | libxml2 vulnerabilities | ||
| 13 juin 2016 | USN-2991-1 | nginx vulnerability | ||
| 13 juin 2016 | USN-2990-1 | ImageMagick vulnerability (a.k.a. ImageTragick) | ||
| 13 juin 2016 | USN-2987-1 | GD library vulnerabilities | ||
| 13 juin 2016 | USN-2985-2 | GNU C Library regression | ||
| 13 juin 2016 | USN-2983-1 | Expat vulnerability | ||
| 13 juin 2016 | USN-2981-1 | libarchive vulnerabilities | ||
| 13 juin 2016 | USN-2966-1 | OpenSSH vulnerabilities | ||
| 13 juin 2016 | USN-2961-1 | Little CMS vulnerability | ||
| 08 juin 2016 | CVE-2013-7456 | PHP vulnerabilities | ||
| 03 juin 2016 | USN-2970-1 | Linux kernel (Vivid HWE) vulnerabilities | ||
| 23 mai 2016 | CVE-2016-3084 | UAA Password Reset Vulnerability | ||
| 19 mai 2016 | USN-2977-1 | Linux kernel (Vivid HWE) vulnerabilities | ||
| 17 mai 2016 | CVE-2016-3091 | Diego log encoding vulnerability | ||
| 06 mai 2016 | USN-2959-1 | OpenSSL vulnerabilities | ||
| 06 mai 2016 | USN-2957-1 | Libtasn1 vulnerability | ||
| 06 mai 2016 | USN-2949-1 | Linux kernel (Vivid HWE) vulnerabilities | ||
| 06 mai 2016 | USN-2943-1 | PCRE vulnerabilities | ||
| 06 mai 2016 | USN-2935-2 | PAM regression | ||
| 02 mai 2016 | CVE-2015-5170-5173 | UAA Vulnerabilities | ||
| 14 avril 2016 | Badlock bug | Samba and Windows Vulnerabilities | ||
| 24 mars 2016 | USN-2939-1 | LibTIFF vulnerabilities | ||
| 24 mars 2016 | USN-2927-1 | Graphite2 vulnerabilities | ||
| 24 mars 2016 | USN-2925-1 | Bind9 vulnerabilities | ||
| 24 mars 2016 | USN-2919-1 | JasPer vulnerabilities | ||
| 24 mars 2016 | USN-2918-1 | Pixman vulnerabilities | ||
| 24 mars 2016 | USN-2916-1 | Perl vulnerabilities | ||
| 24 mars 2016 | USN-2914-1 | OpenSSL vulnerabilities | ||
| 24 mars 2016 | NPM Ownership Issue | Warning about NPM modules | ||
| 24 mars 2016 | USN-2938-1 | Git vulnerabilities | ||
| 16 mars 2016 | USN-2932-1 | Linux kernel vulnerabilities | ||
| 02 mars 2016 | CVE-2016-0800 | OpenSSL vulnerabilities | ||
| 26 févr 2016 | USN-2910-1 | Linux kernel vulnerability | ||
| 26 févr 2016 | CVE-2016-0761 | Docker Image Host Files Corruption | ||
| 19 févr 2016 | USN-2900-1 | GNU libc vulnerability | ||
| 02 févr 2016 | CVE-2016-0732 | Privilege Escalation | ||
| 01 févr 2016 | CVE-2016-0713 | Gorouter XSS | ||
| 22 janv 2016 | USN-2871-1 | Linux kernel vulnerability | ||
| 20 janv 2016 | CVE-2016-0715 | Remote Information Disclosure | ||
| 19 janv 2016 | USN-2865-1 | GnuTLS vulnerability | ||
| 19 janv 2016 | USN-2861-1 | libpng vulnerability | ||
| 19 janv 2016 | USN-2868-1 | DHCP vulnerability | ||
| 19 janv 2016 | USN-2869-1 | OpenSSH vulnerability | ||
| 18 janv 2016 | CVE-2016-0708 | Remote Information Disclosure | ||
| 07 janv 2016 | USN-2857-1 | Linux kernel vulnerability | ||
| 07 janv 2016 | USN-2842-1/USN-2842-2 | Linux kernel vulnerability | ||
| 07 janv 2016 | USN-2837-1 | bind9 vulnerability | ||
| 07 janv 2016 | USN-2836-1 | grub2 vulnerability | ||
| 07 janv 2016 | USN-2835-1 | git vulnerability | ||
| 07 janv 2016 | USN-2834-1 | libxml2 vulnerability | ||
| 07 janv 2016 | USN-2830-1 | OpenSSL vulnerability | ||
| 07 janv 2016 | USN-2829-1 | Linux kernel vulnerability | ||
| 15 déc 2015 | CVE-2015-5350 | Garden Nstar vulnerability | ||
| 04 déc 2015 | USN-2821-1 | GnuTLS vulnerability | ||
| 04 déc 2015 | USN-2820-1 | dpkg vulnerability | ||
| 02 déc 2015 | USN-2815-1 | PNG vulnerability | ||
| 02 déc 2015 | USN-2812-1 | libxml2 vulnerability | ||
| 02 déc 2015 | USN-2810-1 | Kerberos vulnerability | ||
| 02 déc 2015 | USN-2787-1 | audiofile vulnerability | ||
| 24 nov 2015 | USN-2788-1/2788-2 | unzip vulnerability | ||
| 12 nov 2015 | USN-2798-1 | Linux kernel vulnerability | ||
| 12 nov 2015 | USN-2806-1 | Linux kernel vulnerability | ||
| 03 nov 2015 | USN-2778-1 | Linux kernel vulnerabilities | ||
| 03 nov 2015 | USN-2767-1 | GDK-Pixbuf library vulnerability | ||
| 07 oct 2015 | Golang | Golang 1.4.3 CVE Fixes | ||
| 07 oct 2015 | USN-2722-1 | GDK-PixBuf Vulnerabilities | ||
| 07 oct 2015 | USN-2711-1 | Net-SNMP Vulnerabilities | ||
| 07 oct 2015 | USN-2739-1 | FreeType Vulnerabilities | ||
| 07 oct 2015 | USN-2740-1 | ICU Vulnerabilities | ||
| 07 oct 2015 | USN-2751-1 | Linux Kernel (Vivid HWE) Vulnerability | ||
| 07 oct 2015 | USN-2756-1 | rpcbind Vulnerability | ||
| 07 oct 2015 | USN-2765-1 | Linux Kernel (Vivid HWE) Vulnerability | ||
| 08 sept 2015 | USN-2710-1 | OpenSSH Vulnerabilities | ||
| 08 sept 2015 | USN-2698-1 | SQLite Vulnerabilities | ||
| 08 sept 2015 | USN-2694-1 | PCRE Vulnerabilities | ||
| 08 sept 2015 | USN-2718-1 | Address Configuration Change Vulnerabilities | ||
| 06 août 2015 | USN-2696-1 | OpenJDK 7 Vulnerabilities | ||
| 29 juil 2015 | CVE-2015-3290 | Linux Kernel NMI Vulnerability | ||
| 10 juil 2015 | CVE-2015-1420 | file_handle size verification | ||
| 06 juil 2015 | CVE-2015-1330 | Unattended-Upgrades Vulnerability | ||
| 25 juin 2015 | CVE-2015-3189 | Expire old reset password links | ||
| 25 juin 2015 | CVE-2015-3190 | Open redirect on Login | ||
| 25 juin 2015 | CVE-2015-3191 | CSRF attack on change email | ||
| 12 juin 2015 | USN-2639-1 | OpenSSL vulnerabilities | ||
| 12 juin 2015 | CVE-2015-3636 | ipv4 use-after-free | ||
| 17 juin 2015 | CVE-2015-1328 | overlayfs privilege escalation | ||
| 09 juin 2015 | Redis LUA Sandbox | Redis LUA Exploit | ||
| 22 mai 2015 | CVE-2015-1834 | Path Traversal Vulnerability | ||
| 22 mai 2015 | USN-2617-1 | FUSE Vulnerability | ||
| 30 avril 2015 | CVE-2015-1855 | Ruby OpenSSL Hostname Verification | ||
| 23 mars 2015 | CVE-2015-0282 | Multiple GnuTLS Vulnerabilities | ||
| 21 mars 2015 | USN-2537-1 | OpenSSL vulnerabilities | ||
| 13 mars 2015 | CVE-2014-8159 | Linux Kernel Infiniband Vulnerability | ||
| 09 févr 2015 | CVE-2014-0227 | Apache Tomcat Request Smuggling | ||
| 28 janv 2015 | CVE-2015-0235 | GHOST | ||
| 10 sept 2014 | CVE-2013-4444 | Remote Code Execution in Apache Tomcat | ||
| 16 oct 2014 | CVE-2014-3566 | SSLV3 POODLE | ||
| 29 sept 2014 | CVE-2014-7186 | Bash Out-of Bonds | ||
| 25 sept 2014 | CVE-2014-6271 | Bash - ShellShock | ||
| 19 sept 2014 | CVE-2014-5119 | glib_gconv_translit_find() exploit | ||
| 18 août 2014 | CVE-2014-3153 | Futex requeue exploit | ||
| 05 juin 2014 | CVE-2014-0224 | SSL/TLS MITM Vulnerability | ||
| 10 avril 2014 | CVE-2014-0160 | Heartbleed |
[1] This table is not yet a complete list of vulnerabilities in dependencies. Formulating such a list is an extensive undertaking which Pivotal is addressing systematically. When this table becomes a complete and comprehensive list, we will remove this footnote.
Thanks
Note: Reports of vulnerabilities in Pivotal products are listed in the credit section of the associated security announcement.