Pivotal Labs
Pivotal Application Security Team
Overview
The Pivotal Application Security Team provides a single point of contact for the reporting of security vulnerabilities in Pivotal products and coordinates the process of investigating any reported vulnerabilities.
If you would like to subscribe to updates to this page, the RSS feed for all vulnerability reports is available at https://tanzu.vmware.com/security/rss or https://tanzu.vmware.com/security/parsed/rss. The RSS feed for just the notable vulnerabilities in dependences is available at https://tanzu.vmware.com/security/dependencies/rss and the RSS feed for just Pivotal product vulnerabilities is available at https://tanzu.vmware.com/security/pivotal/rss.
Reporting a vulnerability
We strongly encourage people to report security vulnerabilities privately to our security team before disclosing them in a public forum.
Please note that the e-mail address below should only be used for reporting undisclosed security vulnerabilities in Pivotal products and managing the process of fixing such vulnerabilities. We cannot accept regular bug reports or other security related queries at this address.
The e-mail address to use to contact the Pivotal Application Security Team is security@pivotal.io.
The fingerprint is: AA8F D966 7001 70B7 087E B407 04A1 595B 8F19 137B
It can be obtained from a public key server such as pgp.mit.edu.
Pivotal Product Vulnerability Reports
| Date | CVE Reference | Description | ||
| 04 Mar 2020 | CVE-2019-11290 | UAA logs query parameters in tomcat access file | ||
| 04 Mar 2020 | VARIOUS-JACKSON-CVES-UAA | Various CVEs UAA consumes vulnerable versions of FasterXML jackson-databind | ||
| 03 Mar 2020 | CVE-2019-11253 | PKS is vulnerable to a YAML/JSON parsing "Billion Laughs" Attack | ||
| 27 Feb 2020 | CVE-2020-5404 | Authentication Leak On Redirect With Reactor Netty HttpClient | ||
| 27 Feb 2020 | CVE-2020-5403 | DoS Via Malformed URL with Reactor Netty HTTP Server | ||
| 26 Feb 2020 | CVE-2020-5405 | Directory Traversal with spring-cloud-config-server | ||
| 24 Feb 2020 | CVE-2020-5401 | GoRouter is vulnerable to a cache poisoning DoS | ||
| 12 Feb 2020 | CVE-2020-5399 | CredHub does not properly enable TLS for MySQL database connections | ||
| 11 Feb 2020 | CVE-2019-19604 | Git submodule loading vulnerability | ||
| 16 Gen 2020 | CVE-2020-5398 | RFD Attack via “Content-Disposition” Header Sourced from Request Input by Spring MVC or Spring WebFlux Application | ||
| 16 Gen 2020 | CVE-2020-5397 | CSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFlux | ||
| 15 Gen 2020 | CVE-2019-11288 | tc Server JMX Socket Listener Registry Rebinding Local Privilege Escalation | ||
| 10 Gen 2020 | CVE-2019-18802 | CVE-2019-18801, CVE-2019-18838, MySQL for Pivotal Platform consumes a vulnerable version of Envoy | ||
| 08 Gen 2020 | CVE-2019-11292 | Ops Manager logs query parameters in tomcat access file | ||
| 04 Dic 2019 | CVE-2019-9517 | CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9518, CVE-2019-9511, CVE-2019-9516, Some Pivotal products are impacted by HTTP/2 denial of service attacks | ||
| 04 Dic 2019 | CVE-2019-19029 | SQL Injection via user-groups in VMware Harbor Container Registry for Pivotal Platform | ||
| 04 Dic 2019 | CVE-2019-19026 | SQL Injection via project quotas in VMware Harbor Container Registry for Pivotal Platform | ||
| 04 Dic 2019 | CVE-2019-19025 | Cross-Site Request Forgery Vulnerability in VMware Harbor Container Registry for Pivotal Platform | ||
| 04 Dic 2019 | CVE-2019-19023 | Privilege Escalation Vulnerability in VMware Harbor Container Registry for Pivotal Platform | ||
| 04 Dic 2019 | CVE-2019-3990 | User Enumeration Flaw in VMware Harbor Container Registry for Pivotal Platform | ||
| 03 Dic 2019 | CVE-2019-11293 | UAA logs all query parameters with debug logging level | ||
| 22 Nov 2019 | CVE-2019-11287 | RabbitMQ Web Management Plugin DoS via heap overflow | ||
| 22 Nov 2019 | CVE-2019-11291 | RabbitMQ XSS attack via federation and shovel endpoints | ||
| 18 Nov 2019 | CVE-2019-11289 | A forged route service request using an invalid nonce can cause the gorouter to panic and crash | ||
| 06 Nov 2019 | CVE-2019-9893 | libseccomp incorrectly generate 64-bit syscall argument comparisons | ||
| 28 Ott 2019 | CVE-2019-16869 | Reactor Netty Consumes a Vulnerable Version of Netty | ||
| 24 Ott 2019 | CVE-2019-11249 | PKS consumes a vulnerable version of kubectl | ||
| 23 Ott 2019 | CVE-2019-11283 | Password leak in smbdriver logs | ||
| 17 Ott 2019 | CVE-2019-16919 | Broken access control vulnerability in Harbor API | ||
| 15 Ott 2019 | CVE-2019-11278 | Privilege Escalation via Blind SCIM Injection in UAA | ||
| 15 Ott 2019 | CVE-2019-11279 | Privilege Escalation via Scope Manipulation in UAA | ||
| 15 Ott 2019 | CVE-2019-11247 | Kubernetes API Server Vulnerability | ||
| 15 Ott 2019 | CVE-2018-15664 | Docker Symlink Directory Traversal Vulnerability | ||
| 15 Ott 2019 | CVE-2019-13139 | Docker build code execution | ||
| 14 Ott 2019 | CVE-2019-11281 | RabbitMQ XSS attack | ||
| 11 Ott 2019 | CVE-2019-11284 | Reactor Netty authentication leak in redirects | ||
| 25 Set 2019 | CVE-2019-11275 | CSV Injection in usage report downloaded from Pivotal Application Manager | ||
| 23 Set 2019 | CVE-2019-11277 | Volume Services is vulnerable to an LDAP injection attack | ||
| 19 Set 2019 | CVE-2019-11280 | Privilege escalation through the invitations service | ||
| 20 Ago 2019 | CVE-2019-3775 | UAA allows users to modify their own email address | ||
| 20 Ago 2019 | CVE-2019-3788 | UAA redirect-uri allows wildcards in the subdomain | ||
| 20 Ago 2018 | CVE-2019-3787 | UAA defaults email address to an insecure domain | ||
| 20 Ago 2019 | CVE-2019-10164 | Critical Security Issue in PostgreSQL | ||
| 19 Ago 2019 | CVE-2019-11276 | Apps Manager sends tokens to Spring apps via HTTP | ||
| 15 Ago 2019 | CVE-2017-15694 | Pivotal GemFire and Cloud Cache consume vulnerable versions of Apache Geode | ||
| 14 Ago 2019 | CVE-2019-13232 | ClamAV Add-on for PCF consumes a vulnerable version of ClamAV | ||
| 01 Ago 2019 | CVE-2019-11270 | UAA clients.write vulnerability | ||
| 25 Lug 2019 | CVE-2019-3800 | CF CLI writes the client id and secret to config file | ||
| 25 Lug 2019 | CVE-2019-3781 | CF CLI does not sanitize user's password in verbose/trace/debug | ||
| 23 Lug 2019 | CVE-2019-11273 | PKS Telemetry logs credentials | ||
| 22 Lug 2019 | VARIOUS-SQL | Various MySQL Security Updates from July 2018 through January 2019 | ||
| 22 Lug 2019 | USN-4017-1 | Linux kernel vulnerabilities | ||
| 18 Lug 2019 | CVE-2019-3786 | BBR could run arbitrary scripts on deployment VMs | ||
| 28 Giu 2019 | CVE-2019-11271 | Bosh Deployment logs leak sensitive information | ||
| 19 Giu 2019 | CVE-2019-11272 | PlaintextPasswordEncoder authenticates encoded passwords that are null | ||
| 30 Mag 2019 | CVE-2019-5021 | Tile generator affected by insecure default password | ||
| 30 Mag 2019 | CVE-2019-11269 | Open Redirector in spring-security-oauth2 | ||
| 24 Mag 2019 | CVE-2019-3790 | Ops Manager uaa client issues tokens after refresh token expiration | ||
| 13 Mag 2019 | CVE-2019-3802 | Additional information exposure with Spring Data JPA example matcher | ||
| 25 Apr 2019 | CVE-2019-3801 | Java Projects using HTTP to fetch dependencies | ||
| 24 Apr 2019 | CVE-2019-3798 | Escalation of Privileges in Cloud Controller | ||
| 24 Apr 2019 | CVE-2019-3789 | Gorouter allows space developer to hijack route services hosted outside the platform | ||
| 16 Apr 2019 | CVE-2019-3799 | Directory Traversal with spring-cloud-config-server | ||
| 12 Apr 2019 | CVE-2019-3793 | Invitations Service supports HTTP connections | ||
| 08 Apr 2019 | CVE-2019-3797 | Additional information exposure with Spring Data JPA derived queries | ||
| 04 Apr 2019 | CVE-2019-3795 | Insecure Randomness When Using a SecureRandom Instance Constructed by Spring Security | ||
| 01 Apr 2019 | CVE-2019-9946 | Kubernetes affecting certain network configurations with CNI | ||
| 01 Apr 2019 | CVE-2019-1002100 | Kubernetes API Server Patch Request Consumes Excess Resource Cause Denial of Service | ||
| 01 Apr 2019 | CVE-2019-1002101 | Kubernetes kubectl - potential directory traversal | ||
| 25 Mar 2019 | CVE-2019-3792 | Concourse 5.0.0 SQL Injection vulnerability | ||
| 07 Mar 2019 | CVE-2019-8331 | Bootstrap XSS | ||
| 28 Feb 2019 | CVE-2018-15754 | UAA issues tokens across identity providers if users with matching usernames exist | ||
| 26 Feb 2019 | CVE-2019-3777 | Apps Manager unverified SSL certs in Cloud Controller proxy | ||
| 21 Feb 2019 | CVE-2019-3778 | Open Redirector in spring-security-oauth2 | ||
| 19 Feb 2019 | CVE-2019-3776 | Reflected XSS in Pivotal Operations Manager | ||
| 14 Feb 2019 | CVE-2019-3780 | Cloud Foundry Container Runtime Leaks IAAS Credentials | ||
| 14 Feb 2019 | CVE-2019-3779 | Pivotal Container Service allows a user to bypass security policy when talking to ETCD | ||
| 14 Gen 2019 | CVE-2019-3772 | XML External Entity Injection (XXE) | ||
| 14 Gen 2019 | CVE-2019-3773 | XML External Entity Injection (XXE) | ||
| 14 Gen 2019 | CVE-2019-3774 | XML External Entity Injection (XXE) | ||
| 08 Gen 2019 | KUBERNETES-API-SERVER | Kubernetes API Server acts as proxy for internal and external IPs | ||
| 08 Gen 2019 | CVE-2019-3803 | Concourse includes token in CLI authentication callback | ||
| 04 Gen 2019 | CVE-2018-18264 | Kubernetes Dashboard TLS Certificate Leak | ||
| 18 Dic 2018 | CVE-2018-15801 | Authorization Bypass During JWT Issuer Validation with spring-security | ||
| 13 Dic 2018 | CVE-2018-15798 | Pivotal Concourse allows malicious redirect urls on login | ||
| 05 Dic 2018 | CVE-2018-1279 | RabbitMQ cluster compromise due to deterministically generated cookie | ||
| 15 Nov 2018 | CVE-2018-15759 | On Demand Services SDK Timing Attack Vulnerability | ||
| 09 Nov 2018 | CVE-2018-15795 | CredHub Service Broker uses guessable client secret | ||
| 29 Ott 2018 | CVE-2018-15762 | Pivotal Operations Manager gives all users heightened privileges | ||
| 16 Ott 2018 | CVE-2018-15758 | Privilege Escalation in spring-security-oauth2 | ||
| 16 Ott 2018 | CVE-2018-15756 | DoS Attack via Range Requests | ||
| 10 Ott 2018 | CVE-2018-11084 | Garden-runC prevents deletion of some app environments | ||
| 10 Ott 2018 | CVE-2018-15755 | CF networking internal policy server SQL injection | ||
| 03 Ott 2018 | CVE-2018-11083 | BOSH accepts refresh token as access token | ||
| 02 Ott 2018 | CVE-2018-15763 | PKS leaks IaaS credentials to application logs | ||
| 27 Set 2018 | CVE-2018-11081 | Ops Manager writes UAA credentials to disk | ||
| 13 Set 2018 | CVE-2018-1198 | PCC bosh deployment logs print a superuser password in plain text | ||
| 13 Set 2018 | CVE-2018-11088 | CF admin credentials accessible to developers through Applications Manager | ||
| 13 Set 2018 | CVE-2018-11086 | CF admin credentials accessible to developers through usage service | ||
| 11 Set 2018 | CVE-2018-11087 | RabbitMQ (Spring-AMQP) Host name verification | ||
| 23 Lug 2018 | CVE-2018-11044 | Apps Manager allows unescaped content in invitation emails | ||
| 10 Lug 2018 | CVE-2018-11045 | Operations Manager image contains static LRNG seed file | ||
| 20 Giu 2018 | CVE-2018-11046 | Operations Manager includes outdated NGINX packages | ||
| 14 Giu 2018 | CVE-2018-11040 | JSONP enabled by default in MappingJackson2JsonView | ||
| 14 Giu 2018 | CVE-2018-11039 | Cross Site Tracing (XST) with Spring Framework | ||
| 11 Mag 2018 | CVE-2018-1263 | Unsafe Unzip with spring-integration-zip | ||
| 10 Mag 2018 | CVE-2018-1278 | Apps Manager allows unauthorized org invitations | ||
| 09 Mag 2018 | CVE-2018-1261 | Unsafe Unzip with spring-integration-zip | ||
| 09 Mag 2018 | CVE-2018-1260 | Remote Code Execution with spring-security-oauth2 | ||
| 09 Mag 2018 | CVE-2018-1259 | XXE with Spring Data’s XMLBeam integration | ||
| 09 Mag 2018 | CVE-2018-1258 | Unauthorized Access with Spring Security Method Security | ||
| 09 Mag 2018 | CVE-2018-1257 | ReDoS Attack with spring-messaging | ||
| 07 Mag 2018 | CVE-2018-1280 | Blind SQL injection in Pivotal Greenplum Command Center | ||
| 30 Apr 2018 | CVE-2018-1256 | Issuer validation regression in Spring Cloud SSO Connector | ||
| 10 Apr 2018 | CVE-2018-1274 | Denial of Service with Spring Data | ||
| 10 Apr 2018 | CVE-2018-1273 | RCE with Spring Data Commons | ||
| 09 Apr 2018 | CVE-2018-1275 | Address partial fix for CVE-2018-1270 | ||
| 05 Apr 2018 | CVE-2018-1272 | Multipart Content Pollution with Spring Framework | ||
| 05 Apr 2018 | CVE-2018-1271 | Directory Traversal with Spring MVC on Windows | ||
| 05 Apr 2018 | CVE-2018-1270 | Remote Code Execution with spring-messaging | ||
| 16 Mar 2018 | CVE-2018-1230 | Spring Batch Admin vulnerable to Cross Site Request Forgery | ||
| 16 Mar 2018 | CVE-2018-1229 | Stored XSS in file upload of Spring Batch Admin | ||
| 13 Feb 2018 | CVE-2018-1200 | Apps Manager File Access Vulnerability | ||
| 30 Gen 2018 | CVE-2018-1196 | Symlink privilege escalation attack via Spring Boot launch script | ||
| 29 Gen 2018 | CVE-2018-1199 | Security bypass with static resources | ||
| 16 Ott 2017 | CVE-2017-8028 | Spring-LDAP authentication with userSearch and STARTTLS allows authentication with arbitrary password | ||
| 21 Set 2017 | CVE-2017-8046 | RCE in PATCH requests in Spring Data REST | ||
| 19 Set 2017 | CVE-2017-8045 | Remote code execution in spring-amqp | ||
| 15 Set 2017 | CVE-2017-8039 | Data Binding Expression Vulnerability in Spring Web Flow | ||
| 31 Ago 2017 | CVE-2017-8044 | XSS vulnerability in Single Sign-On for PCF via DOM-based query parameters | ||
| 31 Ago 2017 | CVE-2017-8041 | XSS vulnerability in org name in Single Sign-On for PCF | ||
| 31 Ago 2017 | CVE-2017-8040 | XXE Vulnerability in Single Sign-On for PCF | ||
| 08 Giu 2017 | CVE-2017-4995 | Jackson Configuration Allows Code Execution with Unknown “Serialization Gadgets” | ||
| 31 Mag 2017 | CVE-2017-4971 | Data Binding Expression Vulnerability in Spring Web Flow | ||
| 15 Mag 2017 | CVE-2017-4975 | Tile generator sets open security groups | ||
| 04 Mag 2017 | CVE-2017-4966 | RabbitMQ local storage of credentials | ||
| 04 Mag 2017 | CVE-2017-4965 | XSS vulnerabilities in RabbitMQ management UI | ||
| 27 Mar 2017 | CVE-2017-2773 | Unauthenticated JWT signing algorithm in multiple components | ||
| 24 Mar 2017 | CVE-2017-4955 | Credentials in Elastic Runtime Notifications errand log | ||
| 14 Feb 2017 | CVE-2017-4959 | Pivotal Cloud Foundry account authorization vulnerability | ||
| 09 Feb 2017 | CVE-2016-9880 | Unauthenticated access to GemFire for PCF broker endpoints | ||
| 04 Gen 2017 | CVE-2016-9885 | gfsh exposed over go router for GemFire for PCF | ||
| 28 Dic 2016 | CVE-2016-9879 | Encoded "/" in path variables | ||
| 28 Dic 2016 | CVE-2016-0898 | Service backups log AWS key | ||
| 21 Dic 2016 | CVE-2016-9878 | Directory Traversal in the Spring Framework ResourceServlet | ||
| 19 Dic 2016 | CVE-2016-9877 | RabbitMQ authentication vulnerability | ||
| 31 Ott 2016 | CVE-2016-6657 | PCF Open Redirects | ||
| 31 Ott 2016 | CVE-2016-6656 | Code injection vulnerability via GPHDFS in Greenplum database | ||
| 30 Set 2016 | CVE-2016-6652 | Spring Data JPA Blind SQL Injection Vulnerability | ||
| 12 Set 2016 | CVE-2016-0930 | Ops Manager Compilation VMs Vulnerability on vSphere and vCloud | ||
| 27 Lug 2016 | CVE-2016-0896 | IaaS Metadata Endpoint Accessible from Application Containers | ||
| 15 Lug 2016 | CVE-2016-0929 | RabbitMQ for PCF vulnerability | ||
| 07 Lug 2016 | CVE-2016-5007 | Spring Security / MVC Path Matching Inconsistency | ||
| 07 Lug 2016 | CVE-2016-0926 | Apps Manager XSS vulnerability | ||
| 05 Lug 2016 | CVE-2016-4977 | Remote Code Execution (RCE) in Spring Security OAuth | ||
| 29 Giu 2016 | CVE-2016-0928 | PCF Open Redirects | ||
| 24 Giu 2016 | CVE-2016-0897 | Ops Manager vSphere and vCloud vulnerability | ||
| 23 Giu 2016 | CVE-2016-0927 | Ops Manager XSS vulnerability | ||
| 11 Apr 2016 | CVE-2016-2173 | Remote Code Execution in Spring AMQP | ||
| 23 Mar 2016 | CVE-2016-0780 | Cloud Controller Disk Quota Enforcement | ||
| 23 Mar 2016 | CVE-2016-2165 | Loggregator Request URL Paths | ||
| 23 Mar 2016 | CVE-2016-0781 | UAA Persistent XSS Vulnerability | ||
| 03 Feb 2016 | CVE-2016-0883 | Pivotal Ops Manager Weak Authentication Scheme | ||
| 12 Nov 2015 | CVE-2015-5258 | Spring Social CSRF | ||
| 15 Ott 2015 | CVE-2015-5211 | RFD Attack in Spring Framework | ||
| 30 Giu 2015 | CVE-2015-3192 | DoS Attack with XML Input | ||
| 06 Mar 2015 | CVE-2015-0201 | Insufficiently random session id in Java SockJS client | ||
| 13 Gen 2015 | CVE-2014-3626 | Directory Traversal in Grails Resources Plugin | ||
| 11 Nov 2014 | CVE-2014-3625 | Directory Traversal in Spring Framework | ||
| 05 Set 2014 | CVE-2014-3578 | Directory Traversal in Spring Framework | ||
| 15 Ago 2014 | CVE-2014-3527 | Access Control Bypass in Spring Security | ||
| 28 Mag 2014 | CVE-2014-0225 | Information Disclosure when using Spring MVC | ||
| 11 Mar 2014 | CVE-2014-1904 | XSS when using Spring MVC | ||
| 11 Mar 2014 | CVE-2014-0097 | Blank password may bypass user authentication | ||
| 11 Mar 2014 | CVE-2014-0054 | Incomplete fix for CVE-2013-7315 / CVE-2013-6429 (XXE) | ||
| 19 Feb 2014 | CVE-2014-0053 | Information Disclosure when using Grails | ||
| 14 Gen 2014 | CVE-2013-6430 | Possible XSS when using Spring MVC | ||
| 14 Gen 2014 | CVE-2013-6429 | Incomplete fix for CVE-2013-7315 (XXE) | ||
| 22 Ago 2013 | CVE-2013-7315 | XML External Entity (XXE) injection in Spring Framework | ||
| 22 Ago 2013 | CVE-2013-4152 | XML eXternal Entity (XXE) injection in Spring Framework |
Notable Vulnerabilities in Dependencies[1]
| Date | CVE Reference | Description | ||
| 02 Mar 2020 | USN-4293-1 | libarchive vulnerabilities | ||
| 18 Feb 2020 | USN-4287-1 | Linux kernel vulnerabilities | ||
| 10 Feb 2020 | USN-4274-1 | libxml2 vulnerabilities | ||
| 05 Feb 2020 | USN-4269-1 | systemd vulnerabilities | ||
| 03 Feb 2020 | USN-4263-1 | Sudo vulnerability | ||
| 28 Gen 2020 | USN-4256-1 | Cyrus SASL vulnerability | ||
| 28 Gen 2020 | USN-4255-2 | Linux kernel (HWE) vulnerabilities | ||
| 27 Gen 2020 | USN-4252-1 | tcpdump vulnerabilities | ||
| 23 Gen 2020 | USN-4249-1 | e2fsprogs vulnerability | ||
| 23 Gen 2020 | USN-4233-2 | GnuTLS update | ||
| 22 Gen 2020 | USN-4247-2 | python-apt regression | ||
| 22 Gen 2020 | USN-4247-1 | python-apt vulnerabilities | ||
| 22 Gen 2020 | USN-4246-1 | zlib vulnerabilities | ||
| 20 Gen 2020 | USN-4243-1 | libbsd vulnerabilities | ||
| 20 Gen 2020 | USN-4242-1 | Sysstat vulnerabilities | ||
| 19 Gen 2020 | CVE-2020-0601 | Windows Stemcells vulnerable to Windows CryptoAPI Spoofing Vulnerability | ||
| 15 Gen 2020 | USN-4220-1 | Git vulnerabilities | ||
| 15 Gen 2020 | USN-4215-1 | NSS vulnerability | ||
| 15 Gen 2020 | USN-4210-1 | Linux kernel vulnerabilities | ||
| 15 Gen 2020 | USN-4205-1 | SQLite vulnerabilities | ||
| 15 Gen 2020 | USN-4182-3 | Intel Microcode regression | ||
| 14 Gen 2020 | USN-4236-2 | Libgcrypt vulnerability | ||
| 13 Gen 2020 | USN-4235-1 | nginx vulnerability | ||
| 09 Gen 2020 | USN-4233-1 | GnuTLS update | ||
| 08 Gen 2020 | USN-4231-1 | NSS vulnerability | ||
| 07 Gen 2020 | USN-4227-1 | Linux kernel vulnerabilities | ||
| 18 Dic 2019 | USN-4203-1 | NSS vulnerability | ||
| 18 Dic 2019 | USN-4199-1 | libvpx vulnerabilities | ||
| 18 Dic 2019 | USN-4194-1 | postgresql-common vulnerability | ||
| 18 Dic 2019 | USN-4191-1 | QEMU vulnerabilities | ||
| 18 Dic 2019 | USN-4190-1 | libjpeg-turbo vulnerabilities | ||
| 18 Dic 2019 | USN-4185-3 | Linux kernel vulnerability and regression | ||
| 18 Dic 2019 | USN-4185-1 | Linux kernel vulnerabilities | ||
| 18 Dic 2019 | USN-4182-1 | Intel Microcode update | ||
| 18 Dic 2019 | USN-4176-1 | GNU cpio vulnerability | ||
| 18 Dic 2019 | USN-4172-1 | file vulnerability | ||
| 18 Dic 2019 | USN-4169-1 | libarchive vulnerability | ||
| 18 Dic 2019 | USN-4164-1 | Libxslt vulnerabilities | ||
| 18 Dic 2019 | USN-4162-1 | Linux kernel vulnerabilities | ||
| 11 Dic 2019 | USN-4221-1 | libpcap vulnerability | ||
| 25 Nov 2019 | CVE-2019-15587 | Ops Manager contains a vulnerable Loofah gem | ||
| 14 Nov 2019 | USN-3885-2 | OpenSSH vulnerability | ||
| 14 Nov 2019 | USN-4040-1 | Expat vulnerability | ||
| 14 Nov 2019 | USN-4038-1 | bzip2 vulnerabilities | ||
| 14 Nov 2019 | USN-4019-1 | SQLite vulnerabilities | ||
| 14 Nov 2019 | USN-4016-1 | Vim vulnerabilities | ||
| 14 Nov 2019 | USN-4015-1 | DBus vulnerability | ||
| 14 Nov 2019 | USN-4012-1 | elfutils vulnerabilities | ||
| 14 Nov 2019 | USN-4011-1 | Jinja2 vulnerabilities | ||
| 14 Nov 2019 | USN-4008-2 | AppArmor update | ||
| 14 Nov 2019 | USN-4004-1 | Berkeley DB vulnerability | ||
| 14 Nov 2019 | USN-3999-1 | GnuTLS vulnerabilities | ||
| 14 Nov 2019 | USN-3993-1 | curl vulnerabilities | ||
| 14 Nov 2019 | USN-3968-1 | Sudo vulnerabilities | ||
| 14 Nov 2019 | USN-3967-1 | FFmpeg vulnerabilities | ||
| 14 Nov 2019 | USN-3990-1 | urllib3 vulnerabilities | ||
| 14 Nov 2019 | USN-3911-1 | file vulnerabilities | ||
| 06 Nov 2019 | USN-4151-1 | Python vulnerabilities | ||
| 06 Nov 2019 | USN-4144-1 | Linux kernel vulnerabilities | ||
| 06 Nov 2019 | USN-4142-1 | e2fsprogs vulnerability | ||
| 06 Nov 2019 | USN-4132-1 | Expat vulnerability | ||
| 06 Nov 2019 | USN-4129-1 | curl vulnerabilities | ||
| 06 Nov 2019 | USN-4127-1 | Python vulnerabilities | ||
| 06 Nov 2019 | USN-4126-1 | FreeType vulnerability | ||
| 30 Set 2019 | USN-4135-1 | Linux kernel vulnerabilities | ||
| 30 Set 2019 | USN-4115-2 | Linux kernel regression | ||
| 30 Set 2019 | USN-4115-1 | Linux kernel vulnerabilities | ||
| 30 Set 2019 | USN-4094-1 | Linux kernel vulnerabilities | ||
| 30 Set 2019 | USN-4071-1 | Patch vulnerabilities | ||
| 30 Set 2019 | USN-4049-3 | GLib regression | ||
| 24 Set 2019 | CVE-2019-16097 | Harbor Privilege Escalation | ||
| 05 Set 2019 | USN-4099-1 | nginx vulnerabilities | ||
| 05 Set 2019 | USN-4090-1 | PostgreSQL vulnerabilities | ||
| 05 Set 2019 | USN-4068-2 | Linux kernel (HWE) vulnerabilities | ||
| 05 Set 2019 | USN-4060-1 | NSS vulnerabilities | ||
| 05 Set 2019 | USN-4058-1 | Bash vulnerability | ||
| 05 Set 2019 | USN-4049-1 | GLib vulnerability | ||
| 05 Set 2019 | USN-4038-3 | bzip2 regression | ||
| 06 Ago 2019 | USN-4041-1 | Linux kernel update | ||
| 05 Ago 2019 | USN-4014-1 | GLib vulnerability | ||
| 05 Ago 2019 | USN-4001-1 | libseccomp vulnerability | ||
| 05 Ago 2019 | USN-3977-3 | Intel Microcode update (AKA ZombieLoad Attack) | ||
| 19 Giu 2019 | USN-3981-2 | Linux kernel (HWE) vulnerabilities (AKA ZombieLoad Attack) | ||
| 19 Giu 2019 | USN-3977-2 | Intel Microcode update (AKA ZombieLoad Attack) | ||
| 19 Giu 2019 | USN-3977-1 | Intel Microcode update (AKA ZombieLoad Attack) | ||
| 21 Mag 2019 | USN-3972-1 | PostgreSQL vulnerabilities | ||
| 21 Mag 2019 | USN-3962-1 | libpng vulnerability | ||
| 21 Mag 2019 | USN-3960-1 | WavPack vulnerability | ||
| 21 Mag 2019 | USN-3947-1 | Libxslt vulnerability | ||
| 21 Mag 2019 | USN-3943-1 | Wget vulnerabilities | ||
| 21 Mag 2019 | USN-3932-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 21 Mag 2019 | USN-3931-2 | Linux kernel (HWE) vulnerabilities | ||
| 08 Mag 2019 | USN-3935-1 | BusyBox vulnerabilities | ||
| 25 Apr 2019 | USN-3945-1 | Ruby vulnerabilities | ||
| 25 Apr 2019 | USN-3910-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 25 Apr 2019 | USN-3906-1 | LibTIFF vulnerabilities | ||
| 25 Apr 2019 | USN-3901-2 | Linux kernel (HWE) vulnerabilities | ||
| 25 Apr 2019 | USN-3900-1 | GD vulnerabilities | ||
| 25 Apr 2019 | USN-3899-1 | OpenSSL vulnerability | ||
| 25 Apr 2019 | USN-3898-1 | NSS vulnerability | ||
| 25 Apr 2019 | USN-3891-1 | systemd vulnerability | ||
| 25 Apr 2019 | USN-3885-1 | OpenSSH vulnerabilities | ||
| 25 Apr 2019 | USN-3884-1 | libarchive vulnerabilities | ||
| 25 Apr 2019 | USN-3882-1 | curl vulnerabilities | ||
| 25 Apr 2019 | USN-3879-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 25 Apr 2019 | USN-3871-4 | Linux kernel (HWE) vulnerabilities | ||
| 25 Apr 2019 | USN-3864-1 | LibTIFF vulnerabilities | ||
| 25 Apr 2019 | USN-3859-1 | libarchive vulnerabilities | ||
| 25 Apr 2019 | USN-3848-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 25 Apr 2019 | USN-3847-2 | Linux kernel (HWE) vulnerabilities | ||
| 25 Apr 2019 | USN-3840-1 | OpenSSL vulnerabilities | ||
| 25 Apr 2019 | USN-3834-1 | Perl vulnerabilities | ||
| 25 Apr 2019 | USN-3816-3 | systemd regression | ||
| 25 Apr 2019 | USN-3855-1 | systemd vulnerabilities | ||
| 25 Apr 2019 | USN-3863-1 | APT vulnerability | ||
| 13 Feb 2019 | CVE-2019-5736 | runC container breakout | ||
| 06 Feb 2019 | USN-3836-2 | Linux kernel (HWE) vulnerabilities | ||
| 06 Feb 2019 | USN-3841-1 | lxml vulnerability | ||
| 06 Feb 2019 | USN-3850-1 | NSS vulnerabilities | ||
| 03 Gen 2019 | USN-3843-1 | pixman vulnerability | ||
| 03 Gen 2019 | USN-3816-2 | systemd vulnerability | ||
| 03 Gen 2019 | USN-3839-1 | WavPack vulnerabilities | ||
| 03 Gen 2019 | USN-3829-1 | Git vulnerabilities | ||
| 14 Dic 2018 | USN-3805-1 | curl vulnerabilities | ||
| 14 Dic 2018 | USN-3809-1 | OpenSSH vulnerabilities | ||
| 14 Dic 2018 | USN-3812-1 | nginx vulnerabilities | ||
| 14 Dic 2018 | USN-3815-1 | gettext vulnerability | ||
| 14 Dic 2018 | USN-3817-1 | Python vulnerabilities | ||
| 14 Dic 2018 | USN-3821-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 12 Dic 2018 | USN-3820-2 | Linux kernel (HWE) vulnerabilities | ||
| 12 Dic 2018 | USN-3816-1 | systemd vulnerabilities | ||
| 12 Dic 2018 | USN-3806-1 | systemd vulnerability | ||
| 12 Dic 2018 | USN-3808-1 | Ruby vulnerabilities | ||
| 03 Dic 2018 | CVE-2018-15797 | NFS Volume release errand leaks cf admin credentials in logs | ||
| 03 Dic 2018 | CVE-2018-1002105 | Proxy request handling in kube-apiserver can leave vulnerable TCP connections | ||
| 28 Nov 2018 | USN-3797-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 08 Nov 2018 | USN-3800-1 | audiofile vulnerabilities | ||
| 08 Nov 2018 | USN-3791-1 | Git vulnerability | ||
| 08 Nov 2018 | USN-3786-1 | libxkbcommon vulnerabilities | ||
| 08 Nov 2018 | USN-3785-1 | ImageMagick vulnerabilities | ||
| 06 Nov 2018 | CVE-2018-15761 | UAA Privilege Escalation | ||
| 26 Ott 2018 | USN-3790-1 | Requests vulnerability | ||
| 26 Ott 2018 | USN-3777-2 | Linux kernel (HWE) vulnerabilities | ||
| 26 Ott 2018 | USN-3762-2 | Linux kernel (HWE) vulnerabilities | ||
| 09 Ott 2018 | USN-3752-2 | Linux kernel (HWE) vulnerabilities | ||
| 09 Ott 2018 | USN-3765-1 | curl vulnerability | ||
| 09 Ott 2018 | USN-3767-1 | GLib vulnerabilities | ||
| 09 Ott 2018 | USN-3770-1 | Little CMS vulnerabilities | ||
| 27 Set 2018 | USN-3759-1 | libtirpc vulnerabilities | ||
| 27 Set 2018 | USN-3758-1 | libx11 vulnerabilities | ||
| 27 Set 2018 | USN-3756-1 | Intel Microcode vulnerabilities | ||
| 27 Set 2018 | USN-3755-1 | GD vulnerabilities | ||
| 27 Set 2018 | USN-3753-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 27 Set 2018 | USN-3744-1 | PostgreSQL vulnerabilities | ||
| 27 Set 2018 | USN-3741-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 27 Set 2018 | USN-3739-1 | libxml2 vulnerabilities | ||
| 27 Set 2018 | USN-3736-1 | libarchive vulnerabilities | ||
| 27 Set 2018 | USN-3733-1 | GnuPG vulnerability | ||
| 27 Set 2018 | USN-3729-1 | libxcursor vulnerability | ||
| 27 Set 2018 | USN-3712-1 | libpng vulnerabilities | ||
| 27 Set 2018 | USN-3696-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 27 Set 2018 | USN-3692-1 | OpenSSL vulnerabilities | ||
| 27 Set 2018 | USN-3690-2 | AMD Microcode regression | ||
| 27 Set 2018 | USN-3690-1 | AMD Microcode update | ||
| 27 Set 2018 | USN-3689-1 | Libgcrypt vulnerability | ||
| 27 Set 2018 | USN-3605-1 | Sharutils vulnerability | ||
| 27 Set 2018 | USN-3589-1 | PostgreSQL vulnerability | ||
| 27 Set 2018 | USN-3564-1 | PostgreSQL vulnerability | ||
| 27 Set 2018 | USN-3532-1 | GDK-PixBuf vulnerabilities | ||
| 27 Set 2018 | USN-3509-4 | Linux kernel (Xenial HWE) regression | ||
| 27 Set 2018 | USN-3352-1 | nginx vulnerability | ||
| 09 Ago 2018 | CVE-2018-8037 | Apache Tomcat - NIO/NIO2 connectors user sessions can get mixed up | ||
| 09 Ago 2018 | CVE-2018-1336 | Apache Tomcat - UTF-8 decoder can lead to DoS | ||
| 02 Ago 2018 | USN-3711-1 | ImageMagick vulnerabilities | ||
| 02 Ago 2018 | USN-3707-1 | NTP vulnerabilities | ||
| 02 Ago 2018 | USN-3706-1 | libjpeg-turbo vulnerabilities | ||
| 23 Lug 2018 | CVE-2018-11047 | UAA accepts refresh token as access token on admin endpoints | ||
| 20 Lug 2018 | USN-3693-1 | JasPer vulnerabilities | ||
| 20 Lug 2018 | USN-3686-1 | file vulnerabilities | ||
| 20 Lug 2018 | USN-3684-1 | Perl vulnerability | ||
| 20 Lug 2018 | USN-3681-1 | ImageMagick vulnerabilities | ||
| 20 Lug 2018 | USN-3676-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 20 Lug 2018 | USN-3675-1 | GnuPG vulnerabilities | ||
| 20 Lug 2018 | USN-3658-1 | procps-ng vulnerabilities | ||
| 17 Lug 2018 | CVE-2018-11041 | UAA open redirect | ||
| 16 Lug 2018 | CVE-2018-1269 | Loggregator does not properly close some TCP connections | ||
| 16 Lug 2018 | CVE-2018-1268 | Loggregator lacks app GUID validation | ||
| 19 Giu 2018 | CVE-2018-1265 | Diego does not properly sanitize file paths in tar/zip files | ||
| 21 Giu 2018 | USN-3671-1 | Git vulnerabilities | ||
| 21 Giu 2018 | USN-3654-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 21 Giu 2018 | USN-3648-1 | curl vulnerabilities | ||
| 14 Giu 2018 | USN-3643-1 | Wget vulnerability | ||
| 14 Giu 2018 | USN-3641-1 | Linux kernel vulnerabilities | ||
| 14 Giu 2018 | USN-3631-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 14 Giu 2018 | USN-3628-1 | OpenSSL vulnerability | ||
| 14 Giu 2018 | USN-3625-1 | Perl vulnerabilities | ||
| 14 Giu 2018 | USN-3624-1 | Patch vulnerabilities | ||
| 14 Giu 2018 | USN-3622-1 | Wayland vulnerability | ||
| 21 Mag 2018 | CVE-2018-1277 | Garden does not correctly enforce Docker image disc quotas | ||
| 21 Mag 2018 | CVE-2018-1276 | Windows2012R2 stemcell exposes IaaS metadata on vSphere | ||
| 10 Mag 2018 | MS-ISAC-2018-046 | MS-ISAC 2018-046 Multiple Vulnerabilities in PHP | ||
| 08 Mag 2018 | CVE-2018-1191 | Garden may log Docker passwords | ||
| 02 Mag 2018 | USN-3619-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 02 Mag 2018 | USN-3611-1 | OpenSSL vulnerability | ||
| 02 Mag 2018 | USN-3610-1 | ICU vulnerability | ||
| 02 Mag 2018 | USN-3606-1 | LibTIFF vulnerabilities | ||
| 02 Mag 2018 | USN-3604-1 | libvorbis vulnerabilities | ||
| 02 Mag 2018 | USN-3602-1 | LibTIFF vulnerabilities | ||
| 02 Mag 2018 | USN-3598-1 | curl vulnerabilities | ||
| 02 Mag 2018 | USN-3586-1 | DHCP vulnerabilities | ||
| 02 Mag 2018 | USN-3584-1 | sensible-utils vulnerability | ||
| 02 Mag 2018 | USN-3569-1 | libvorbis vulnerabilities | ||
| 02 Mag 2018 | USN-3554-1 | curl vulnerabilities | ||
| 02 Mag 2018 | USN-3547-1 | Libtasn1 vulnerabilities | ||
| 02 Mag 2018 | USN-3543-1 | rsync vulnerabilities | ||
| 02 Mag 2018 | USN-3534-1 | GNU C Library vulnerabilities | ||
| 02 Mag 2018 | USN-3506-1 | rsync vulnerabilities | ||
| 02 Mag 2018 | USN-3501-1 | libxcursor vulnerability | ||
| 02 Mag 2018 | USN-3346-2 | Bind regression | ||
| 30 Apr 2018 | CVE-2018-1197 | GCP Metadata Endpoint Accessible from Application Containers on Windows | ||
| 05 Apr 2018 | CVE-2018-1266 | Cloud Controller file modification via malicious application | ||
| 05 Apr 2018 | CVE-2018-1231 | BOSH CLI does not restrict access to configuration file | ||
| 03 Apr 2018 | USN-3582-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 28 Mar 2018 | CVE-2018-1195 | Cloud Controller API will accept a refresh token for authentication | ||
| 28 Mar 2018 | CVE-2018-1192 | UAA SessionID present in Audit Event Logs | ||
| 28 Mar 2018 | CVE-2018-1190 | XSS on UAA OpenID Connect check session iframe endpoint | ||
| 09 Mar 2018 | CVE-2018-1227 | Concourse-dot-ci Domain Issue | ||
| 27 Feb 2018 | VU475445 | VU#475445 SAML Authentication Bypass | ||
| 27 Feb 2018 | CVE-2018-1221 | Gorouter websocket handling vulnerability | ||
| 01 Feb 2018 | USN-3540-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 01 Feb 2018 | USN-3538-1 | OpenSSH vulnerabilities | ||
| 01 Feb 2018 | USN-3535-1 | Bind vulnerability | ||
| 01 Feb 2018 | USN-3522-4 | Linux (Xenial HWE) vulnerability | ||
| 01 Feb 2018 | USN-3522-2 | Linux (Xenial HWE) vulnerability | ||
| 01 Feb 2018 | USN-3513-1 | libxml2 vulnerability | ||
| 01 Feb 2018 | USN-3504-1 | libxml2 vulnerability | ||
| 03 Gen 2018 | Meltdown and Spectre Attacks | Meltdown and Spectre Attacks | ||
| 19 Dic 2017 | CVE-2017-1000353 | Jenkins unauthenticated remote code execution | ||
| 15 Dic 2017 | USN-3509-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 15 Dic 2017 | USN-3505-1 | Linux firmware vulnerabilities | ||
| 15 Dic 2017 | USN-3498-1 | curl vulnerabilities | ||
| 15 Dic 2017 | USN-3496-3 | Python vulnerability | ||
| 15 Dic 2017 | USN-3496-1 | Python vulnerability | ||
| 15 Dic 2017 | USN-3489-1 | Berkeley DB vulnerability | ||
| 15 Dic 2017 | USN-3485-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 15 Dic 2017 | USN-3478-1 | Perl vulnerabilities | ||
| 15 Dic 2017 | USN-3475-1 | OpenSSL vulnerabilities | ||
| 15 Dic 2017 | USN-3469-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 15 Dic 2017 | USN-3464-1 | Wget vulnerabilities | ||
| 15 Dic 2017 | USN-3458-1 | ICU vulnerability | ||
| 15 Dic 2017 | USN-3457-1 | curl vulnerability | ||
| 21 Nov 2017 | USN-3454-1 | libffi vulnerability | ||
| 21 Nov 2017 | USN-3444-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 21 Nov 2017 | USN-3441-1 | curl vulnerabilities | ||
| 21 Nov 2017 | USN-3437-1 | OCaml vulnerability | ||
| 21 Nov 2017 | USN-3434-1 | Libidn vulnerability | ||
| 21 Nov 2017 | USN-3432-1 | ca-certificates update | ||
| 21 Nov 2017 | USN-3424-1 | libxml2 vulnerabilities | ||
| 21 Nov 2017 | USN-3387-1 | Git vulnerability | ||
| 16 Nov 2017 | CVE-2017-8031 | UAA Denial of Service through client token revocation endpoint | ||
| 15 Nov 2017 | CVE-2017-14388 | GrootFS doesn’t validate DiffIDs | ||
| 11 Ott 2017 | CVE-2017-8048 | Cloud Controller API regression | ||
| 10 Ott 2017 | CVE-2017-8047 | Cloud Foundry router open redirect | ||
| 28 Set 2017 | USN-3420-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 28 Set 2017 | USN-3418-1 | GDK-PixBuf vulnerabilities | ||
| 28 Set 2017 | USN-3415-1 | tcpdump vulnerabilities | ||
| 28 Set 2017 | USN-3411-1 | Bazaar vulnerability | ||
| 28 Set 2017 | USN-3410-1 | GD library vulnerability | ||
| 28 Set 2017 | USN-3405-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 28 Set 2017 | USN-3398-1 | graphite2 vulnerabilities | ||
| 08 Set 2017 | CVE-2017-9805 | Apache Struts Remote Code Execution | ||
| 28 Ago 2017 | USN-3392-2 | Linux kernel (Xenial HWE) regression | ||
| 21 Ago 2017 | USN-3385-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 14 Ago 2017 | USN-3378-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 14 Ago 2017 | USN-3367-1 | gdb vulnerabilities | ||
| 14 Ago 2017 | USN-3364-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 14 Ago 2017 | USN-3363-2 | ImageMagick regression References | ||
| 14 Ago 2017 | USN-3363-1 | ImageMagick vulnerabilities | ||
| 14 Ago 2017 | USN-3356-1 | Expat vulnerability | ||
| 14 Ago 2017 | USN-3353-1 | Heimdal vulnerability | ||
| 14 Ago 2017 | USN-3349-1 | NTP vulnerabilities | ||
| 14 Ago 2017 | USN-3347-1 | Libgcrypt vulnerabilities | ||
| 14 Ago 2017 | USN-3346-1 | bind9 vulnerabilities | ||
| 14 Ago 2017 | USN-3344-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 07 Ago 2017 | CVE-2017-8037 | Incomplete fix for Cloud Controller API access to CC VM contents | ||
| 02 Ago 2017 | CVE-2017-9022/CVE-2017-9023 | strongSwan DOS Vulnerabilities | ||
| 01 Ago 2017 | CVE-2017-8038 | Credentials readable from CredHub endpoint | ||
| 25 Lug 2017 | CVE-2017-8036 | Cloud Controller API regression | ||
| 25 Lug 2017 | CVE-2017-8035 | Cloud Controller API access to CC VM contents | ||
| 25 Lug 2017 | CVE-2017-8033 | Cloud Controller API filesystem traversal vulnerability | ||
| 24 Lug 2017 | CVE-2017-8032 | UAA Identity Zone Admin Privilege Escalation | ||
| 05 Lug 2017 | CVE-2017-7485 | PostgreSQL vulnerabilities | ||
| 26 Giu 2017 | CVE-2017-5946 | Directory Traversal in Rubyzip | ||
| 26 Giu 2017 | USN-3334-1 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 26 Giu 2017 | USN-3323-1 | GNU C Library vulnerability | ||
| 26 Giu 2017 | USN-3318-1 | GnuTLS vulnerabilities | ||
| 26 Giu 2017 | USN-3312-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 26 Giu 2017 | USN-3311-1 | libnl vulnerability | ||
| 26 Giu 2017 | USN-3309-1 | Libtasn1 vulnerability | ||
| 26 Giu 2017 | USN-3302-1 | ImageMagick vulnerabilities | ||
| 26 Giu 2017 | USN-3212-2 | LibTIFF regression | ||
| 22 Giu 2017 | USN-3304-1 | Sudo vulnerability | ||
| 08 Giu 2017 | CVE-2017-4994 | Forwarded Headers in UAA | ||
| 08 Giu 2017 | USN-3295-1 | JasPer vulnerabilities | ||
| 08 Giu 2017 | USN-3294-1 | Bash vulnerabilities | ||
| 08 Giu 2017 | USN-3291-3 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 08 Giu 2017 | USN-3287-1 | Git vulnerability | ||
| 08 Giu 2017 | USN-3283-1 | rtmpdump vulnerabilities | ||
| 08 Giu 2017 | USN-3282-1 | FreeType vulnerabilities | ||
| 08 Giu 2017 | USN-3276-2 | shadow regression | ||
| 08 Giu 2017 | USN-3263-1 | FreeType vulnerability | ||
| 08 Giu 2017 | USN-3259-1 | Bind vulnerabilities | ||
| 08 Giu 2017 | USN-3246-1 | Eject vulnerability | ||
| 08 Giu 2017 | USN-3181-1 | OpenSSL vulnerabilities | ||
| 19 Mag 2017 | CVE-2017-4992 | Privilege escalation with user invitations | ||
| 19 Mag 2017 | CVE-2017-4991 | UAA password reset vulnerability | ||
| 02 Mag 2017 | USN-3265-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 01 Mag 2017 | CVE-2017-4974 | Blind SQL Injection with privileged UAA endpoints | ||
| 20 Apr 2017 | CVE-2015-3281 | HAProxy vulnerabilities | ||
| 20 Apr 2017 | CVE-2017-4973 | Privilege Escalation in UAA | ||
| 20 Apr 2017 | CVE-2017-4972 | Blind SQL Injection in UAA | ||
| 13 Apr 2017 | CVE-2017-4969 | Bug in CC allows users to exceed quotas | ||
| 12 Apr 2017 | USN-3256-2 | Linux kernel (HWE) vulnerability | ||
| 10 Apr 2017 | CVE-2017-4970 | Staticfile buildpack ignores basic authentication when misconfigured | ||
| 06 Apr 2017 | USN-3243-1 | Git vulnerability | ||
| 06 Apr 2017 | USN-3241-1 | audiofile vulnerabilities | ||
| 06 Apr 2017 | USN-3239-2 | GNU C Library Regression | ||
| 06 Apr 2017 | USN-3237-1 | FreeType vulnerability | ||
| 06 Apr 2017 | USN-3235-1 | libxml2 vulnerabilities | ||
| 06 Apr 2017 | USN-3232-1 | ImageMagick vulnerabilities | ||
| 06 Apr 2017 | USN-3227-1 | ICU vulnerabilities | ||
| 06 Apr 2017 | USN-3225-1 | libarchive vulnerabilities | ||
| 06 Apr 2017 | USN-3183-2 | GnuTLS vulnerability | ||
| 05 Apr 2017 | CVE-2017-5649 | Apache Geode privilege escalation vulnerability | ||
| 04 Apr 2017 | USN-3201-1 | Bind vulnerabilities | ||
| 04 Apr 2017 | USN-3234-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 04 Apr 2017 | USN-3228-1 | libevent vulnerabilities | ||
| 04 Apr 2017 | USN-3247-1 | AppArmor vulnerability | ||
| 04 Apr 2017 | USN-3249-2 | Linux kernel (Xenial HWE) vulnerability | ||
| 31 Mar 2017 | USN-3222-1 | ImageMagick vulnerabilities | ||
| 31 Mar 2017 | USN-3213-1 | GD library vulnerabilities | ||
| 31 Mar 2017 | USN-3212-1 | LibTIFF vulnerabilities | ||
| 31 Mar 2017 | USN-3205-1 | tcpdump vulnerabilities | ||
| 31 Mar 2017 | USN-3142-2 | ImageMagick vulnerabilities | ||
| 29 Mar 2017 | CVE-2017-4963 | Session Fixation for UAA External Authentication | ||
| 17 Mar 2017 | USN-3196-1 | Multiple PHP vulnerabilities | ||
| 17 Mar 2017 | USN-3185-1 | libXpm vulnerability | ||
| 17 Mar 2017 | USN-3193-1 | Nettle vulnerability | ||
| 17 Mar 2017 | USN-3183-1 | GnuTLS vulnerabilities | ||
| 14 Mar 2017 | USN-3189-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 14 Mar 2017 | CVE-2017-5638 | Apache Struts Remote Code Execution | ||
| 13 Mar 2017 | USN-3220-2 | Linux kernel (Xenial HWE) vulnerability | ||
| 09 Mar 2017 | CVE-2017-4960 | UAA OAuth DOS via lockout feature | ||
| 01 Mar 2017 | USN-3208-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 31 Gen 2017 | USN-3172-1 | Bind vulnerabilities | ||
| 31 Gen 2017 | USN-3169-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 31 Gen 2017 | USN-3161-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 23 Gen 2017 | CVE-2016-6660 | Cloud Controller logs application environment variables | ||
| 19 Gen 2017 | USN-3024-1 | tomcat6, tomcat7 vulnerabilities | ||
| 12 Gen 2017 | RunC Exec | RunC Exec Vulnerability | ||
| 10 Gen 2017 | CVE-2016-9882 | Cloud Foundry Logs Service Credentials | ||
| 29 Dic 2016 | CVE-2016-3958 and CVE-2016-3959 | Golang vulnerabilities | ||
| 27 Dic 2016 | USN-3146-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 27 Dic 2016 | USN-3128-2 | Linux kernel (Xenial HWE) vulnerability | ||
| 27 Dic 2016 | USN-3142-1 | ImageMagick vulnerabilities | ||
| 19 Dic 2016 | CVE-2016-8219 | Space Auditor can restage apps | ||
| 21 Dic 2016 | Multiple CVEs | httpoxy vulnerabilities | ||
| 20 Dic 2016 | USN-3156-1 | APT vulnerability | ||
| 19 Dic 2016 | USN-3131-1 | ImageMagick vulnerabilities | ||
| 19 Dic 2016 | USN-3067-1 | HarfBuzz vulnerabilities | ||
| 19 Dic 2016 | USN-3117-1 | GD library vulnerabilities | ||
| 14 Dic 2016 | USN-3132-1 | tar vulnerability | ||
| 14 Dic 2016 | USN-3134-1 | Python vulnerabilities | ||
| 14 Dic 2016 | USN-3139-1 | Vim vulnerability | ||
| 14 Dic 2016 | CVE-2016-6659 | UAA Privilege Escalation | ||
| 14 Dic 2016 | USN-3116-1 | DBus vulnerabilities | ||
| 14 Dic 2016 | USN-3119-1 | Bind vulnerability | ||
| 13 Dic 2016 | USN-3123-1 | curl vulnerabilities | ||
| 13 Dic 2016 | USN-3088-1 | Bind vulnerability | ||
| 09 Dic 2016 | CVE-2016-8218 | Unauthenticated JWT signing algorithm in routing | ||
| 07 Dic 2016 | USN-3151-2 | Linux kernel (Xenial HWE) vulnerability | ||
| 17 Nov 2016 | CVE-2016-6663/CVE-2016-6664 | MariaDB Root Privilege Escalation | ||
| 17 Nov 2016 | Several | PCRE vulnerabilities prior to version 8.39 | ||
| 07 Nov 2016 | USN-3096-1 | NTP vulnerabilities | ||
| 07 Nov 2016 | USN-3095-1 | PHP vulnerabilities | ||
| 02 Nov 2016 | CVE-2016-6658 | Incomplete fix for Credential Vulnerability for Custom Buildpacks | ||
| 21 Ott 2016 | CVE-2016-5195 | Linux kernel vulnerability | ||
| 17 Ott 2016 | CVE-2016-6655 | Utility Script Command Injection | ||
| 17 Ott 2016 | USN-3099-2 | Linux kernel vulnerabilities | ||
| 29 Set 2016 | CVE-2016-6653 | MySQL Audit logs sent to Syslog | ||
| 28 Set 2016 | USN-3087-2 | OpenSSL Regression | ||
| 28 Set 2016 | USN-3083-1 | Linux kernel vulnerabilities | ||
| 28 Set 2016 | USN-3068-1 | Libidn vulnerabilities | ||
| 28 Set 2016 | CVE-2016-6662 | Multiple MySQL Vulnerabilities | ||
| 28 Set 2016 | USN-3085-1 | GDK-PixBuf vulnerabilities | ||
| 26 Set 2016 | CVE-2016-6651 | Privilege Escalation in UAA | ||
| 26 Set 2016 | CVE-2016-6636 | UAA Open Redirect Vulnerability for Subdomains | ||
| 26 Set 2016 | CVE-2016-6637 | UAA CSRF Vulnerability for OAuth Approvals | ||
| 21 Set 2016 | CVE-2014-9130 | LibYAML vulnerability | ||
| 09 Set 2016 | CVE-2016-6639 | PHP Buildpack exposes .profile file | ||
| 09 Set 2016 | USN-3045-1 | PHP vulnerabilities | ||
| 25 Ago 2016 | USN-3065-1 | Libgcrypt vulnerability | ||
| 25 Ago 2016 | USN-3064-1 | GnuPG vulnerability | ||
| 25 Ago 2016 | USN-3063-1 | Fontconfig vulnerability | ||
| 25 Ago 2016 | USN-3061-1 | OpenSSH vulnerability | ||
| 25 Ago 2016 | USN-3030-1/USN-3060-1 | GD library vulnerability | ||
| 25 Ago 2016 | USN-3053-1/USN-3037-1 | Linux kernel (Vivid HWE) vulnerability | ||
| 25 Ago 2016 | USN-3048-1 | curl vulnerability | ||
| 25 Ago 2016 | USN-3033-1 | libarchive vulnerability | ||
| 18 Ago 2016 | CVE-2016-5016 | UAA accepts expired certificates | ||
| 26 Lug 2016 | CVE-2016-5006 | Cloud Controller API logs user-provided service credentials | ||
| 13 Lug 2016 | USN-3010-1 | Expat vulnerabilities | ||
| 13 Lug 2016 | CVE-2016-4450 | Nginx Vulnerabilities | ||
| 13 Lug 2016 | USN-3012-1 | Wget vulnerability | ||
| 01 Lug 2016 | USN-3020-1 | Linux kernel (Vivid HWE) vulnerabilities | ||
| 30 Giu 2016 | CVE-2016-4468 | UAA SQL Injection | ||
| 15 Giu 2016 | USN-3001-1 | Linux kernel (Vivid HWE) vulnerabilities | ||
| 13 Giu 2016 | CVE-2016-4435 | BOSH Agent Anonymous Endpoint | ||
| 13 Giu 2016 | USN-2994-1 | libxml2 vulnerabilities | ||
| 13 Giu 2016 | USN-2991-1 | nginx vulnerability | ||
| 13 Giu 2016 | USN-2990-1 | ImageMagick vulnerability (a.k.a. ImageTragick) | ||
| 13 Giu 2016 | USN-2987-1 | GD library vulnerabilities | ||
| 13 Giu 2016 | USN-2985-2 | GNU C Library regression | ||
| 13 Giu 2016 | USN-2983-1 | Expat vulnerability | ||
| 13 Giu 2016 | USN-2981-1 | libarchive vulnerabilities | ||
| 13 Giu 2016 | USN-2966-1 | OpenSSH vulnerabilities | ||
| 13 Giu 2016 | USN-2961-1 | Little CMS vulnerability | ||
| 08 Giu 2016 | CVE-2013-7456 | PHP vulnerabilities | ||
| 03 Giu 2016 | USN-2970-1 | Linux kernel (Vivid HWE) vulnerabilities | ||
| 23 Mag 2016 | CVE-2016-3084 | UAA Password Reset Vulnerability | ||
| 19 Mag 2016 | USN-2977-1 | Linux kernel (Vivid HWE) vulnerabilities | ||
| 17 Mag 2016 | CVE-2016-3091 | Diego log encoding vulnerability | ||
| 06 Mag 2016 | USN-2959-1 | OpenSSL vulnerabilities | ||
| 06 Mag 2016 | USN-2957-1 | Libtasn1 vulnerability | ||
| 06 Mag 2016 | USN-2949-1 | Linux kernel (Vivid HWE) vulnerabilities | ||
| 06 Mag 2016 | USN-2943-1 | PCRE vulnerabilities | ||
| 06 Mag 2016 | USN-2935-2 | PAM regression | ||
| 02 Mag 2016 | CVE-2015-5170-5173 | UAA Vulnerabilities | ||
| 14 Apr 2016 | Badlock bug | Samba and Windows Vulnerabilities | ||
| 24 Mar 2016 | USN-2939-1 | LibTIFF vulnerabilities | ||
| 24 Mar 2016 | USN-2927-1 | Graphite2 vulnerabilities | ||
| 24 Mar 2016 | USN-2925-1 | Bind9 vulnerabilities | ||
| 24 Mar 2016 | USN-2919-1 | JasPer vulnerabilities | ||
| 24 Mar 2016 | USN-2918-1 | Pixman vulnerabilities | ||
| 24 Mar 2016 | USN-2916-1 | Perl vulnerabilities | ||
| 24 Mar 2016 | USN-2914-1 | OpenSSL vulnerabilities | ||
| 24 Mar 2016 | NPM Ownership Issue | Warning about NPM modules | ||
| 24 Mar 2016 | USN-2938-1 | Git vulnerabilities | ||
| 16 Mar 2016 | USN-2932-1 | Linux kernel vulnerabilities | ||
| 02 Mar 2016 | CVE-2016-0800 | OpenSSL vulnerabilities | ||
| 26 Feb 2016 | USN-2910-1 | Linux kernel vulnerability | ||
| 26 Feb 2016 | CVE-2016-0761 | Docker Image Host Files Corruption | ||
| 19 Feb 2016 | USN-2900-1 | GNU libc vulnerability | ||
| 02 Feb 2016 | CVE-2016-0732 | Privilege Escalation | ||
| 01 Feb 2016 | CVE-2016-0713 | Gorouter XSS | ||
| 22 Gen 2016 | USN-2871-1 | Linux kernel vulnerability | ||
| 20 Gen 2016 | CVE-2016-0715 | Remote Information Disclosure | ||
| 19 Gen 2016 | USN-2865-1 | GnuTLS vulnerability | ||
| 19 Gen 2016 | USN-2861-1 | libpng vulnerability | ||
| 19 Gen 2016 | USN-2868-1 | DHCP vulnerability | ||
| 19 Gen 2016 | USN-2869-1 | OpenSSH vulnerability | ||
| 18 Gen 2016 | CVE-2016-0708 | Remote Information Disclosure | ||
| 07 Gen 2016 | USN-2857-1 | Linux kernel vulnerability | ||
| 07 Gen 2016 | USN-2842-1/USN-2842-2 | Linux kernel vulnerability | ||
| 07 Gen 2016 | USN-2837-1 | bind9 vulnerability | ||
| 07 Gen 2016 | USN-2836-1 | grub2 vulnerability | ||
| 07 Gen 2016 | USN-2835-1 | git vulnerability | ||
| 07 Gen 2016 | USN-2834-1 | libxml2 vulnerability | ||
| 07 Gen 2016 | USN-2830-1 | OpenSSL vulnerability | ||
| 07 Gen 2016 | USN-2829-1 | Linux kernel vulnerability | ||
| 15 Dic 2015 | CVE-2015-5350 | Garden Nstar vulnerability | ||
| 04 Dic 2015 | USN-2821-1 | GnuTLS vulnerability | ||
| 04 Dic 2015 | USN-2820-1 | dpkg vulnerability | ||
| 02 Dic 2015 | USN-2815-1 | PNG vulnerability | ||
| 02 Dic 2015 | USN-2812-1 | libxml2 vulnerability | ||
| 02 Dic 2015 | USN-2810-1 | Kerberos vulnerability | ||
| 02 Dic 2015 | USN-2787-1 | audiofile vulnerability | ||
| 24 Nov 2015 | USN-2788-1/2788-2 | unzip vulnerability | ||
| 12 Nov 2015 | USN-2798-1 | Linux kernel vulnerability | ||
| 12 Nov 2015 | USN-2806-1 | Linux kernel vulnerability | ||
| 03 Nov 2015 | USN-2778-1 | Linux kernel vulnerabilities | ||
| 03 Nov 2015 | USN-2767-1 | GDK-Pixbuf library vulnerability | ||
| 07 Ott 2015 | Golang | Golang 1.4.3 CVE Fixes | ||
| 07 Ott 2015 | USN-2722-1 | GDK-PixBuf Vulnerabilities | ||
| 07 Ott 2015 | USN-2711-1 | Net-SNMP Vulnerabilities | ||
| 07 Ott 2015 | USN-2739-1 | FreeType Vulnerabilities | ||
| 07 Ott 2015 | USN-2740-1 | ICU Vulnerabilities | ||
| 07 Ott 2015 | USN-2751-1 | Linux Kernel (Vivid HWE) Vulnerability | ||
| 07 Ott 2015 | USN-2756-1 | rpcbind Vulnerability | ||
| 07 Ott 2015 | USN-2765-1 | Linux Kernel (Vivid HWE) Vulnerability | ||
| 08 Set 2015 | USN-2710-1 | OpenSSH Vulnerabilities | ||
| 08 Set 2015 | USN-2698-1 | SQLite Vulnerabilities | ||
| 08 Set 2015 | USN-2694-1 | PCRE Vulnerabilities | ||
| 08 Set 2015 | USN-2718-1 | Address Configuration Change Vulnerabilities | ||
| 06 Ago 2015 | USN-2696-1 | OpenJDK 7 Vulnerabilities | ||
| 29 Lug 2015 | CVE-2015-3290 | Linux Kernel NMI Vulnerability | ||
| 10 Lug 2015 | CVE-2015-1420 | file_handle size verification | ||
| 06 Lug 2015 | CVE-2015-1330 | Unattended-Upgrades Vulnerability | ||
| 25 Giu 2015 | CVE-2015-3189 | Expire old reset password links | ||
| 25 Giu 2015 | CVE-2015-3190 | Open redirect on Login | ||
| 25 Giu 2015 | CVE-2015-3191 | CSRF attack on change email | ||
| 12 Giu 2015 | USN-2639-1 | OpenSSL vulnerabilities | ||
| 12 Giu 2015 | CVE-2015-3636 | ipv4 use-after-free | ||
| 17 Giu 2015 | CVE-2015-1328 | overlayfs privilege escalation | ||
| 09 Giu 2015 | Redis LUA Sandbox | Redis LUA Exploit | ||
| 22 Mag 2015 | CVE-2015-1834 | Path Traversal Vulnerability | ||
| 22 Mag 2015 | USN-2617-1 | FUSE Vulnerability | ||
| 30 Apr 2015 | CVE-2015-1855 | Ruby OpenSSL Hostname Verification | ||
| 23 Mar 2015 | CVE-2015-0282 | Multiple GnuTLS Vulnerabilities | ||
| 21 Mar 2015 | USN-2537-1 | OpenSSL vulnerabilities | ||
| 13 Mar 2015 | CVE-2014-8159 | Linux Kernel Infiniband Vulnerability | ||
| 09 Feb 2015 | CVE-2014-0227 | Apache Tomcat Request Smuggling | ||
| 28 Gen 2015 | CVE-2015-0235 | GHOST | ||
| 10 Set 2014 | CVE-2013-4444 | Remote Code Execution in Apache Tomcat | ||
| 16 Ott 2014 | CVE-2014-3566 | SSLV3 POODLE | ||
| 29 Set 2014 | CVE-2014-7186 | Bash Out-of Bonds | ||
| 25 Set 2014 | CVE-2014-6271 | Bash - ShellShock | ||
| 19 Set 2014 | CVE-2014-5119 | glib_gconv_translit_find() exploit | ||
| 18 Ago 2014 | CVE-2014-3153 | Futex requeue exploit | ||
| 05 Giu 2014 | CVE-2014-0224 | SSL/TLS MITM Vulnerability | ||
| 10 Apr 2014 | CVE-2014-0160 | Heartbleed |
[1] This table is not yet a complete list of vulnerabilities in dependencies. Formulating such a list is an extensive undertaking which Pivotal is addressing systematically. When this table becomes a complete and comprehensive list, we will remove this footnote.
Thanks
Note: Reports of vulnerabilities in Pivotal products are listed in the credit section of the associated security announcement.