Pivotal Application Security Team

Overview

The Pivotal Application Security Team provides a single point of contact for the reporting of security vulnerabilities in Pivotal products and coordinates the process of investigating any reported vulnerabilities.

If you would like to subscribe to updates to this page, the RSS feed for all vulnerability reports is available at https://tanzu.vmware.com/security/rss or https://tanzu.vmware.com/security/parsed/rss. The RSS feed for just the notable vulnerabilities in dependences is available at https://tanzu.vmware.com/security/dependencies/rss and the RSS feed for just Pivotal product vulnerabilities is available at https://tanzu.vmware.com/security/pivotal/rss.

Reporting a vulnerability

We strongly encourage people to report security vulnerabilities privately to our security team before disclosing them in a public forum.

Please note that the e-mail address below should only be used for reporting undisclosed security vulnerabilities in Pivotal products and managing the process of fixing such vulnerabilities. We cannot accept regular bug reports or other security related queries at this address.

The e-mail address to use to contact the Pivotal Application Security Team is security@pivotal.io.

The fingerprint is: AA8F D966 7001 70B7 087E B407 04A1 595B 8F19 137B

It can be obtained from a public key server such as pgp.mit.edu.

Pivotal Product Vulnerability Reports

Date	CVE Reference	Description
13 Ott 2020	MYSQL-SECURITY-UPDATES-APR2020	Various MySQL Security Updates from April 2020
13 Ott 2020	MYSQL-SECURITY-UPDATES-JAN2020	Various MySQL Security Updates from January 2020
01 Ott 2020	CVE-2020-5422	UAA password may appear in Operations Manager process arguments
17 Set 2020	CVE-2020-5421	RFD Protection Bypass via jsessionid
10 Set 2020	CVE-2020-5420	Gorouter is vulnerable to DoS attack via invalid HTTP responses
01 Set 2020	CVE-2020-5416	TAS clusters with NGINX in front of them may be vulnerable to DoS
27 Ago 2020	CVE-2020-5419	RabbitMQ arbitrary code execution using local binary planting
11 Ago 2020	CVE-2020-5415	Concourse's GitLab auth allows impersonation
04 Ago 2020	CVE-2020-5412	Hystrix Dashboard Proxy In spring-cloud-netflix-hystrix-dashboard
30 Lug 2020	CVE-2020-5414	App Autoscaler logs credentials
30 Lug 2020	CVE-2020-5396	JMX Insecure Default Configuration in GemFire
30 Lug 2020	MYSQL-SECURITY-UPDATES-OCT2019	Various MySQL Security Updates from October 2019
30 Lug 2020	MYSQL-SECURITY-UPDATES-JUL2019	Various MySQL Security Updates from July 2019
30 Lug 2020	CVE-2019-11286	JMX Credential Deserialization in GemFire
23 Lug 2020	CVE-2020-5413	Kryo Configuration Allows Code Execution with Unknown “Serialization Gadgets”
16 Lug 2020	CVE-2020-15586	Gorouter is vulnerable to DoS Attack via Expect 100-continue requests
10 Giu 2020	CVE-2020-5411	Jackson Configuration Allows Code Execution with Unknown “Serialization Gadgets”
01 Giu 2020	CVE-2020-5410	Directory Traversal with spring-cloud-config-server
26 Mag 2020	CVE-2019-15605	Node.js is vulnerable to request smuggling
13 Mag 2020	CVE-2020-5409	Concourse Open Redirect in the /sky/login endpoint
07 Mag 2020	CVE-2020-5408	Dictionary attack with Spring Security queryable text encryptor
07 Mag 2020	CVE-2020-5407	Signature Wrapping Vulnerability with spring-security-saml2-service-provider
14 Apr 2020	CVE-2020-5402	UAA fails to check the state parameter when authenticating with external IDPs
09 Apr 2020	CVE-2020-5406	PCF Autoscaling logs its database credentials
06 Apr 2020	CVE-2019-11282	UAA is vulnerable to a Blind SCIM injection leading to information disclosure
06 Apr 2020	CVE-2020-5400	Cloud Controller logs environment variables from app manifests
04 Mar 2020	VARIOUS-JACKSON-CVES-UAA	Various CVEs UAA consumes vulnerable versions of FasterXML jackson-databind
04 Mar 2020	CVE-2019-11290	UAA logs query parameters in tomcat access file
03 Mar 2020	CVE-2019-11253	PKS is vulnerable to a YAML/JSON parsing "Billion Laughs" Attack
27 Feb 2020	CVE-2020-5403	DoS Via Malformed URL with Reactor Netty HTTP Server
27 Feb 2020	CVE-2020-5404	Authentication Leak On Redirect With Reactor Netty HttpClient
26 Feb 2020	CVE-2020-5405	Directory Traversal with spring-cloud-config-server
24 Feb 2020	CVE-2020-5401	GoRouter is vulnerable to a cache poisoning DoS
12 Feb 2020	CVE-2020-5399	CredHub does not properly enable TLS for MySQL database connections
11 Feb 2020	CVE-2019-19604	Git submodule loading vulnerability
16 Gen 2020	CVE-2020-5397	CSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFlux
16 Gen 2020	CVE-2020-5398	RFD Attack via “Content-Disposition” Header Sourced from Request Input by Spring MVC or Spring WebFlux Application
15 Gen 2020	CVE-2019-11288	tc Server JMX Socket Listener Registry Rebinding Local Privilege Escalation
10 Gen 2020	CVE-2019-18802	CVE-2019-18801, CVE-2019-18838, MySQL for Pivotal Platform consumes a vulnerable version of Envoy
08 Gen 2020	CVE-2019-11292	Ops Manager logs query parameters in tomcat access file
04 Dic 2019	CVE-2019-19029	SQL Injection via user-groups in VMware Harbor Container Registry for Pivotal Platform
04 Dic 2019	CVE-2019-19023	Privilege Escalation Vulnerability in VMware Harbor Container Registry for Pivotal Platform
04 Dic 2019	CVE-2019-19026	SQL Injection via project quotas in VMware Harbor Container Registry for Pivotal Platform
04 Dic 2019	CVE-2019-3990	User Enumeration Flaw in VMware Harbor Container Registry for Pivotal Platform
04 Dic 2019	CVE-2019-19025	Cross-Site Request Forgery Vulnerability in VMware Harbor Container Registry for Pivotal Platform
04 Dic 2019	CVE-2019-9517	CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9518, CVE-2019-9511, CVE-2019-9516, Some Pivotal products are impacted by HTTP/2 denial of service attacks
03 Dic 2019	CVE-2019-11293	UAA logs all query parameters with debug logging level
22 Nov 2019	CVE-2019-11291	RabbitMQ XSS attack via federation and shovel endpoints
22 Nov 2019	CVE-2019-11287	RabbitMQ Web Management Plugin DoS via heap overflow
18 Nov 2019	CVE-2019-11289	A forged route service request using an invalid nonce can cause the gorouter to panic and crash
06 Nov 2019	CVE-2019-9893	libseccomp incorrectly generate 64-bit syscall argument comparisons
28 Ott 2019	CVE-2019-16869	Reactor Netty Consumes a Vulnerable Version of Netty
24 Ott 2019	CVE-2019-11249	PKS consumes a vulnerable version of kubectl
23 Ott 2019	CVE-2019-11283	Password leak in smbdriver logs
17 Ott 2019	CVE-2019-16919	Broken access control vulnerability in Harbor API
15 Ott 2019	CVE-2019-11278	Privilege Escalation via Blind SCIM Injection in UAA
15 Ott 2019	CVE-2019-11279	Privilege Escalation via Scope Manipulation in UAA
15 Ott 2019	CVE-2019-11247	Kubernetes API Server Vulnerability
15 Ott 2019	CVE-2018-15664	Docker Symlink Directory Traversal Vulnerability
15 Ott 2019	CVE-2019-13139	Docker build code execution
14 Ott 2019	CVE-2019-11281	RabbitMQ XSS attack
11 Ott 2019	CVE-2019-11284	Reactor Netty authentication leak in redirects
25 Set 2019	CVE-2019-11275	CSV Injection in usage report downloaded from Pivotal Application Manager
23 Set 2019	CVE-2019-11277	Volume Services is vulnerable to an LDAP injection attack
19 Set 2019	CVE-2019-11280	Privilege escalation through the invitations service
20 Ago 2019	CVE-2019-3775	UAA allows users to modify their own email address
20 Ago 2019	CVE-2019-3788	UAA redirect-uri allows wildcards in the subdomain
20 Ago 2018	CVE-2019-3787	UAA defaults email address to an insecure domain
20 Ago 2019	CVE-2019-10164	Critical Security Issue in PostgreSQL
19 Ago 2019	CVE-2019-11276	Apps Manager sends tokens to Spring apps via HTTP
15 Ago 2019	CVE-2017-15694	Pivotal GemFire and Cloud Cache consume vulnerable versions of Apache Geode
14 Ago 2019	CVE-2019-13232	ClamAV Add-on for PCF consumes a vulnerable version of ClamAV
01 Ago 2019	CVE-2019-11270	UAA clients.write vulnerability
25 Lug 2019	CVE-2019-3800	CF CLI writes the client id and secret to config file
25 Lug 2019	CVE-2019-3781	CF CLI does not sanitize user's password in verbose/trace/debug
23 Lug 2019	CVE-2019-11273	PKS Telemetry logs credentials
22 Lug 2019	VARIOUS-SQL	Various MySQL Security Updates from July 2018 through January 2019
22 Lug 2019	USN-4017-1	Linux kernel vulnerabilities
18 Lug 2019	CVE-2019-3786	BBR could run arbitrary scripts on deployment VMs
28 Giu 2019	CVE-2019-11271	Bosh Deployment logs leak sensitive information
19 Giu 2019	CVE-2019-11272	PlaintextPasswordEncoder authenticates encoded passwords that are null
30 Mag 2019	CVE-2019-5021	Tile generator affected by insecure default password
30 Mag 2019	CVE-2019-11269	Open Redirector in spring-security-oauth2
24 Mag 2019	CVE-2019-3790	Ops Manager uaa client issues tokens after refresh token expiration
13 Mag 2019	CVE-2019-3802	Additional information exposure with Spring Data JPA example matcher
25 Apr 2019	CVE-2019-3801	Java Projects using HTTP to fetch dependencies
24 Apr 2019	CVE-2019-3798	Escalation of Privileges in Cloud Controller
24 Apr 2019	CVE-2019-3789	Gorouter allows space developer to hijack route services hosted outside the platform
16 Apr 2019	CVE-2019-3799	Directory Traversal with spring-cloud-config-server
12 Apr 2019	CVE-2019-3793	Invitations Service supports HTTP connections
08 Apr 2019	CVE-2019-3797	Additional information exposure with Spring Data JPA derived queries
04 Apr 2019	CVE-2019-3795	Insecure Randomness When Using a SecureRandom Instance Constructed by Spring Security
01 Apr 2019	CVE-2019-9946	Kubernetes affecting certain network configurations with CNI
01 Apr 2019	CVE-2019-1002100	Kubernetes API Server Patch Request Consumes Excess Resource Cause Denial of Service
01 Apr 2019	CVE-2019-1002101	Kubernetes kubectl - potential directory traversal
25 Mar 2019	CVE-2019-3792	Concourse 5.0.0 SQL Injection vulnerability
07 Mar 2019	CVE-2019-8331	Bootstrap XSS
28 Feb 2019	CVE-2018-15754	UAA issues tokens across identity providers if users with matching usernames exist
26 Feb 2019	CVE-2019-3777	Apps Manager unverified SSL certs in Cloud Controller proxy
21 Feb 2019	CVE-2019-3778	Open Redirector in spring-security-oauth2
19 Feb 2019	CVE-2019-3776	Reflected XSS in Pivotal Operations Manager
14 Feb 2019	CVE-2019-3780	Cloud Foundry Container Runtime Leaks IAAS Credentials
14 Feb 2019	CVE-2019-3779	Pivotal Container Service allows a user to bypass security policy when talking to ETCD
14 Gen 2019	CVE-2019-3772	XML External Entity Injection (XXE)
14 Gen 2019	CVE-2019-3773	XML External Entity Injection (XXE)
14 Gen 2019	CVE-2019-3774	XML External Entity Injection (XXE)
08 Gen 2019	KUBERNETES-API-SERVER	Kubernetes API Server acts as proxy for internal and external IPs
08 Gen 2019	CVE-2019-3803	Concourse includes token in CLI authentication callback
04 Gen 2019	CVE-2018-18264	Kubernetes Dashboard TLS Certificate Leak
18 Dic 2018	CVE-2018-15801	Authorization Bypass During JWT Issuer Validation with spring-security
13 Dic 2018	CVE-2018-15798	Pivotal Concourse allows malicious redirect urls on login
05 Dic 2018	CVE-2018-1279	RabbitMQ cluster compromise due to deterministically generated cookie
15 Nov 2018	CVE-2018-15759	On Demand Services SDK Timing Attack Vulnerability
09 Nov 2018	CVE-2018-15795	CredHub Service Broker uses guessable client secret
29 Ott 2018	CVE-2018-15762	Pivotal Operations Manager gives all users heightened privileges
16 Ott 2018	CVE-2018-15758	Privilege Escalation in spring-security-oauth2
16 Ott 2018	CVE-2018-15756	DoS Attack via Range Requests
10 Ott 2018	CVE-2018-11084	Garden-runC prevents deletion of some app environments
10 Ott 2018	CVE-2018-15755	CF networking internal policy server SQL injection
03 Ott 2018	CVE-2018-11083	BOSH accepts refresh token as access token
02 Ott 2018	CVE-2018-15763	PKS leaks IaaS credentials to application logs
27 Set 2018	CVE-2018-11081	Ops Manager writes UAA credentials to disk
13 Set 2018	CVE-2018-1198	PCC bosh deployment logs print a superuser password in plain text
13 Set 2018	CVE-2018-11088	CF admin credentials accessible to developers through Applications Manager
13 Set 2018	CVE-2018-11086	CF admin credentials accessible to developers through usage service
11 Set 2018	CVE-2018-11087	RabbitMQ (Spring-AMQP) Host name verification
23 Lug 2018	CVE-2018-11044	Apps Manager allows unescaped content in invitation emails
10 Lug 2018	CVE-2018-11045	Operations Manager image contains static LRNG seed file
20 Giu 2018	CVE-2018-11046	Operations Manager includes outdated NGINX packages
14 Giu 2018	CVE-2018-11040	JSONP enabled by default in MappingJackson2JsonView
14 Giu 2018	CVE-2018-11039	Cross Site Tracing (XST) with Spring Framework
11 Mag 2018	CVE-2018-1263	Unsafe Unzip with spring-integration-zip
10 Mag 2018	CVE-2018-1278	Apps Manager allows unauthorized org invitations
09 Mag 2018	CVE-2018-1261	Unsafe Unzip with spring-integration-zip
09 Mag 2018	CVE-2018-1260	Remote Code Execution with spring-security-oauth2
09 Mag 2018	CVE-2018-1259	XXE with Spring Data’s XMLBeam integration
09 Mag 2018	CVE-2018-1258	Unauthorized Access with Spring Security Method Security
09 Mag 2018	CVE-2018-1257	ReDoS Attack with spring-messaging
07 Mag 2018	CVE-2018-1280	Blind SQL injection in Pivotal Greenplum Command Center
30 Apr 2018	CVE-2018-1256	Issuer validation regression in Spring Cloud SSO Connector
10 Apr 2018	CVE-2018-1274	Denial of Service with Spring Data
10 Apr 2018	CVE-2018-1273	RCE with Spring Data Commons
09 Apr 2018	CVE-2018-1275	Address partial fix for CVE-2018-1270
05 Apr 2018	CVE-2018-1272	Multipart Content Pollution with Spring Framework
05 Apr 2018	CVE-2018-1271	Directory Traversal with Spring MVC on Windows
05 Apr 2018	CVE-2018-1270	Remote Code Execution with spring-messaging
16 Mar 2018	CVE-2018-1230	Spring Batch Admin vulnerable to Cross Site Request Forgery
16 Mar 2018	CVE-2018-1229	Stored XSS in file upload of Spring Batch Admin
13 Feb 2018	CVE-2018-1200	Apps Manager File Access Vulnerability
30 Gen 2018	CVE-2018-1196	Symlink privilege escalation attack via Spring Boot launch script
29 Gen 2018	CVE-2018-1199	Security bypass with static resources
16 Ott 2017	CVE-2017-8028	Spring-LDAP authentication with userSearch and STARTTLS allows authentication with arbitrary password
21 Set 2017	CVE-2017-8046	RCE in PATCH requests in Spring Data REST
19 Set 2017	CVE-2017-8045	Remote code execution in spring-amqp
15 Set 2017	CVE-2017-8039	Data Binding Expression Vulnerability in Spring Web Flow
31 Ago 2017	CVE-2017-8044	XSS vulnerability in Single Sign-On for PCF via DOM-based query parameters
31 Ago 2017	CVE-2017-8041	XSS vulnerability in org name in Single Sign-On for PCF
31 Ago 2017	CVE-2017-8040	XXE Vulnerability in Single Sign-On for PCF
08 Giu 2017	CVE-2017-4995	Jackson Configuration Allows Code Execution with Unknown “Serialization Gadgets”
31 Mag 2017	CVE-2017-4971	Data Binding Expression Vulnerability in Spring Web Flow
15 Mag 2017	CVE-2017-4975	Tile generator sets open security groups
04 Mag 2017	CVE-2017-4966	RabbitMQ local storage of credentials
04 Mag 2017	CVE-2017-4965	XSS vulnerabilities in RabbitMQ management UI
27 Mar 2017	CVE-2017-2773	Unauthenticated JWT signing algorithm in multiple components
24 Mar 2017	CVE-2017-4955	Credentials in Elastic Runtime Notifications errand log
14 Feb 2017	CVE-2017-4959	Pivotal Cloud Foundry account authorization vulnerability
09 Feb 2017	CVE-2016-9880	Unauthenticated access to GemFire for PCF broker endpoints
04 Gen 2017	CVE-2016-9885	gfsh exposed over go router for GemFire for PCF
28 Dic 2016	CVE-2016-9879	Encoded "/" in path variables
28 Dic 2016	CVE-2016-0898	Service backups log AWS key
21 Dic 2016	CVE-2016-9878	Directory Traversal in the Spring Framework ResourceServlet
19 Dic 2016	CVE-2016-9877	RabbitMQ authentication vulnerability
31 Ott 2016	CVE-2016-6657	PCF Open Redirects
31 Ott 2016	CVE-2016-6656	Code injection vulnerability via GPHDFS in Greenplum database
30 Set 2016	CVE-2016-6652	Spring Data JPA Blind SQL Injection Vulnerability
12 Set 2016	CVE-2016-0930	Ops Manager Compilation VMs Vulnerability on vSphere and vCloud
27 Lug 2016	CVE-2016-0896	IaaS Metadata Endpoint Accessible from Application Containers
15 Lug 2016	CVE-2016-0929	RabbitMQ for PCF vulnerability
07 Lug 2016	CVE-2016-5007	Spring Security / MVC Path Matching Inconsistency
07 Lug 2016	CVE-2016-0926	Apps Manager XSS vulnerability
05 Lug 2016	CVE-2016-4977	Remote Code Execution (RCE) in Spring Security OAuth
29 Giu 2016	CVE-2016-0928	PCF Open Redirects
24 Giu 2016	CVE-2016-0897	Ops Manager vSphere and vCloud vulnerability
23 Giu 2016	CVE-2016-0927	Ops Manager XSS vulnerability
11 Apr 2016	CVE-2016-2173	Remote Code Execution in Spring AMQP
23 Mar 2016	CVE-2016-0780	Cloud Controller Disk Quota Enforcement
23 Mar 2016	CVE-2016-2165	Loggregator Request URL Paths
23 Mar 2016	CVE-2016-0781	UAA Persistent XSS Vulnerability
03 Feb 2016	CVE-2016-0883	Pivotal Ops Manager Weak Authentication Scheme
12 Nov 2015	CVE-2015-5258	Spring Social CSRF
15 Ott 2015	CVE-2015-5211	RFD Attack in Spring Framework
30 Giu 2015	CVE-2015-3192	DoS Attack with XML Input
06 Mar 2015	CVE-2015-0201	Insufficiently random session id in Java SockJS client
13 Gen 2015	CVE-2014-3626	Directory Traversal in Grails Resources Plugin
11 Nov 2014	CVE-2014-3625	Directory Traversal in Spring Framework
05 Set 2014	CVE-2014-3578	Directory Traversal in Spring Framework
15 Ago 2014	CVE-2014-3527	Access Control Bypass in Spring Security
28 Mag 2014	CVE-2014-0225	Information Disclosure when using Spring MVC
11 Mar 2014	CVE-2014-1904	XSS when using Spring MVC
11 Mar 2014	CVE-2014-0097	Blank password may bypass user authentication
11 Mar 2014	CVE-2014-0054	Incomplete fix for CVE-2013-7315 / CVE-2013-6429 (XXE)
19 Feb 2014	CVE-2014-0053	Information Disclosure when using Grails
14 Gen 2014	CVE-2013-6430	Possible XSS when using Spring MVC
14 Gen 2014	CVE-2013-6429	Incomplete fix for CVE-2013-7315 (XXE)
22 Ago 2013	CVE-2013-7315	XML External Entity (XXE) injection in Spring Framework
22 Ago 2013	CVE-2013-4152	XML eXternal Entity (XXE) injection in Spring Framework

Notable Vulnerabilities in Dependencies[1]

Date	CVE Reference	Description
24 Set 2020	USN-4466-1	curl vulnerability
24 Set 2020	USN-4457-1	Software Properties vulnerability
28 Ago 2020	USN-4414-1	Linux kernel vulnerabilities
28 Ago 2020	USN-4402-1	curl vulnerabilities
28 Ago 2020	USN-4398-1	DBus vulnerability
30 Lug 2020	USN-4394-1	SQLite vulnerabilities
30 Lug 2020	USN-4390-1	Linux kernel vulnerabilities
30 Lug 2020	USN-4385-2	Intel Microcode regression
30 Lug 2020	USN-4385-1	Intel Microcode vulnerabilities
30 Lug 2020	USN-4377-1	ca-certificates update
30 Lug 2020	USN-4376-1	OpenSSL vulnerabilities
30 Lug 2020	USN-4360-4	json-c vulnerability
30 Lug 2020	USN-3911-2	file regression
14 Mag 2020	USN-4318-1	Linux kernel vulnerabilities
28 Apr 2020	USN-4345-1	Linux kernel vulnerabilities
23 Apr 2020	USN-4305-1	ICU vulnerability
23 Apr 2020	USN-4302-1	Linux kernel vulnerabilities
23 Apr 2020	USN-4298-1	SQLite vulnerabilities
21 Apr 2020	USN-4333-1	Python vulnerabilities
08 Apr 2020	USN-4292-1	rsync vulnerabilities
02 Mar 2020	USN-4293-1	libarchive vulnerabilities
18 Feb 2020	USN-4287-1	Linux kernel vulnerabilities
10 Feb 2020	USN-4274-1	libxml2 vulnerabilities
05 Feb 2020	USN-4269-1	systemd vulnerabilities
03 Feb 2020	USN-4263-1	Sudo vulnerability
28 Gen 2020	USN-4255-2	Linux kernel (HWE) vulnerabilities
28 Gen 2020	USN-4256-1	Cyrus SASL vulnerability
27 Gen 2020	USN-4252-1	tcpdump vulnerabilities
23 Gen 2020	USN-4233-2	GnuTLS update
23 Gen 2020	USN-4249-1	e2fsprogs vulnerability
22 Gen 2020	USN-4247-1	python-apt vulnerabilities
22 Gen 2020	USN-4247-2	python-apt regression
22 Gen 2020	USN-4246-1	zlib vulnerabilities
20 Gen 2020	USN-4242-1	Sysstat vulnerabilities
20 Gen 2020	USN-4243-1	libbsd vulnerabilities
19 Gen 2020	CVE-2020-0601	Windows Stemcells vulnerable to Windows CryptoAPI Spoofing Vulnerability
15 Gen 2020	USN-4205-1	SQLite vulnerabilities
15 Gen 2020	USN-4215-1	NSS vulnerability
15 Gen 2020	USN-4182-3	Intel Microcode regression
15 Gen 2020	USN-4220-1	Git vulnerabilities
15 Gen 2020	USN-4210-1	Linux kernel vulnerabilities
14 Gen 2020	USN-4236-2	Libgcrypt vulnerability
13 Gen 2020	USN-4235-1	nginx vulnerability
09 Gen 2020	USN-4233-1	GnuTLS update
08 Gen 2020	USN-4231-1	NSS vulnerability
07 Gen 2020	USN-4227-1	Linux kernel vulnerabilities
18 Dic 2019	USN-4194-1	postgresql-common vulnerability
18 Dic 2019	USN-4185-1	Linux kernel vulnerabilities
18 Dic 2019	USN-4162-1	Linux kernel vulnerabilities
18 Dic 2019	USN-4191-1	QEMU vulnerabilities
18 Dic 2019	USN-4164-1	Libxslt vulnerabilities
18 Dic 2019	USN-4190-1	libjpeg-turbo vulnerabilities
18 Dic 2019	USN-4176-1	GNU cpio vulnerability
18 Dic 2019	USN-4172-1	file vulnerability
18 Dic 2019	USN-4203-1	NSS vulnerability
18 Dic 2019	USN-4169-1	libarchive vulnerability
18 Dic 2019	USN-4182-1	Intel Microcode update
18 Dic 2019	USN-4185-3	Linux kernel vulnerability and regression
18 Dic 2019	USN-4199-1	libvpx vulnerabilities
11 Dic 2019	USN-4221-1	libpcap vulnerability
25 Nov 2019	CVE-2019-15587	Ops Manager contains a vulnerable Loofah gem
14 Nov 2019	USN-4004-1	Berkeley DB vulnerability
14 Nov 2019	USN-4038-1	bzip2 vulnerabilities
14 Nov 2019	USN-3911-1	file vulnerabilities
14 Nov 2019	USN-4015-1	DBus vulnerability
14 Nov 2019	USN-4011-1	Jinja2 vulnerabilities
14 Nov 2019	USN-4008-2	AppArmor update
14 Nov 2019	USN-3999-1	GnuTLS vulnerabilities
14 Nov 2019	USN-3967-1	FFmpeg vulnerabilities
14 Nov 2019	USN-3990-1	urllib3 vulnerabilities
14 Nov 2019	USN-4040-1	Expat vulnerability
14 Nov 2019	USN-3885-2	OpenSSH vulnerability
14 Nov 2019	USN-3993-1	curl vulnerabilities
14 Nov 2019	USN-4012-1	elfutils vulnerabilities
14 Nov 2019	USN-3968-1	Sudo vulnerabilities
14 Nov 2019	USN-4016-1	Vim vulnerabilities
14 Nov 2019	USN-4019-1	SQLite vulnerabilities
06 Nov 2019	USN-4151-1	Python vulnerabilities
06 Nov 2019	USN-4144-1	Linux kernel vulnerabilities
06 Nov 2019	USN-4142-1	e2fsprogs vulnerability
06 Nov 2019	USN-4132-1	Expat vulnerability
06 Nov 2019	USN-4129-1	curl vulnerabilities
06 Nov 2019	USN-4127-1	Python vulnerabilities
06 Nov 2019	USN-4126-1	FreeType vulnerability
30 Set 2019	USN-4135-1	Linux kernel vulnerabilities
30 Set 2019	USN-4115-2	Linux kernel regression
30 Set 2019	USN-4115-1	Linux kernel vulnerabilities
30 Set 2019	USN-4094-1	Linux kernel vulnerabilities
30 Set 2019	USN-4071-1	Patch vulnerabilities
30 Set 2019	USN-4049-3	GLib regression
24 Set 2019	CVE-2019-16097	Harbor Privilege Escalation
05 Set 2019	USN-4099-1	nginx vulnerabilities
05 Set 2019	USN-4090-1	PostgreSQL vulnerabilities
05 Set 2019	USN-4068-2	Linux kernel (HWE) vulnerabilities
05 Set 2019	USN-4060-1	NSS vulnerabilities
05 Set 2019	USN-4058-1	Bash vulnerability
05 Set 2019	USN-4049-1	GLib vulnerability
05 Set 2019	USN-4038-3	bzip2 regression
06 Ago 2019	USN-4041-1	Linux kernel update
05 Ago 2019	USN-4014-1	GLib vulnerability
05 Ago 2019	USN-4001-1	libseccomp vulnerability
05 Ago 2019	USN-3977-3	Intel Microcode update (AKA ZombieLoad Attack)
19 Giu 2019	USN-3981-2	Linux kernel (HWE) vulnerabilities (AKA ZombieLoad Attack)
19 Giu 2019	USN-3977-2	Intel Microcode update (AKA ZombieLoad Attack)
19 Giu 2019	USN-3977-1	Intel Microcode update (AKA ZombieLoad Attack)
21 Mag 2019	USN-3972-1	PostgreSQL vulnerabilities
21 Mag 2019	USN-3962-1	libpng vulnerability
21 Mag 2019	USN-3960-1	WavPack vulnerability
21 Mag 2019	USN-3947-1	Libxslt vulnerability
21 Mag 2019	USN-3943-1	Wget vulnerabilities
21 Mag 2019	USN-3932-2	Linux kernel (Xenial HWE) vulnerabilities
21 Mag 2019	USN-3931-2	Linux kernel (HWE) vulnerabilities
08 Mag 2019	USN-3935-1	BusyBox vulnerabilities
25 Apr 2019	USN-3945-1	Ruby vulnerabilities
25 Apr 2019	USN-3910-2	Linux kernel (Xenial HWE) vulnerabilities
25 Apr 2019	USN-3906-1	LibTIFF vulnerabilities
25 Apr 2019	USN-3901-2	Linux kernel (HWE) vulnerabilities
25 Apr 2019	USN-3900-1	GD vulnerabilities
25 Apr 2019	USN-3899-1	OpenSSL vulnerability
25 Apr 2019	USN-3898-1	NSS vulnerability
25 Apr 2019	USN-3891-1	systemd vulnerability
25 Apr 2019	USN-3885-1	OpenSSH vulnerabilities
25 Apr 2019	USN-3884-1	libarchive vulnerabilities
25 Apr 2019	USN-3882-1	curl vulnerabilities
25 Apr 2019	USN-3879-2	Linux kernel (Xenial HWE) vulnerabilities
25 Apr 2019	USN-3871-4	Linux kernel (HWE) vulnerabilities
25 Apr 2019	USN-3864-1	LibTIFF vulnerabilities
25 Apr 2019	USN-3859-1	libarchive vulnerabilities
25 Apr 2019	USN-3848-2	Linux kernel (Xenial HWE) vulnerabilities
25 Apr 2019	USN-3847-2	Linux kernel (HWE) vulnerabilities
25 Apr 2019	USN-3840-1	OpenSSL vulnerabilities
25 Apr 2019	USN-3834-1	Perl vulnerabilities
25 Apr 2019	USN-3816-3	systemd regression
25 Apr 2019	USN-3855-1	systemd vulnerabilities
25 Apr 2019	USN-3863-1	APT vulnerability
13 Feb 2019	CVE-2019-5736	runC container breakout
06 Feb 2019	USN-3836-2	Linux kernel (HWE) vulnerabilities
06 Feb 2019	USN-3841-1	lxml vulnerability
06 Feb 2019	USN-3850-1	NSS vulnerabilities
03 Gen 2019	USN-3843-1	pixman vulnerability
03 Gen 2019	USN-3816-2	systemd vulnerability
03 Gen 2019	USN-3839-1	WavPack vulnerabilities
03 Gen 2019	USN-3829-1	Git vulnerabilities
14 Dic 2018	USN-3805-1	curl vulnerabilities
14 Dic 2018	USN-3809-1	OpenSSH vulnerabilities
14 Dic 2018	USN-3812-1	nginx vulnerabilities
14 Dic 2018	USN-3815-1	gettext vulnerability
14 Dic 2018	USN-3817-1	Python vulnerabilities
14 Dic 2018	USN-3821-2	Linux kernel (Xenial HWE) vulnerabilities
12 Dic 2018	USN-3820-2	Linux kernel (HWE) vulnerabilities
12 Dic 2018	USN-3816-1	systemd vulnerabilities
12 Dic 2018	USN-3806-1	systemd vulnerability
12 Dic 2018	USN-3808-1	Ruby vulnerabilities
03 Dic 2018	CVE-2018-15797	NFS Volume release errand leaks cf admin credentials in logs
03 Dic 2018	CVE-2018-1002105	Proxy request handling in kube-apiserver can leave vulnerable TCP connections
28 Nov 2018	USN-3797-2	Linux kernel (Xenial HWE) vulnerabilities
08 Nov 2018	USN-3800-1	audiofile vulnerabilities
08 Nov 2018	USN-3791-1	Git vulnerability
08 Nov 2018	USN-3786-1	libxkbcommon vulnerabilities
08 Nov 2018	USN-3785-1	ImageMagick vulnerabilities
06 Nov 2018	CVE-2018-15761	UAA Privilege Escalation
26 Ott 2018	USN-3790-1	Requests vulnerability
26 Ott 2018	USN-3777-2	Linux kernel (HWE) vulnerabilities
26 Ott 2018	USN-3762-2	Linux kernel (HWE) vulnerabilities
09 Ott 2018	USN-3752-2	Linux kernel (HWE) vulnerabilities
09 Ott 2018	USN-3765-1	curl vulnerability
09 Ott 2018	USN-3767-1	GLib vulnerabilities
09 Ott 2018	USN-3770-1	Little CMS vulnerabilities
27 Set 2018	USN-3759-1	libtirpc vulnerabilities
27 Set 2018	USN-3758-1	libx11 vulnerabilities
27 Set 2018	USN-3756-1	Intel Microcode vulnerabilities
27 Set 2018	USN-3755-1	GD vulnerabilities
27 Set 2018	USN-3753-2	Linux kernel (Xenial HWE) vulnerabilities
27 Set 2018	USN-3744-1	PostgreSQL vulnerabilities
27 Set 2018	USN-3741-2	Linux kernel (Xenial HWE) vulnerabilities
27 Set 2018	USN-3739-1	libxml2 vulnerabilities
27 Set 2018	USN-3736-1	libarchive vulnerabilities
27 Set 2018	USN-3733-1	GnuPG vulnerability
27 Set 2018	USN-3729-1	libxcursor vulnerability
27 Set 2018	USN-3712-1	libpng vulnerabilities
27 Set 2018	USN-3696-2	Linux kernel (Xenial HWE) vulnerabilities
27 Set 2018	USN-3692-1	OpenSSL vulnerabilities
27 Set 2018	USN-3690-2	AMD Microcode regression
27 Set 2018	USN-3690-1	AMD Microcode update
27 Set 2018	USN-3689-1	Libgcrypt vulnerability
27 Set 2018	USN-3605-1	Sharutils vulnerability
27 Set 2018	USN-3589-1	PostgreSQL vulnerability
27 Set 2018	USN-3564-1	PostgreSQL vulnerability
27 Set 2018	USN-3532-1	GDK-PixBuf vulnerabilities
27 Set 2018	USN-3509-4	Linux kernel (Xenial HWE) regression
27 Set 2018	USN-3352-1	nginx vulnerability
09 Ago 2018	CVE-2018-8037	Apache Tomcat - NIO/NIO2 connectors user sessions can get mixed up
09 Ago 2018	CVE-2018-1336	Apache Tomcat - UTF-8 decoder can lead to DoS
02 Ago 2018	USN-3711-1	ImageMagick vulnerabilities
02 Ago 2018	USN-3707-1	NTP vulnerabilities
02 Ago 2018	USN-3706-1	libjpeg-turbo vulnerabilities
23 Lug 2018	CVE-2018-11047	UAA accepts refresh token as access token on admin endpoints
20 Lug 2018	USN-3693-1	JasPer vulnerabilities
20 Lug 2018	USN-3686-1	file vulnerabilities
20 Lug 2018	USN-3684-1	Perl vulnerability
20 Lug 2018	USN-3681-1	ImageMagick vulnerabilities
20 Lug 2018	USN-3676-2	Linux kernel (Xenial HWE) vulnerabilities
20 Lug 2018	USN-3675-1	GnuPG vulnerabilities
20 Lug 2018	USN-3658-1	procps-ng vulnerabilities
17 Lug 2018	CVE-2018-11041	UAA open redirect
16 Lug 2018	CVE-2018-1269	Loggregator does not properly close some TCP connections
16 Lug 2018	CVE-2018-1268	Loggregator lacks app GUID validation
19 Giu 2018	CVE-2018-1265	Diego does not properly sanitize file paths in tar/zip files
21 Giu 2018	USN-3671-1	Git vulnerabilities
21 Giu 2018	USN-3654-2	Linux kernel (Xenial HWE) vulnerabilities
21 Giu 2018	USN-3648-1	curl vulnerabilities
14 Giu 2018	USN-3643-1	Wget vulnerability
14 Giu 2018	USN-3641-1	Linux kernel vulnerabilities
14 Giu 2018	USN-3631-2	Linux kernel (Xenial HWE) vulnerabilities
14 Giu 2018	USN-3628-1	OpenSSL vulnerability
14 Giu 2018	USN-3625-1	Perl vulnerabilities
14 Giu 2018	USN-3624-1	Patch vulnerabilities
14 Giu 2018	USN-3622-1	Wayland vulnerability
21 Mag 2018	CVE-2018-1277	Garden does not correctly enforce Docker image disc quotas
21 Mag 2018	CVE-2018-1276	Windows2012R2 stemcell exposes IaaS metadata on vSphere
10 Mag 2018	MS-ISAC-2018-046	MS-ISAC 2018-046 Multiple Vulnerabilities in PHP
08 Mag 2018	CVE-2018-1191	Garden may log Docker passwords
02 Mag 2018	USN-3619-2	Linux kernel (Xenial HWE) vulnerabilities
02 Mag 2018	USN-3611-1	OpenSSL vulnerability
02 Mag 2018	USN-3610-1	ICU vulnerability
02 Mag 2018	USN-3606-1	LibTIFF vulnerabilities
02 Mag 2018	USN-3604-1	libvorbis vulnerabilities
02 Mag 2018	USN-3602-1	LibTIFF vulnerabilities
02 Mag 2018	USN-3598-1	curl vulnerabilities
02 Mag 2018	USN-3586-1	DHCP vulnerabilities
02 Mag 2018	USN-3584-1	sensible-utils vulnerability
02 Mag 2018	USN-3569-1	libvorbis vulnerabilities
02 Mag 2018	USN-3554-1	curl vulnerabilities
02 Mag 2018	USN-3547-1	Libtasn1 vulnerabilities
02 Mag 2018	USN-3543-1	rsync vulnerabilities
02 Mag 2018	USN-3534-1	GNU C Library vulnerabilities
02 Mag 2018	USN-3506-1	rsync vulnerabilities
02 Mag 2018	USN-3501-1	libxcursor vulnerability
02 Mag 2018	USN-3346-2	Bind regression
30 Apr 2018	CVE-2018-1197	GCP Metadata Endpoint Accessible from Application Containers on Windows
05 Apr 2018	CVE-2018-1266	Cloud Controller file modification via malicious application
05 Apr 2018	CVE-2018-1231	BOSH CLI does not restrict access to configuration file
03 Apr 2018	USN-3582-2	Linux kernel (Xenial HWE) vulnerabilities
28 Mar 2018	CVE-2018-1195	Cloud Controller API will accept a refresh token for authentication
28 Mar 2018	CVE-2018-1192	UAA SessionID present in Audit Event Logs
28 Mar 2018	CVE-2018-1190	XSS on UAA OpenID Connect check session iframe endpoint
09 Mar 2018	CVE-2018-1227	Concourse-dot-ci Domain Issue
27 Feb 2018	VU475445	VU#475445 SAML Authentication Bypass
27 Feb 2018	CVE-2018-1221	Gorouter websocket handling vulnerability
01 Feb 2018	USN-3540-2	Linux kernel (Xenial HWE) vulnerabilities
01 Feb 2018	USN-3538-1	OpenSSH vulnerabilities
01 Feb 2018	USN-3535-1	Bind vulnerability
01 Feb 2018	USN-3522-4	Linux (Xenial HWE) vulnerability
01 Feb 2018	USN-3522-2	Linux (Xenial HWE) vulnerability
01 Feb 2018	USN-3513-1	libxml2 vulnerability
01 Feb 2018	USN-3504-1	libxml2 vulnerability
03 Gen 2018	Meltdown and Spectre Attacks	Meltdown and Spectre Attacks
19 Dic 2017	CVE-2017-1000353	Jenkins unauthenticated remote code execution
15 Dic 2017	USN-3509-2	Linux kernel (Xenial HWE) vulnerabilities
15 Dic 2017	USN-3505-1	Linux firmware vulnerabilities
15 Dic 2017	USN-3498-1	curl vulnerabilities
15 Dic 2017	USN-3496-3	Python vulnerability
15 Dic 2017	USN-3496-1	Python vulnerability
15 Dic 2017	USN-3489-1	Berkeley DB vulnerability
15 Dic 2017	USN-3485-2	Linux kernel (Xenial HWE) vulnerabilities
15 Dic 2017	USN-3478-1	Perl vulnerabilities
15 Dic 2017	USN-3475-1	OpenSSL vulnerabilities
15 Dic 2017	USN-3469-2	Linux kernel (Xenial HWE) vulnerabilities
15 Dic 2017	USN-3464-1	Wget vulnerabilities
15 Dic 2017	USN-3458-1	ICU vulnerability
15 Dic 2017	USN-3457-1	curl vulnerability
21 Nov 2017	USN-3454-1	libffi vulnerability
21 Nov 2017	USN-3444-2	Linux kernel (Xenial HWE) vulnerabilities
21 Nov 2017	USN-3441-1	curl vulnerabilities
21 Nov 2017	USN-3437-1	OCaml vulnerability
21 Nov 2017	USN-3434-1	Libidn vulnerability
21 Nov 2017	USN-3432-1	ca-certificates update
21 Nov 2017	USN-3424-1	libxml2 vulnerabilities
21 Nov 2017	USN-3387-1	Git vulnerability
16 Nov 2017	CVE-2017-8031	UAA Denial of Service through client token revocation endpoint
15 Nov 2017	CVE-2017-14388	GrootFS doesn’t validate DiffIDs
11 Ott 2017	CVE-2017-8048	Cloud Controller API regression
10 Ott 2017	CVE-2017-8047	Cloud Foundry router open redirect
28 Set 2017	USN-3420-2	Linux kernel (Xenial HWE) vulnerabilities
28 Set 2017	USN-3418-1	GDK-PixBuf vulnerabilities
28 Set 2017	USN-3415-1	tcpdump vulnerabilities
28 Set 2017	USN-3411-1	Bazaar vulnerability
28 Set 2017	USN-3410-1	GD library vulnerability
28 Set 2017	USN-3405-2	Linux kernel (Xenial HWE) vulnerabilities
28 Set 2017	USN-3398-1	graphite2 vulnerabilities
08 Set 2017	CVE-2017-9805	Apache Struts Remote Code Execution
28 Ago 2017	USN-3392-2	Linux kernel (Xenial HWE) regression
21 Ago 2017	USN-3385-2	Linux kernel (Xenial HWE) vulnerabilities
14 Ago 2017	USN-3378-2	Linux kernel (Xenial HWE) vulnerabilities
14 Ago 2017	USN-3367-1	gdb vulnerabilities
14 Ago 2017	USN-3364-2	Linux kernel (Xenial HWE) vulnerabilities
14 Ago 2017	USN-3363-2	ImageMagick regression References
14 Ago 2017	USN-3363-1	ImageMagick vulnerabilities
14 Ago 2017	USN-3356-1	Expat vulnerability
14 Ago 2017	USN-3353-1	Heimdal vulnerability
14 Ago 2017	USN-3349-1	NTP vulnerabilities
14 Ago 2017	USN-3347-1	Libgcrypt vulnerabilities
14 Ago 2017	USN-3346-1	bind9 vulnerabilities
14 Ago 2017	USN-3344-2	Linux kernel (Xenial HWE) vulnerabilities
07 Ago 2017	CVE-2017-8037	Incomplete fix for Cloud Controller API access to CC VM contents
02 Ago 2017	CVE-2017-9022/CVE-2017-9023	strongSwan DOS Vulnerabilities
01 Ago 2017	CVE-2017-8038	Credentials readable from CredHub endpoint
25 Lug 2017	CVE-2017-8036	Cloud Controller API regression
25 Lug 2017	CVE-2017-8035	Cloud Controller API access to CC VM contents
25 Lug 2017	CVE-2017-8033	Cloud Controller API filesystem traversal vulnerability
24 Lug 2017	CVE-2017-8032	UAA Identity Zone Admin Privilege Escalation
05 Lug 2017	CVE-2017-7485	PostgreSQL vulnerabilities
26 Giu 2017	CVE-2017-5946	Directory Traversal in Rubyzip
26 Giu 2017	USN-3334-1	Linux kernel (Xenial HWE) vulnerabilities
26 Giu 2017	USN-3323-1	GNU C Library vulnerability
26 Giu 2017	USN-3318-1	GnuTLS vulnerabilities
26 Giu 2017	USN-3312-2	Linux kernel (Xenial HWE) vulnerabilities
26 Giu 2017	USN-3311-1	libnl vulnerability
26 Giu 2017	USN-3309-1	Libtasn1 vulnerability
26 Giu 2017	USN-3302-1	ImageMagick vulnerabilities
26 Giu 2017	USN-3212-2	LibTIFF regression
22 Giu 2017	USN-3304-1	Sudo vulnerability
08 Giu 2017	CVE-2017-4994	Forwarded Headers in UAA
08 Giu 2017	USN-3295-1	JasPer vulnerabilities
08 Giu 2017	USN-3294-1	Bash vulnerabilities
08 Giu 2017	USN-3291-3	Linux kernel (Xenial HWE) vulnerabilities
08 Giu 2017	USN-3287-1	Git vulnerability
08 Giu 2017	USN-3283-1	rtmpdump vulnerabilities
08 Giu 2017	USN-3282-1	FreeType vulnerabilities
08 Giu 2017	USN-3276-2	shadow regression
08 Giu 2017	USN-3263-1	FreeType vulnerability
08 Giu 2017	USN-3259-1	Bind vulnerabilities
08 Giu 2017	USN-3246-1	Eject vulnerability
08 Giu 2017	USN-3181-1	OpenSSL vulnerabilities
19 Mag 2017	CVE-2017-4992	Privilege escalation with user invitations
19 Mag 2017	CVE-2017-4991	UAA password reset vulnerability
02 Mag 2017	USN-3265-2	Linux kernel (Xenial HWE) vulnerabilities
01 Mag 2017	CVE-2017-4974	Blind SQL Injection with privileged UAA endpoints
20 Apr 2017	CVE-2015-3281	HAProxy vulnerabilities
20 Apr 2017	CVE-2017-4973	Privilege Escalation in UAA
20 Apr 2017	CVE-2017-4972	Blind SQL Injection in UAA
13 Apr 2017	CVE-2017-4969	Bug in CC allows users to exceed quotas
12 Apr 2017	USN-3256-2	Linux kernel (HWE) vulnerability
10 Apr 2017	CVE-2017-4970	Staticfile buildpack ignores basic authentication when misconfigured
06 Apr 2017	USN-3243-1	Git vulnerability
06 Apr 2017	USN-3241-1	audiofile vulnerabilities
06 Apr 2017	USN-3239-2	GNU C Library Regression
06 Apr 2017	USN-3237-1	FreeType vulnerability
06 Apr 2017	USN-3235-1	libxml2 vulnerabilities
06 Apr 2017	USN-3232-1	ImageMagick vulnerabilities
06 Apr 2017	USN-3227-1	ICU vulnerabilities
06 Apr 2017	USN-3225-1	libarchive vulnerabilities
06 Apr 2017	USN-3183-2	GnuTLS vulnerability
05 Apr 2017	CVE-2017-5649	Apache Geode privilege escalation vulnerability
04 Apr 2017	USN-3201-1	Bind vulnerabilities
04 Apr 2017	USN-3234-2	Linux kernel (Xenial HWE) vulnerabilities
04 Apr 2017	USN-3228-1	libevent vulnerabilities
04 Apr 2017	USN-3247-1	AppArmor vulnerability
04 Apr 2017	USN-3249-2	Linux kernel (Xenial HWE) vulnerability
31 Mar 2017	USN-3222-1	ImageMagick vulnerabilities
31 Mar 2017	USN-3213-1	GD library vulnerabilities
31 Mar 2017	USN-3212-1	LibTIFF vulnerabilities
31 Mar 2017	USN-3205-1	tcpdump vulnerabilities
31 Mar 2017	USN-3142-2	ImageMagick vulnerabilities
29 Mar 2017	CVE-2017-4963	Session Fixation for UAA External Authentication
17 Mar 2017	USN-3196-1	Multiple PHP vulnerabilities
17 Mar 2017	USN-3185-1	libXpm vulnerability
17 Mar 2017	USN-3193-1	Nettle vulnerability
17 Mar 2017	USN-3183-1	GnuTLS vulnerabilities
14 Mar 2017	USN-3189-2	Linux kernel (Xenial HWE) vulnerabilities
14 Mar 2017	CVE-2017-5638	Apache Struts Remote Code Execution
13 Mar 2017	USN-3220-2	Linux kernel (Xenial HWE) vulnerability
09 Mar 2017	CVE-2017-4960	UAA OAuth DOS via lockout feature
01 Mar 2017	USN-3208-2	Linux kernel (Xenial HWE) vulnerabilities
31 Gen 2017	USN-3172-1	Bind vulnerabilities
31 Gen 2017	USN-3169-2	Linux kernel (Xenial HWE) vulnerabilities
31 Gen 2017	USN-3161-2	Linux kernel (Xenial HWE) vulnerabilities
23 Gen 2017	CVE-2016-6660	Cloud Controller logs application environment variables
19 Gen 2017	USN-3024-1	tomcat6, tomcat7 vulnerabilities
12 Gen 2017	RunC Exec	RunC Exec Vulnerability
10 Gen 2017	CVE-2016-9882	Cloud Foundry Logs Service Credentials
29 Dic 2016	CVE-2016-3958 and CVE-2016-3959	Golang vulnerabilities
27 Dic 2016	USN-3146-2	Linux kernel (Xenial HWE) vulnerabilities
27 Dic 2016	USN-3128-2	Linux kernel (Xenial HWE) vulnerability
27 Dic 2016	USN-3142-1	ImageMagick vulnerabilities
19 Dic 2016	CVE-2016-8219	Space Auditor can restage apps
21 Dic 2016	Multiple CVEs	httpoxy vulnerabilities
20 Dic 2016	USN-3156-1	APT vulnerability
19 Dic 2016	USN-3131-1	ImageMagick vulnerabilities
19 Dic 2016	USN-3067-1	HarfBuzz vulnerabilities
19 Dic 2016	USN-3117-1	GD library vulnerabilities
14 Dic 2016	USN-3132-1	tar vulnerability
14 Dic 2016	USN-3134-1	Python vulnerabilities
14 Dic 2016	USN-3139-1	Vim vulnerability
14 Dic 2016	CVE-2016-6659	UAA Privilege Escalation
14 Dic 2016	USN-3116-1	DBus vulnerabilities
14 Dic 2016	USN-3119-1	Bind vulnerability
13 Dic 2016	USN-3123-1	curl vulnerabilities
13 Dic 2016	USN-3088-1	Bind vulnerability
09 Dic 2016	CVE-2016-8218	Unauthenticated JWT signing algorithm in routing
07 Dic 2016	USN-3151-2	Linux kernel (Xenial HWE) vulnerability
17 Nov 2016	CVE-2016-6663/CVE-2016-6664	MariaDB Root Privilege Escalation
17 Nov 2016	Several	PCRE vulnerabilities prior to version 8.39
07 Nov 2016	USN-3096-1	NTP vulnerabilities
07 Nov 2016	USN-3095-1	PHP vulnerabilities
02 Nov 2016	CVE-2016-6658	Incomplete fix for Credential Vulnerability for Custom Buildpacks
21 Ott 2016	CVE-2016-5195	Linux kernel vulnerability
17 Ott 2016	CVE-2016-6655	Utility Script Command Injection
17 Ott 2016	USN-3099-2	Linux kernel vulnerabilities
29 Set 2016	CVE-2016-6653	MySQL Audit logs sent to Syslog
28 Set 2016	USN-3087-2	OpenSSL Regression
28 Set 2016	USN-3083-1	Linux kernel vulnerabilities
28 Set 2016	USN-3068-1	Libidn vulnerabilities
28 Set 2016	CVE-2016-6662	Multiple MySQL Vulnerabilities
28 Set 2016	USN-3085-1	GDK-PixBuf vulnerabilities
26 Set 2016	CVE-2016-6651	Privilege Escalation in UAA
26 Set 2016	CVE-2016-6636	UAA Open Redirect Vulnerability for Subdomains
26 Set 2016	CVE-2016-6637	UAA CSRF Vulnerability for OAuth Approvals
21 Set 2016	CVE-2014-9130	LibYAML vulnerability
09 Set 2016	CVE-2016-6639	PHP Buildpack exposes .profile file
09 Set 2016	USN-3045-1	PHP vulnerabilities
25 Ago 2016	USN-3065-1	Libgcrypt vulnerability
25 Ago 2016	USN-3064-1	GnuPG vulnerability
25 Ago 2016	USN-3063-1	Fontconfig vulnerability
25 Ago 2016	USN-3061-1	OpenSSH vulnerability
25 Ago 2016	USN-3030-1/USN-3060-1	GD library vulnerability
25 Ago 2016	USN-3053-1/USN-3037-1	Linux kernel (Vivid HWE) vulnerability
25 Ago 2016	USN-3048-1	curl vulnerability
25 Ago 2016	USN-3033-1	libarchive vulnerability
18 Ago 2016	CVE-2016-5016	UAA accepts expired certificates
26 Lug 2016	CVE-2016-5006	Cloud Controller API logs user-provided service credentials
13 Lug 2016	USN-3010-1	Expat vulnerabilities
13 Lug 2016	CVE-2016-4450	Nginx Vulnerabilities
13 Lug 2016	USN-3012-1	Wget vulnerability
01 Lug 2016	USN-3020-1	Linux kernel (Vivid HWE) vulnerabilities
30 Giu 2016	CVE-2016-4468	UAA SQL Injection
15 Giu 2016	USN-3001-1	Linux kernel (Vivid HWE) vulnerabilities
13 Giu 2016	CVE-2016-4435	BOSH Agent Anonymous Endpoint
13 Giu 2016	USN-2994-1	libxml2 vulnerabilities
13 Giu 2016	USN-2991-1	nginx vulnerability
13 Giu 2016	USN-2990-1	ImageMagick vulnerability (a.k.a. ImageTragick)
13 Giu 2016	USN-2987-1	GD library vulnerabilities
13 Giu 2016	USN-2985-2	GNU C Library regression
13 Giu 2016	USN-2983-1	Expat vulnerability
13 Giu 2016	USN-2981-1	libarchive vulnerabilities
13 Giu 2016	USN-2966-1	OpenSSH vulnerabilities
13 Giu 2016	USN-2961-1	Little CMS vulnerability
08 Giu 2016	CVE-2013-7456	PHP vulnerabilities
03 Giu 2016	USN-2970-1	Linux kernel (Vivid HWE) vulnerabilities
23 Mag 2016	CVE-2016-3084	UAA Password Reset Vulnerability
19 Mag 2016	USN-2977-1	Linux kernel (Vivid HWE) vulnerabilities
17 Mag 2016	CVE-2016-3091	Diego log encoding vulnerability
06 Mag 2016	USN-2959-1	OpenSSL vulnerabilities
06 Mag 2016	USN-2957-1	Libtasn1 vulnerability
06 Mag 2016	USN-2949-1	Linux kernel (Vivid HWE) vulnerabilities
06 Mag 2016	USN-2943-1	PCRE vulnerabilities
06 Mag 2016	USN-2935-2	PAM regression
02 Mag 2016	CVE-2015-5170-5173	UAA Vulnerabilities
14 Apr 2016	Badlock bug	Samba and Windows Vulnerabilities
24 Mar 2016	USN-2939-1	LibTIFF vulnerabilities
24 Mar 2016	USN-2927-1	Graphite2 vulnerabilities
24 Mar 2016	USN-2925-1	Bind9 vulnerabilities
24 Mar 2016	USN-2919-1	JasPer vulnerabilities
24 Mar 2016	USN-2918-1	Pixman vulnerabilities
24 Mar 2016	USN-2916-1	Perl vulnerabilities
24 Mar 2016	USN-2914-1	OpenSSL vulnerabilities
24 Mar 2016	NPM Ownership Issue	Warning about NPM modules
24 Mar 2016	USN-2938-1	Git vulnerabilities
16 Mar 2016	USN-2932-1	Linux kernel vulnerabilities
02 Mar 2016	CVE-2016-0800	OpenSSL vulnerabilities
26 Feb 2016	USN-2910-1	Linux kernel vulnerability
26 Feb 2016	CVE-2016-0761	Docker Image Host Files Corruption
19 Feb 2016	USN-2900-1	GNU libc vulnerability
02 Feb 2016	CVE-2016-0732	Privilege Escalation
01 Feb 2016	CVE-2016-0713	Gorouter XSS
22 Gen 2016	USN-2871-1	Linux kernel vulnerability
20 Gen 2016	CVE-2016-0715	Remote Information Disclosure
19 Gen 2016	USN-2865-1	GnuTLS vulnerability
19 Gen 2016	USN-2861-1	libpng vulnerability
19 Gen 2016	USN-2868-1	DHCP vulnerability
19 Gen 2016	USN-2869-1	OpenSSH vulnerability
18 Gen 2016	CVE-2016-0708	Remote Information Disclosure
07 Gen 2016	USN-2857-1	Linux kernel vulnerability
07 Gen 2016	USN-2842-1/USN-2842-2	Linux kernel vulnerability
07 Gen 2016	USN-2837-1	bind9 vulnerability
07 Gen 2016	USN-2836-1	grub2 vulnerability
07 Gen 2016	USN-2835-1	git vulnerability
07 Gen 2016	USN-2834-1	libxml2 vulnerability
07 Gen 2016	USN-2830-1	OpenSSL vulnerability
07 Gen 2016	USN-2829-1	Linux kernel vulnerability
15 Dic 2015	CVE-2015-5350	Garden Nstar vulnerability
04 Dic 2015	USN-2821-1	GnuTLS vulnerability
04 Dic 2015	USN-2820-1	dpkg vulnerability
02 Dic 2015	USN-2815-1	PNG vulnerability
02 Dic 2015	USN-2812-1	libxml2 vulnerability
02 Dic 2015	USN-2810-1	Kerberos vulnerability
02 Dic 2015	USN-2787-1	audiofile vulnerability
24 Nov 2015	USN-2788-1/2788-2	unzip vulnerability
12 Nov 2015	USN-2798-1	Linux kernel vulnerability
12 Nov 2015	USN-2806-1	Linux kernel vulnerability
03 Nov 2015	USN-2778-1	Linux kernel vulnerabilities
03 Nov 2015	USN-2767-1	GDK-Pixbuf library vulnerability
07 Ott 2015	Golang	Golang 1.4.3 CVE Fixes
07 Ott 2015	USN-2722-1	GDK-PixBuf Vulnerabilities
07 Ott 2015	USN-2711-1	Net-SNMP Vulnerabilities
07 Ott 2015	USN-2739-1	FreeType Vulnerabilities
07 Ott 2015	USN-2740-1	ICU Vulnerabilities
07 Ott 2015	USN-2751-1	Linux Kernel (Vivid HWE) Vulnerability
07 Ott 2015	USN-2756-1	rpcbind Vulnerability
07 Ott 2015	USN-2765-1	Linux Kernel (Vivid HWE) Vulnerability
08 Set 2015	USN-2710-1	OpenSSH Vulnerabilities
08 Set 2015	USN-2698-1	SQLite Vulnerabilities
08 Set 2015	USN-2694-1	PCRE Vulnerabilities
08 Set 2015	USN-2718-1	Address Configuration Change Vulnerabilities
06 Ago 2015	USN-2696-1	OpenJDK 7 Vulnerabilities
29 Lug 2015	CVE-2015-3290	Linux Kernel NMI Vulnerability
10 Lug 2015	CVE-2015-1420	file_handle size verification
06 Lug 2015	CVE-2015-1330	Unattended-Upgrades Vulnerability
25 Giu 2015	CVE-2015-3189	Expire old reset password links
25 Giu 2015	CVE-2015-3190	Open redirect on Login
25 Giu 2015	CVE-2015-3191	CSRF attack on change email
12 Giu 2015	USN-2639-1	OpenSSL vulnerabilities
12 Giu 2015	CVE-2015-3636	ipv4 use-after-free
17 Giu 2015	CVE-2015-1328	overlayfs privilege escalation
09 Giu 2015	Redis LUA Sandbox	Redis LUA Exploit
22 Mag 2015	CVE-2015-1834	Path Traversal Vulnerability
22 Mag 2015	USN-2617-1	FUSE Vulnerability
30 Apr 2015	CVE-2015-1855	Ruby OpenSSL Hostname Verification
23 Mar 2015	CVE-2015-0282	Multiple GnuTLS Vulnerabilities
21 Mar 2015	USN-2537-1	OpenSSL vulnerabilities
13 Mar 2015	CVE-2014-8159	Linux Kernel Infiniband Vulnerability
09 Feb 2015	CVE-2014-0227	Apache Tomcat Request Smuggling
28 Gen 2015	CVE-2015-0235	GHOST
10 Set 2014	CVE-2013-4444	Remote Code Execution in Apache Tomcat
16 Ott 2014	CVE-2014-3566	SSLV3 POODLE
29 Set 2014	CVE-2014-7186	Bash Out-of Bonds
25 Set 2014	CVE-2014-6271	Bash - ShellShock
19 Set 2014	CVE-2014-5119	glib_gconv_translit_find() exploit
18 Ago 2014	CVE-2014-3153	Futex requeue exploit
05 Giu 2014	CVE-2014-0224	SSL/TLS MITM Vulnerability
10 Apr 2014	CVE-2014-0160	Heartbleed

[1] This table is not yet a complete list of vulnerabilities in dependencies. Formulating such a list is an extensive undertaking which Pivotal is addressing systematically. When this table becomes a complete and comprehensive list, we will remove this footnote.

Thanks

Note: Reports of vulnerabilities in Pivotal products are listed in the credit section of the associated security announcement.