Pivotal Application Security Team
Overview
The Pivotal Application Security Team provides a single point of contact for the reporting of security vulnerabilities in Pivotal products and coordinates the process of investigating any reported vulnerabilities.
If you would like to subscribe to updates to this page, the RSS feed for all vulnerability reports is available at https://tanzu.vmware.com/security/rss or https://tanzu.vmware.com/security/parsed/rss. The RSS feed for just the notable vulnerabilities in dependences is available at https://tanzu.vmware.com/security/dependencies/rss and the RSS feed for just Pivotal product vulnerabilities is available at https://tanzu.vmware.com/security/pivotal/rss.
Reporting a vulnerability
We strongly encourage people to report security vulnerabilities privately to our security team before disclosing them in a public forum.
Please note that the e-mail address below should only be used for reporting undisclosed security vulnerabilities in Pivotal products and managing the process of fixing such vulnerabilities. We cannot accept regular bug reports or other security related queries at this address.
The e-mail address to use to contact the Pivotal Application Security Team is security@pivotal.io.
The fingerprint is: AA8F D966 7001 70B7 087E B407 04A1 595B 8F19 137B
It can be obtained from a public key server such as pgp.mit.edu.
Pivotal Product Vulnerability Reports
| Date | CVE Reference | Description | ||
| 26 五月 2020 | CVE-2019-15605 | Node.js is vulnerable to request smuggling | ||
| 13 五月 2020 | CVE-2020-5409 | Concourse Open Redirect in the /sky/login endpoint | ||
| 07 五月 2020 | CVE-2020-5408 | Dictionary attack with Spring Security queryable text encryptor | ||
| 07 五月 2020 | CVE-2020-5407 | Signature Wrapping Vulnerability with spring-security-saml2-service-provider | ||
| 14 四月 2020 | CVE-2020-5402 | UAA fails to check the state parameter when authenticating with external IDPs | ||
| 09 四月 2020 | CVE-2020-5406 | PCF Autoscaling logs its database credentials | ||
| 06 四月 2020 | CVE-2019-11282 | UAA is vulnerable to a Blind SCIM injection leading to information disclosure | ||
| 06 四月 2020 | CVE-2020-5400 | Cloud Controller logs environment variables from app manifests | ||
| 04 三月 2020 | VARIOUS-JACKSON-CVES-UAA | Various CVEs UAA consumes vulnerable versions of FasterXML jackson-databind | ||
| 04 三月 2020 | CVE-2019-11290 | UAA logs query parameters in tomcat access file | ||
| 03 三月 2020 | CVE-2019-11253 | PKS is vulnerable to a YAML/JSON parsing "Billion Laughs" Attack | ||
| 27 二月 2020 | CVE-2020-5403 | DoS Via Malformed URL with Reactor Netty HTTP Server | ||
| 27 二月 2020 | CVE-2020-5404 | Authentication Leak On Redirect With Reactor Netty HttpClient | ||
| 26 二月 2020 | CVE-2020-5405 | Directory Traversal with spring-cloud-config-server | ||
| 24 二月 2020 | CVE-2020-5401 | GoRouter is vulnerable to a cache poisoning DoS | ||
| 12 二月 2020 | CVE-2020-5399 | CredHub does not properly enable TLS for MySQL database connections | ||
| 11 二月 2020 | CVE-2019-19604 | Git submodule loading vulnerability | ||
| 16 一月 2020 | CVE-2020-5397 | CSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFlux | ||
| 16 一月 2020 | CVE-2020-5398 | RFD Attack via “Content-Disposition” Header Sourced from Request Input by Spring MVC or Spring WebFlux Application | ||
| 15 一月 2020 | CVE-2019-11288 | tc Server JMX Socket Listener Registry Rebinding Local Privilege Escalation | ||
| 10 一月 2020 | CVE-2019-18802 | CVE-2019-18801, CVE-2019-18838, MySQL for Pivotal Platform consumes a vulnerable version of Envoy | ||
| 08 一月 2020 | CVE-2019-11292 | Ops Manager logs query parameters in tomcat access file | ||
| 04 十二月 2019 | CVE-2019-19029 | SQL Injection via user-groups in VMware Harbor Container Registry for Pivotal Platform | ||
| 04 十二月 2019 | CVE-2019-19023 | Privilege Escalation Vulnerability in VMware Harbor Container Registry for Pivotal Platform | ||
| 04 十二月 2019 | CVE-2019-19026 | SQL Injection via project quotas in VMware Harbor Container Registry for Pivotal Platform | ||
| 04 十二月 2019 | CVE-2019-3990 | User Enumeration Flaw in VMware Harbor Container Registry for Pivotal Platform | ||
| 04 十二月 2019 | CVE-2019-19025 | Cross-Site Request Forgery Vulnerability in VMware Harbor Container Registry for Pivotal Platform | ||
| 04 十二月 2019 | CVE-2019-9517 | CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9518, CVE-2019-9511, CVE-2019-9516, Some Pivotal products are impacted by HTTP/2 denial of service attacks | ||
| 03 十二月 2019 | CVE-2019-11293 | UAA logs all query parameters with debug logging level | ||
| 22 十一月 2019 | CVE-2019-11291 | RabbitMQ XSS attack via federation and shovel endpoints | ||
| 22 十一月 2019 | CVE-2019-11287 | RabbitMQ Web Management Plugin DoS via heap overflow | ||
| 18 十一月 2019 | CVE-2019-11289 | A forged route service request using an invalid nonce can cause the gorouter to panic and crash | ||
| 06 十一月 2019 | CVE-2019-9893 | libseccomp incorrectly generate 64-bit syscall argument comparisons | ||
| 28 十月 2019 | CVE-2019-16869 | Reactor Netty Consumes a Vulnerable Version of Netty | ||
| 24 十月 2019 | CVE-2019-11249 | PKS consumes a vulnerable version of kubectl | ||
| 23 十月 2019 | CVE-2019-11283 | Password leak in smbdriver logs | ||
| 17 十月 2019 | CVE-2019-16919 | Broken access control vulnerability in Harbor API | ||
| 15 十月 2019 | CVE-2019-11278 | Privilege Escalation via Blind SCIM Injection in UAA | ||
| 15 十月 2019 | CVE-2019-11279 | Privilege Escalation via Scope Manipulation in UAA | ||
| 15 十月 2019 | CVE-2019-11247 | Kubernetes API Server Vulnerability | ||
| 15 十月 2019 | CVE-2018-15664 | Docker Symlink Directory Traversal Vulnerability | ||
| 15 十月 2019 | CVE-2019-13139 | Docker build code execution | ||
| 14 十月 2019 | CVE-2019-11281 | RabbitMQ XSS attack | ||
| 11 十月 2019 | CVE-2019-11284 | Reactor Netty authentication leak in redirects | ||
| 25 九月 2019 | CVE-2019-11275 | CSV Injection in usage report downloaded from Pivotal Application Manager | ||
| 23 九月 2019 | CVE-2019-11277 | Volume Services is vulnerable to an LDAP injection attack | ||
| 19 九月 2019 | CVE-2019-11280 | Privilege escalation through the invitations service | ||
| 20 八月 2019 | CVE-2019-3775 | UAA allows users to modify their own email address | ||
| 20 八月 2019 | CVE-2019-3788 | UAA redirect-uri allows wildcards in the subdomain | ||
| 20 八月 2018 | CVE-2019-3787 | UAA defaults email address to an insecure domain | ||
| 20 八月 2019 | CVE-2019-10164 | Critical Security Issue in PostgreSQL | ||
| 19 八月 2019 | CVE-2019-11276 | Apps Manager sends tokens to Spring apps via HTTP | ||
| 15 八月 2019 | CVE-2017-15694 | Pivotal GemFire and Cloud Cache consume vulnerable versions of Apache Geode | ||
| 14 八月 2019 | CVE-2019-13232 | ClamAV Add-on for PCF consumes a vulnerable version of ClamAV | ||
| 01 八月 2019 | CVE-2019-11270 | UAA clients.write vulnerability | ||
| 25 七月 2019 | CVE-2019-3800 | CF CLI writes the client id and secret to config file | ||
| 25 七月 2019 | CVE-2019-3781 | CF CLI does not sanitize user's password in verbose/trace/debug | ||
| 23 七月 2019 | CVE-2019-11273 | PKS Telemetry logs credentials | ||
| 22 七月 2019 | VARIOUS-SQL | Various MySQL Security Updates from July 2018 through January 2019 | ||
| 22 七月 2019 | USN-4017-1 | Linux kernel vulnerabilities | ||
| 18 七月 2019 | CVE-2019-3786 | BBR could run arbitrary scripts on deployment VMs | ||
| 28 六月 2019 | CVE-2019-11271 | Bosh Deployment logs leak sensitive information | ||
| 19 六月 2019 | CVE-2019-11272 | PlaintextPasswordEncoder authenticates encoded passwords that are null | ||
| 30 五月 2019 | CVE-2019-5021 | Tile generator affected by insecure default password | ||
| 30 五月 2019 | CVE-2019-11269 | Open Redirector in spring-security-oauth2 | ||
| 24 五月 2019 | CVE-2019-3790 | Ops Manager uaa client issues tokens after refresh token expiration | ||
| 13 五月 2019 | CVE-2019-3802 | Additional information exposure with Spring Data JPA example matcher | ||
| 25 四月 2019 | CVE-2019-3801 | Java Projects using HTTP to fetch dependencies | ||
| 24 四月 2019 | CVE-2019-3798 | Escalation of Privileges in Cloud Controller | ||
| 24 四月 2019 | CVE-2019-3789 | Gorouter allows space developer to hijack route services hosted outside the platform | ||
| 16 四月 2019 | CVE-2019-3799 | Directory Traversal with spring-cloud-config-server | ||
| 12 四月 2019 | CVE-2019-3793 | Invitations Service supports HTTP connections | ||
| 08 四月 2019 | CVE-2019-3797 | Additional information exposure with Spring Data JPA derived queries | ||
| 04 四月 2019 | CVE-2019-3795 | Insecure Randomness When Using a SecureRandom Instance Constructed by Spring Security | ||
| 01 四月 2019 | CVE-2019-9946 | Kubernetes affecting certain network configurations with CNI | ||
| 01 四月 2019 | CVE-2019-1002100 | Kubernetes API Server Patch Request Consumes Excess Resource Cause Denial of Service | ||
| 01 四月 2019 | CVE-2019-1002101 | Kubernetes kubectl - potential directory traversal | ||
| 25 三月 2019 | CVE-2019-3792 | Concourse 5.0.0 SQL Injection vulnerability | ||
| 07 三月 2019 | CVE-2019-8331 | Bootstrap XSS | ||
| 28 二月 2019 | CVE-2018-15754 | UAA issues tokens across identity providers if users with matching usernames exist | ||
| 26 二月 2019 | CVE-2019-3777 | Apps Manager unverified SSL certs in Cloud Controller proxy | ||
| 21 二月 2019 | CVE-2019-3778 | Open Redirector in spring-security-oauth2 | ||
| 19 二月 2019 | CVE-2019-3776 | Reflected XSS in Pivotal Operations Manager | ||
| 14 二月 2019 | CVE-2019-3780 | Cloud Foundry Container Runtime Leaks IAAS Credentials | ||
| 14 二月 2019 | CVE-2019-3779 | Pivotal Container Service allows a user to bypass security policy when talking to ETCD | ||
| 14 一月 2019 | CVE-2019-3772 | XML External Entity Injection (XXE) | ||
| 14 一月 2019 | CVE-2019-3773 | XML External Entity Injection (XXE) | ||
| 14 一月 2019 | CVE-2019-3774 | XML External Entity Injection (XXE) | ||
| 08 一月 2019 | KUBERNETES-API-SERVER | Kubernetes API Server acts as proxy for internal and external IPs | ||
| 08 一月 2019 | CVE-2019-3803 | Concourse includes token in CLI authentication callback | ||
| 04 一月 2019 | CVE-2018-18264 | Kubernetes Dashboard TLS Certificate Leak | ||
| 18 十二月 2018 | CVE-2018-15801 | Authorization Bypass During JWT Issuer Validation with spring-security | ||
| 13 十二月 2018 | CVE-2018-15798 | Pivotal Concourse allows malicious redirect urls on login | ||
| 05 十二月 2018 | CVE-2018-1279 | RabbitMQ cluster compromise due to deterministically generated cookie | ||
| 15 十一月 2018 | CVE-2018-15759 | On Demand Services SDK Timing Attack Vulnerability | ||
| 09 十一月 2018 | CVE-2018-15795 | CredHub Service Broker uses guessable client secret | ||
| 29 十月 2018 | CVE-2018-15762 | Pivotal Operations Manager gives all users heightened privileges | ||
| 16 十月 2018 | CVE-2018-15758 | Privilege Escalation in spring-security-oauth2 | ||
| 16 十月 2018 | CVE-2018-15756 | DoS Attack via Range Requests | ||
| 10 十月 2018 | CVE-2018-11084 | Garden-runC prevents deletion of some app environments | ||
| 10 十月 2018 | CVE-2018-15755 | CF networking internal policy server SQL injection | ||
| 03 十月 2018 | CVE-2018-11083 | BOSH accepts refresh token as access token | ||
| 02 十月 2018 | CVE-2018-15763 | PKS leaks IaaS credentials to application logs | ||
| 27 九月 2018 | CVE-2018-11081 | Ops Manager writes UAA credentials to disk | ||
| 13 九月 2018 | CVE-2018-1198 | PCC bosh deployment logs print a superuser password in plain text | ||
| 13 九月 2018 | CVE-2018-11088 | CF admin credentials accessible to developers through Applications Manager | ||
| 13 九月 2018 | CVE-2018-11086 | CF admin credentials accessible to developers through usage service | ||
| 11 九月 2018 | CVE-2018-11087 | RabbitMQ (Spring-AMQP) Host name verification | ||
| 23 七月 2018 | CVE-2018-11044 | Apps Manager allows unescaped content in invitation emails | ||
| 10 七月 2018 | CVE-2018-11045 | Operations Manager image contains static LRNG seed file | ||
| 20 六月 2018 | CVE-2018-11046 | Operations Manager includes outdated NGINX packages | ||
| 14 六月 2018 | CVE-2018-11040 | JSONP enabled by default in MappingJackson2JsonView | ||
| 14 六月 2018 | CVE-2018-11039 | Cross Site Tracing (XST) with Spring Framework | ||
| 11 五月 2018 | CVE-2018-1263 | Unsafe Unzip with spring-integration-zip | ||
| 10 五月 2018 | CVE-2018-1278 | Apps Manager allows unauthorized org invitations | ||
| 09 五月 2018 | CVE-2018-1261 | Unsafe Unzip with spring-integration-zip | ||
| 09 五月 2018 | CVE-2018-1260 | Remote Code Execution with spring-security-oauth2 | ||
| 09 五月 2018 | CVE-2018-1259 | XXE with Spring Data’s XMLBeam integration | ||
| 09 五月 2018 | CVE-2018-1258 | Unauthorized Access with Spring Security Method Security | ||
| 09 五月 2018 | CVE-2018-1257 | ReDoS Attack with spring-messaging | ||
| 07 五月 2018 | CVE-2018-1280 | Blind SQL injection in Pivotal Greenplum Command Center | ||
| 30 四月 2018 | CVE-2018-1256 | Issuer validation regression in Spring Cloud SSO Connector | ||
| 10 四月 2018 | CVE-2018-1274 | Denial of Service with Spring Data | ||
| 10 四月 2018 | CVE-2018-1273 | RCE with Spring Data Commons | ||
| 09 四月 2018 | CVE-2018-1275 | Address partial fix for CVE-2018-1270 | ||
| 05 四月 2018 | CVE-2018-1272 | Multipart Content Pollution with Spring Framework | ||
| 05 四月 2018 | CVE-2018-1271 | Directory Traversal with Spring MVC on Windows | ||
| 05 四月 2018 | CVE-2018-1270 | Remote Code Execution with spring-messaging | ||
| 16 三月 2018 | CVE-2018-1230 | Spring Batch Admin vulnerable to Cross Site Request Forgery | ||
| 16 三月 2018 | CVE-2018-1229 | Stored XSS in file upload of Spring Batch Admin | ||
| 13 二月 2018 | CVE-2018-1200 | Apps Manager File Access Vulnerability | ||
| 30 一月 2018 | CVE-2018-1196 | Symlink privilege escalation attack via Spring Boot launch script | ||
| 29 一月 2018 | CVE-2018-1199 | Security bypass with static resources | ||
| 16 十月 2017 | CVE-2017-8028 | Spring-LDAP authentication with userSearch and STARTTLS allows authentication with arbitrary password | ||
| 21 九月 2017 | CVE-2017-8046 | RCE in PATCH requests in Spring Data REST | ||
| 19 九月 2017 | CVE-2017-8045 | Remote code execution in spring-amqp | ||
| 15 九月 2017 | CVE-2017-8039 | Data Binding Expression Vulnerability in Spring Web Flow | ||
| 31 八月 2017 | CVE-2017-8044 | XSS vulnerability in Single Sign-On for PCF via DOM-based query parameters | ||
| 31 八月 2017 | CVE-2017-8041 | XSS vulnerability in org name in Single Sign-On for PCF | ||
| 31 八月 2017 | CVE-2017-8040 | XXE Vulnerability in Single Sign-On for PCF | ||
| 08 六月 2017 | CVE-2017-4995 | Jackson Configuration Allows Code Execution with Unknown “Serialization Gadgets” | ||
| 31 五月 2017 | CVE-2017-4971 | Data Binding Expression Vulnerability in Spring Web Flow | ||
| 15 五月 2017 | CVE-2017-4975 | Tile generator sets open security groups | ||
| 04 五月 2017 | CVE-2017-4966 | RabbitMQ local storage of credentials | ||
| 04 五月 2017 | CVE-2017-4965 | XSS vulnerabilities in RabbitMQ management UI | ||
| 27 三月 2017 | CVE-2017-2773 | Unauthenticated JWT signing algorithm in multiple components | ||
| 24 三月 2017 | CVE-2017-4955 | Credentials in Elastic Runtime Notifications errand log | ||
| 14 二月 2017 | CVE-2017-4959 | Pivotal Cloud Foundry account authorization vulnerability | ||
| 09 二月 2017 | CVE-2016-9880 | Unauthenticated access to GemFire for PCF broker endpoints | ||
| 04 一月 2017 | CVE-2016-9885 | gfsh exposed over go router for GemFire for PCF | ||
| 28 十二月 2016 | CVE-2016-9879 | Encoded "/" in path variables | ||
| 28 十二月 2016 | CVE-2016-0898 | Service backups log AWS key | ||
| 21 十二月 2016 | CVE-2016-9878 | Directory Traversal in the Spring Framework ResourceServlet | ||
| 19 十二月 2016 | CVE-2016-9877 | RabbitMQ authentication vulnerability | ||
| 31 十月 2016 | CVE-2016-6657 | PCF Open Redirects | ||
| 31 十月 2016 | CVE-2016-6656 | Code injection vulnerability via GPHDFS in Greenplum database | ||
| 30 九月 2016 | CVE-2016-6652 | Spring Data JPA Blind SQL Injection Vulnerability | ||
| 12 九月 2016 | CVE-2016-0930 | Ops Manager Compilation VMs Vulnerability on vSphere and vCloud | ||
| 27 七月 2016 | CVE-2016-0896 | IaaS Metadata Endpoint Accessible from Application Containers | ||
| 15 七月 2016 | CVE-2016-0929 | RabbitMQ for PCF vulnerability | ||
| 07 七月 2016 | CVE-2016-5007 | Spring Security / MVC Path Matching Inconsistency | ||
| 07 七月 2016 | CVE-2016-0926 | Apps Manager XSS vulnerability | ||
| 05 七月 2016 | CVE-2016-4977 | Remote Code Execution (RCE) in Spring Security OAuth | ||
| 29 六月 2016 | CVE-2016-0928 | PCF Open Redirects | ||
| 24 六月 2016 | CVE-2016-0897 | Ops Manager vSphere and vCloud vulnerability | ||
| 23 六月 2016 | CVE-2016-0927 | Ops Manager XSS vulnerability | ||
| 11 四月 2016 | CVE-2016-2173 | Remote Code Execution in Spring AMQP | ||
| 23 三月 2016 | CVE-2016-0780 | Cloud Controller Disk Quota Enforcement | ||
| 23 三月 2016 | CVE-2016-2165 | Loggregator Request URL Paths | ||
| 23 三月 2016 | CVE-2016-0781 | UAA Persistent XSS Vulnerability | ||
| 03 二月 2016 | CVE-2016-0883 | Pivotal Ops Manager Weak Authentication Scheme | ||
| 12 十一月 2015 | CVE-2015-5258 | Spring Social CSRF | ||
| 15 十月 2015 | CVE-2015-5211 | RFD Attack in Spring Framework | ||
| 30 六月 2015 | CVE-2015-3192 | DoS Attack with XML Input | ||
| 06 三月 2015 | CVE-2015-0201 | Insufficiently random session id in Java SockJS client | ||
| 13 一月 2015 | CVE-2014-3626 | Directory Traversal in Grails Resources Plugin | ||
| 11 十一月 2014 | CVE-2014-3625 | Directory Traversal in Spring Framework | ||
| 05 九月 2014 | CVE-2014-3578 | Directory Traversal in Spring Framework | ||
| 15 八月 2014 | CVE-2014-3527 | Access Control Bypass in Spring Security | ||
| 28 五月 2014 | CVE-2014-0225 | Information Disclosure when using Spring MVC | ||
| 11 三月 2014 | CVE-2014-1904 | XSS when using Spring MVC | ||
| 11 三月 2014 | CVE-2014-0097 | Blank password may bypass user authentication | ||
| 11 三月 2014 | CVE-2014-0054 | Incomplete fix for CVE-2013-7315 / CVE-2013-6429 (XXE) | ||
| 19 二月 2014 | CVE-2014-0053 | Information Disclosure when using Grails | ||
| 14 一月 2014 | CVE-2013-6430 | Possible XSS when using Spring MVC | ||
| 14 一月 2014 | CVE-2013-6429 | Incomplete fix for CVE-2013-7315 (XXE) | ||
| 22 八月 2013 | CVE-2013-7315 | XML External Entity (XXE) injection in Spring Framework | ||
| 22 八月 2013 | CVE-2013-4152 | XML eXternal Entity (XXE) injection in Spring Framework |
Notable Vulnerabilities in Dependencies[1]
| Date | CVE Reference | Description | ||
| 14 五月 2020 | USN-4318-1 | Linux kernel vulnerabilities | ||
| 23 四月 2020 | USN-4305-1 | ICU vulnerability | ||
| 23 四月 2020 | USN-4302-1 | Linux kernel vulnerabilities | ||
| 23 四月 2020 | USN-4298-1 | SQLite vulnerabilities | ||
| 08 四月 2020 | USN-4292-1 | rsync vulnerabilities | ||
| 02 三月 2020 | USN-4293-1 | libarchive vulnerabilities | ||
| 18 二月 2020 | USN-4287-1 | Linux kernel vulnerabilities | ||
| 10 二月 2020 | USN-4274-1 | libxml2 vulnerabilities | ||
| 05 二月 2020 | USN-4269-1 | systemd vulnerabilities | ||
| 03 二月 2020 | USN-4263-1 | Sudo vulnerability | ||
| 28 一月 2020 | USN-4255-2 | Linux kernel (HWE) vulnerabilities | ||
| 28 一月 2020 | USN-4256-1 | Cyrus SASL vulnerability | ||
| 27 一月 2020 | USN-4252-1 | tcpdump vulnerabilities | ||
| 23 一月 2020 | USN-4233-2 | GnuTLS update | ||
| 23 一月 2020 | USN-4249-1 | e2fsprogs vulnerability | ||
| 22 一月 2020 | USN-4247-1 | python-apt vulnerabilities | ||
| 22 一月 2020 | USN-4247-2 | python-apt regression | ||
| 22 一月 2020 | USN-4246-1 | zlib vulnerabilities | ||
| 20 一月 2020 | USN-4242-1 | Sysstat vulnerabilities | ||
| 20 一月 2020 | USN-4243-1 | libbsd vulnerabilities | ||
| 19 一月 2020 | CVE-2020-0601 | Windows Stemcells vulnerable to Windows CryptoAPI Spoofing Vulnerability | ||
| 15 一月 2020 | USN-4205-1 | SQLite vulnerabilities | ||
| 15 一月 2020 | USN-4215-1 | NSS vulnerability | ||
| 15 一月 2020 | USN-4182-3 | Intel Microcode regression | ||
| 15 一月 2020 | USN-4220-1 | Git vulnerabilities | ||
| 15 一月 2020 | USN-4210-1 | Linux kernel vulnerabilities | ||
| 14 一月 2020 | USN-4236-2 | Libgcrypt vulnerability | ||
| 13 一月 2020 | USN-4235-1 | nginx vulnerability | ||
| 09 一月 2020 | USN-4233-1 | GnuTLS update | ||
| 08 一月 2020 | USN-4231-1 | NSS vulnerability | ||
| 07 一月 2020 | USN-4227-1 | Linux kernel vulnerabilities | ||
| 18 十二月 2019 | USN-4194-1 | postgresql-common vulnerability | ||
| 18 十二月 2019 | USN-4185-1 | Linux kernel vulnerabilities | ||
| 18 十二月 2019 | USN-4162-1 | Linux kernel vulnerabilities | ||
| 18 十二月 2019 | USN-4191-1 | QEMU vulnerabilities | ||
| 18 十二月 2019 | USN-4164-1 | Libxslt vulnerabilities | ||
| 18 十二月 2019 | USN-4190-1 | libjpeg-turbo vulnerabilities | ||
| 18 十二月 2019 | USN-4176-1 | GNU cpio vulnerability | ||
| 18 十二月 2019 | USN-4172-1 | file vulnerability | ||
| 18 十二月 2019 | USN-4203-1 | NSS vulnerability | ||
| 18 十二月 2019 | USN-4169-1 | libarchive vulnerability | ||
| 18 十二月 2019 | USN-4182-1 | Intel Microcode update | ||
| 18 十二月 2019 | USN-4185-3 | Linux kernel vulnerability and regression | ||
| 18 十二月 2019 | USN-4199-1 | libvpx vulnerabilities | ||
| 11 十二月 2019 | USN-4221-1 | libpcap vulnerability | ||
| 25 十一月 2019 | CVE-2019-15587 | Ops Manager contains a vulnerable Loofah gem | ||
| 14 十一月 2019 | USN-4004-1 | Berkeley DB vulnerability | ||
| 14 十一月 2019 | USN-4038-1 | bzip2 vulnerabilities | ||
| 14 十一月 2019 | USN-3911-1 | file vulnerabilities | ||
| 14 十一月 2019 | USN-4015-1 | DBus vulnerability | ||
| 14 十一月 2019 | USN-4011-1 | Jinja2 vulnerabilities | ||
| 14 十一月 2019 | USN-4008-2 | AppArmor update | ||
| 14 十一月 2019 | USN-3999-1 | GnuTLS vulnerabilities | ||
| 14 十一月 2019 | USN-3967-1 | FFmpeg vulnerabilities | ||
| 14 十一月 2019 | USN-3990-1 | urllib3 vulnerabilities | ||
| 14 十一月 2019 | USN-4040-1 | Expat vulnerability | ||
| 14 十一月 2019 | USN-3885-2 | OpenSSH vulnerability | ||
| 14 十一月 2019 | USN-3993-1 | curl vulnerabilities | ||
| 14 十一月 2019 | USN-4012-1 | elfutils vulnerabilities | ||
| 14 十一月 2019 | USN-3968-1 | Sudo vulnerabilities | ||
| 14 十一月 2019 | USN-4016-1 | Vim vulnerabilities | ||
| 14 十一月 2019 | USN-4019-1 | SQLite vulnerabilities | ||
| 06 十一月 2019 | USN-4151-1 | Python vulnerabilities | ||
| 06 十一月 2019 | USN-4144-1 | Linux kernel vulnerabilities | ||
| 06 十一月 2019 | USN-4142-1 | e2fsprogs vulnerability | ||
| 06 十一月 2019 | USN-4132-1 | Expat vulnerability | ||
| 06 十一月 2019 | USN-4129-1 | curl vulnerabilities | ||
| 06 十一月 2019 | USN-4127-1 | Python vulnerabilities | ||
| 06 十一月 2019 | USN-4126-1 | FreeType vulnerability | ||
| 30 九月 2019 | USN-4135-1 | Linux kernel vulnerabilities | ||
| 30 九月 2019 | USN-4115-2 | Linux kernel regression | ||
| 30 九月 2019 | USN-4115-1 | Linux kernel vulnerabilities | ||
| 30 九月 2019 | USN-4094-1 | Linux kernel vulnerabilities | ||
| 30 九月 2019 | USN-4071-1 | Patch vulnerabilities | ||
| 30 九月 2019 | USN-4049-3 | GLib regression | ||
| 24 九月 2019 | CVE-2019-16097 | Harbor Privilege Escalation | ||
| 05 九月 2019 | USN-4099-1 | nginx vulnerabilities | ||
| 05 九月 2019 | USN-4090-1 | PostgreSQL vulnerabilities | ||
| 05 九月 2019 | USN-4068-2 | Linux kernel (HWE) vulnerabilities | ||
| 05 九月 2019 | USN-4060-1 | NSS vulnerabilities | ||
| 05 九月 2019 | USN-4058-1 | Bash vulnerability | ||
| 05 九月 2019 | USN-4049-1 | GLib vulnerability | ||
| 05 九月 2019 | USN-4038-3 | bzip2 regression | ||
| 06 八月 2019 | USN-4041-1 | Linux kernel update | ||
| 05 八月 2019 | USN-4014-1 | GLib vulnerability | ||
| 05 八月 2019 | USN-4001-1 | libseccomp vulnerability | ||
| 05 八月 2019 | USN-3977-3 | Intel Microcode update (AKA ZombieLoad Attack) | ||
| 19 六月 2019 | USN-3981-2 | Linux kernel (HWE) vulnerabilities (AKA ZombieLoad Attack) | ||
| 19 六月 2019 | USN-3977-2 | Intel Microcode update (AKA ZombieLoad Attack) | ||
| 19 六月 2019 | USN-3977-1 | Intel Microcode update (AKA ZombieLoad Attack) | ||
| 21 五月 2019 | USN-3972-1 | PostgreSQL vulnerabilities | ||
| 21 五月 2019 | USN-3962-1 | libpng vulnerability | ||
| 21 五月 2019 | USN-3960-1 | WavPack vulnerability | ||
| 21 五月 2019 | USN-3947-1 | Libxslt vulnerability | ||
| 21 五月 2019 | USN-3943-1 | Wget vulnerabilities | ||
| 21 五月 2019 | USN-3932-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 21 五月 2019 | USN-3931-2 | Linux kernel (HWE) vulnerabilities | ||
| 08 五月 2019 | USN-3935-1 | BusyBox vulnerabilities | ||
| 25 四月 2019 | USN-3945-1 | Ruby vulnerabilities | ||
| 25 四月 2019 | USN-3910-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 25 四月 2019 | USN-3906-1 | LibTIFF vulnerabilities | ||
| 25 四月 2019 | USN-3901-2 | Linux kernel (HWE) vulnerabilities | ||
| 25 四月 2019 | USN-3900-1 | GD vulnerabilities | ||
| 25 四月 2019 | USN-3899-1 | OpenSSL vulnerability | ||
| 25 四月 2019 | USN-3898-1 | NSS vulnerability | ||
| 25 四月 2019 | USN-3891-1 | systemd vulnerability | ||
| 25 四月 2019 | USN-3885-1 | OpenSSH vulnerabilities | ||
| 25 四月 2019 | USN-3884-1 | libarchive vulnerabilities | ||
| 25 四月 2019 | USN-3882-1 | curl vulnerabilities | ||
| 25 四月 2019 | USN-3879-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 25 四月 2019 | USN-3871-4 | Linux kernel (HWE) vulnerabilities | ||
| 25 四月 2019 | USN-3864-1 | LibTIFF vulnerabilities | ||
| 25 四月 2019 | USN-3859-1 | libarchive vulnerabilities | ||
| 25 四月 2019 | USN-3848-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 25 四月 2019 | USN-3847-2 | Linux kernel (HWE) vulnerabilities | ||
| 25 四月 2019 | USN-3840-1 | OpenSSL vulnerabilities | ||
| 25 四月 2019 | USN-3834-1 | Perl vulnerabilities | ||
| 25 四月 2019 | USN-3816-3 | systemd regression | ||
| 25 四月 2019 | USN-3855-1 | systemd vulnerabilities | ||
| 25 四月 2019 | USN-3863-1 | APT vulnerability | ||
| 13 二月 2019 | CVE-2019-5736 | runC container breakout | ||
| 06 二月 2019 | USN-3836-2 | Linux kernel (HWE) vulnerabilities | ||
| 06 二月 2019 | USN-3841-1 | lxml vulnerability | ||
| 06 二月 2019 | USN-3850-1 | NSS vulnerabilities | ||
| 03 一月 2019 | USN-3843-1 | pixman vulnerability | ||
| 03 一月 2019 | USN-3816-2 | systemd vulnerability | ||
| 03 一月 2019 | USN-3839-1 | WavPack vulnerabilities | ||
| 03 一月 2019 | USN-3829-1 | Git vulnerabilities | ||
| 14 十二月 2018 | USN-3805-1 | curl vulnerabilities | ||
| 14 十二月 2018 | USN-3809-1 | OpenSSH vulnerabilities | ||
| 14 十二月 2018 | USN-3812-1 | nginx vulnerabilities | ||
| 14 十二月 2018 | USN-3815-1 | gettext vulnerability | ||
| 14 十二月 2018 | USN-3817-1 | Python vulnerabilities | ||
| 14 十二月 2018 | USN-3821-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 12 十二月 2018 | USN-3820-2 | Linux kernel (HWE) vulnerabilities | ||
| 12 十二月 2018 | USN-3816-1 | systemd vulnerabilities | ||
| 12 十二月 2018 | USN-3806-1 | systemd vulnerability | ||
| 12 十二月 2018 | USN-3808-1 | Ruby vulnerabilities | ||
| 03 十二月 2018 | CVE-2018-15797 | NFS Volume release errand leaks cf admin credentials in logs | ||
| 03 十二月 2018 | CVE-2018-1002105 | Proxy request handling in kube-apiserver can leave vulnerable TCP connections | ||
| 28 十一月 2018 | USN-3797-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 08 十一月 2018 | USN-3800-1 | audiofile vulnerabilities | ||
| 08 十一月 2018 | USN-3791-1 | Git vulnerability | ||
| 08 十一月 2018 | USN-3786-1 | libxkbcommon vulnerabilities | ||
| 08 十一月 2018 | USN-3785-1 | ImageMagick vulnerabilities | ||
| 06 十一月 2018 | CVE-2018-15761 | UAA Privilege Escalation | ||
| 26 十月 2018 | USN-3790-1 | Requests vulnerability | ||
| 26 十月 2018 | USN-3777-2 | Linux kernel (HWE) vulnerabilities | ||
| 26 十月 2018 | USN-3762-2 | Linux kernel (HWE) vulnerabilities | ||
| 09 十月 2018 | USN-3752-2 | Linux kernel (HWE) vulnerabilities | ||
| 09 十月 2018 | USN-3765-1 | curl vulnerability | ||
| 09 十月 2018 | USN-3767-1 | GLib vulnerabilities | ||
| 09 十月 2018 | USN-3770-1 | Little CMS vulnerabilities | ||
| 27 九月 2018 | USN-3759-1 | libtirpc vulnerabilities | ||
| 27 九月 2018 | USN-3758-1 | libx11 vulnerabilities | ||
| 27 九月 2018 | USN-3756-1 | Intel Microcode vulnerabilities | ||
| 27 九月 2018 | USN-3755-1 | GD vulnerabilities | ||
| 27 九月 2018 | USN-3753-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 27 九月 2018 | USN-3744-1 | PostgreSQL vulnerabilities | ||
| 27 九月 2018 | USN-3741-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 27 九月 2018 | USN-3739-1 | libxml2 vulnerabilities | ||
| 27 九月 2018 | USN-3736-1 | libarchive vulnerabilities | ||
| 27 九月 2018 | USN-3733-1 | GnuPG vulnerability | ||
| 27 九月 2018 | USN-3729-1 | libxcursor vulnerability | ||
| 27 九月 2018 | USN-3712-1 | libpng vulnerabilities | ||
| 27 九月 2018 | USN-3696-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 27 九月 2018 | USN-3692-1 | OpenSSL vulnerabilities | ||
| 27 九月 2018 | USN-3690-2 | AMD Microcode regression | ||
| 27 九月 2018 | USN-3690-1 | AMD Microcode update | ||
| 27 九月 2018 | USN-3689-1 | Libgcrypt vulnerability | ||
| 27 九月 2018 | USN-3605-1 | Sharutils vulnerability | ||
| 27 九月 2018 | USN-3589-1 | PostgreSQL vulnerability | ||
| 27 九月 2018 | USN-3564-1 | PostgreSQL vulnerability | ||
| 27 九月 2018 | USN-3532-1 | GDK-PixBuf vulnerabilities | ||
| 27 九月 2018 | USN-3509-4 | Linux kernel (Xenial HWE) regression | ||
| 27 九月 2018 | USN-3352-1 | nginx vulnerability | ||
| 09 八月 2018 | CVE-2018-8037 | Apache Tomcat - NIO/NIO2 connectors user sessions can get mixed up | ||
| 09 八月 2018 | CVE-2018-1336 | Apache Tomcat - UTF-8 decoder can lead to DoS | ||
| 02 八月 2018 | USN-3711-1 | ImageMagick vulnerabilities | ||
| 02 八月 2018 | USN-3707-1 | NTP vulnerabilities | ||
| 02 八月 2018 | USN-3706-1 | libjpeg-turbo vulnerabilities | ||
| 23 七月 2018 | CVE-2018-11047 | UAA accepts refresh token as access token on admin endpoints | ||
| 20 七月 2018 | USN-3693-1 | JasPer vulnerabilities | ||
| 20 七月 2018 | USN-3686-1 | file vulnerabilities | ||
| 20 七月 2018 | USN-3684-1 | Perl vulnerability | ||
| 20 七月 2018 | USN-3681-1 | ImageMagick vulnerabilities | ||
| 20 七月 2018 | USN-3676-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 20 七月 2018 | USN-3675-1 | GnuPG vulnerabilities | ||
| 20 七月 2018 | USN-3658-1 | procps-ng vulnerabilities | ||
| 17 七月 2018 | CVE-2018-11041 | UAA open redirect | ||
| 16 七月 2018 | CVE-2018-1269 | Loggregator does not properly close some TCP connections | ||
| 16 七月 2018 | CVE-2018-1268 | Loggregator lacks app GUID validation | ||
| 19 六月 2018 | CVE-2018-1265 | Diego does not properly sanitize file paths in tar/zip files | ||
| 21 六月 2018 | USN-3671-1 | Git vulnerabilities | ||
| 21 六月 2018 | USN-3654-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 21 六月 2018 | USN-3648-1 | curl vulnerabilities | ||
| 14 六月 2018 | USN-3643-1 | Wget vulnerability | ||
| 14 六月 2018 | USN-3641-1 | Linux kernel vulnerabilities | ||
| 14 六月 2018 | USN-3631-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 14 六月 2018 | USN-3628-1 | OpenSSL vulnerability | ||
| 14 六月 2018 | USN-3625-1 | Perl vulnerabilities | ||
| 14 六月 2018 | USN-3624-1 | Patch vulnerabilities | ||
| 14 六月 2018 | USN-3622-1 | Wayland vulnerability | ||
| 21 五月 2018 | CVE-2018-1277 | Garden does not correctly enforce Docker image disc quotas | ||
| 21 五月 2018 | CVE-2018-1276 | Windows2012R2 stemcell exposes IaaS metadata on vSphere | ||
| 10 五月 2018 | MS-ISAC-2018-046 | MS-ISAC 2018-046 Multiple Vulnerabilities in PHP | ||
| 08 五月 2018 | CVE-2018-1191 | Garden may log Docker passwords | ||
| 02 五月 2018 | USN-3619-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 02 五月 2018 | USN-3611-1 | OpenSSL vulnerability | ||
| 02 五月 2018 | USN-3610-1 | ICU vulnerability | ||
| 02 五月 2018 | USN-3606-1 | LibTIFF vulnerabilities | ||
| 02 五月 2018 | USN-3604-1 | libvorbis vulnerabilities | ||
| 02 五月 2018 | USN-3602-1 | LibTIFF vulnerabilities | ||
| 02 五月 2018 | USN-3598-1 | curl vulnerabilities | ||
| 02 五月 2018 | USN-3586-1 | DHCP vulnerabilities | ||
| 02 五月 2018 | USN-3584-1 | sensible-utils vulnerability | ||
| 02 五月 2018 | USN-3569-1 | libvorbis vulnerabilities | ||
| 02 五月 2018 | USN-3554-1 | curl vulnerabilities | ||
| 02 五月 2018 | USN-3547-1 | Libtasn1 vulnerabilities | ||
| 02 五月 2018 | USN-3543-1 | rsync vulnerabilities | ||
| 02 五月 2018 | USN-3534-1 | GNU C Library vulnerabilities | ||
| 02 五月 2018 | USN-3506-1 | rsync vulnerabilities | ||
| 02 五月 2018 | USN-3501-1 | libxcursor vulnerability | ||
| 02 五月 2018 | USN-3346-2 | Bind regression | ||
| 30 四月 2018 | CVE-2018-1197 | GCP Metadata Endpoint Accessible from Application Containers on Windows | ||
| 05 四月 2018 | CVE-2018-1266 | Cloud Controller file modification via malicious application | ||
| 05 四月 2018 | CVE-2018-1231 | BOSH CLI does not restrict access to configuration file | ||
| 03 四月 2018 | USN-3582-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 28 三月 2018 | CVE-2018-1195 | Cloud Controller API will accept a refresh token for authentication | ||
| 28 三月 2018 | CVE-2018-1192 | UAA SessionID present in Audit Event Logs | ||
| 28 三月 2018 | CVE-2018-1190 | XSS on UAA OpenID Connect check session iframe endpoint | ||
| 09 三月 2018 | CVE-2018-1227 | Concourse-dot-ci Domain Issue | ||
| 27 二月 2018 | VU475445 | VU#475445 SAML Authentication Bypass | ||
| 27 二月 2018 | CVE-2018-1221 | Gorouter websocket handling vulnerability | ||
| 01 二月 2018 | USN-3540-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 01 二月 2018 | USN-3538-1 | OpenSSH vulnerabilities | ||
| 01 二月 2018 | USN-3535-1 | Bind vulnerability | ||
| 01 二月 2018 | USN-3522-4 | Linux (Xenial HWE) vulnerability | ||
| 01 二月 2018 | USN-3522-2 | Linux (Xenial HWE) vulnerability | ||
| 01 二月 2018 | USN-3513-1 | libxml2 vulnerability | ||
| 01 二月 2018 | USN-3504-1 | libxml2 vulnerability | ||
| 03 一月 2018 | Meltdown and Spectre Attacks | Meltdown and Spectre Attacks | ||
| 19 十二月 2017 | CVE-2017-1000353 | Jenkins unauthenticated remote code execution | ||
| 15 十二月 2017 | USN-3509-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 15 十二月 2017 | USN-3505-1 | Linux firmware vulnerabilities | ||
| 15 十二月 2017 | USN-3498-1 | curl vulnerabilities | ||
| 15 十二月 2017 | USN-3496-3 | Python vulnerability | ||
| 15 十二月 2017 | USN-3496-1 | Python vulnerability | ||
| 15 十二月 2017 | USN-3489-1 | Berkeley DB vulnerability | ||
| 15 十二月 2017 | USN-3485-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 15 十二月 2017 | USN-3478-1 | Perl vulnerabilities | ||
| 15 十二月 2017 | USN-3475-1 | OpenSSL vulnerabilities | ||
| 15 十二月 2017 | USN-3469-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 15 十二月 2017 | USN-3464-1 | Wget vulnerabilities | ||
| 15 十二月 2017 | USN-3458-1 | ICU vulnerability | ||
| 15 十二月 2017 | USN-3457-1 | curl vulnerability | ||
| 21 十一月 2017 | USN-3454-1 | libffi vulnerability | ||
| 21 十一月 2017 | USN-3444-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 21 十一月 2017 | USN-3441-1 | curl vulnerabilities | ||
| 21 十一月 2017 | USN-3437-1 | OCaml vulnerability | ||
| 21 十一月 2017 | USN-3434-1 | Libidn vulnerability | ||
| 21 十一月 2017 | USN-3432-1 | ca-certificates update | ||
| 21 十一月 2017 | USN-3424-1 | libxml2 vulnerabilities | ||
| 21 十一月 2017 | USN-3387-1 | Git vulnerability | ||
| 16 十一月 2017 | CVE-2017-8031 | UAA Denial of Service through client token revocation endpoint | ||
| 15 十一月 2017 | CVE-2017-14388 | GrootFS doesn’t validate DiffIDs | ||
| 11 十月 2017 | CVE-2017-8048 | Cloud Controller API regression | ||
| 10 十月 2017 | CVE-2017-8047 | Cloud Foundry router open redirect | ||
| 28 九月 2017 | USN-3420-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 28 九月 2017 | USN-3418-1 | GDK-PixBuf vulnerabilities | ||
| 28 九月 2017 | USN-3415-1 | tcpdump vulnerabilities | ||
| 28 九月 2017 | USN-3411-1 | Bazaar vulnerability | ||
| 28 九月 2017 | USN-3410-1 | GD library vulnerability | ||
| 28 九月 2017 | USN-3405-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 28 九月 2017 | USN-3398-1 | graphite2 vulnerabilities | ||
| 08 九月 2017 | CVE-2017-9805 | Apache Struts Remote Code Execution | ||
| 28 八月 2017 | USN-3392-2 | Linux kernel (Xenial HWE) regression | ||
| 21 八月 2017 | USN-3385-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 14 八月 2017 | USN-3378-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 14 八月 2017 | USN-3367-1 | gdb vulnerabilities | ||
| 14 八月 2017 | USN-3364-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 14 八月 2017 | USN-3363-2 | ImageMagick regression References | ||
| 14 八月 2017 | USN-3363-1 | ImageMagick vulnerabilities | ||
| 14 八月 2017 | USN-3356-1 | Expat vulnerability | ||
| 14 八月 2017 | USN-3353-1 | Heimdal vulnerability | ||
| 14 八月 2017 | USN-3349-1 | NTP vulnerabilities | ||
| 14 八月 2017 | USN-3347-1 | Libgcrypt vulnerabilities | ||
| 14 八月 2017 | USN-3346-1 | bind9 vulnerabilities | ||
| 14 八月 2017 | USN-3344-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 07 八月 2017 | CVE-2017-8037 | Incomplete fix for Cloud Controller API access to CC VM contents | ||
| 02 八月 2017 | CVE-2017-9022/CVE-2017-9023 | strongSwan DOS Vulnerabilities | ||
| 01 八月 2017 | CVE-2017-8038 | Credentials readable from CredHub endpoint | ||
| 25 七月 2017 | CVE-2017-8036 | Cloud Controller API regression | ||
| 25 七月 2017 | CVE-2017-8035 | Cloud Controller API access to CC VM contents | ||
| 25 七月 2017 | CVE-2017-8033 | Cloud Controller API filesystem traversal vulnerability | ||
| 24 七月 2017 | CVE-2017-8032 | UAA Identity Zone Admin Privilege Escalation | ||
| 05 七月 2017 | CVE-2017-7485 | PostgreSQL vulnerabilities | ||
| 26 六月 2017 | CVE-2017-5946 | Directory Traversal in Rubyzip | ||
| 26 六月 2017 | USN-3334-1 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 26 六月 2017 | USN-3323-1 | GNU C Library vulnerability | ||
| 26 六月 2017 | USN-3318-1 | GnuTLS vulnerabilities | ||
| 26 六月 2017 | USN-3312-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 26 六月 2017 | USN-3311-1 | libnl vulnerability | ||
| 26 六月 2017 | USN-3309-1 | Libtasn1 vulnerability | ||
| 26 六月 2017 | USN-3302-1 | ImageMagick vulnerabilities | ||
| 26 六月 2017 | USN-3212-2 | LibTIFF regression | ||
| 22 六月 2017 | USN-3304-1 | Sudo vulnerability | ||
| 08 六月 2017 | CVE-2017-4994 | Forwarded Headers in UAA | ||
| 08 六月 2017 | USN-3295-1 | JasPer vulnerabilities | ||
| 08 六月 2017 | USN-3294-1 | Bash vulnerabilities | ||
| 08 六月 2017 | USN-3291-3 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 08 六月 2017 | USN-3287-1 | Git vulnerability | ||
| 08 六月 2017 | USN-3283-1 | rtmpdump vulnerabilities | ||
| 08 六月 2017 | USN-3282-1 | FreeType vulnerabilities | ||
| 08 六月 2017 | USN-3276-2 | shadow regression | ||
| 08 六月 2017 | USN-3263-1 | FreeType vulnerability | ||
| 08 六月 2017 | USN-3259-1 | Bind vulnerabilities | ||
| 08 六月 2017 | USN-3246-1 | Eject vulnerability | ||
| 08 六月 2017 | USN-3181-1 | OpenSSL vulnerabilities | ||
| 19 五月 2017 | CVE-2017-4992 | Privilege escalation with user invitations | ||
| 19 五月 2017 | CVE-2017-4991 | UAA password reset vulnerability | ||
| 02 五月 2017 | USN-3265-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 01 五月 2017 | CVE-2017-4974 | Blind SQL Injection with privileged UAA endpoints | ||
| 20 四月 2017 | CVE-2015-3281 | HAProxy vulnerabilities | ||
| 20 四月 2017 | CVE-2017-4973 | Privilege Escalation in UAA | ||
| 20 四月 2017 | CVE-2017-4972 | Blind SQL Injection in UAA | ||
| 13 四月 2017 | CVE-2017-4969 | Bug in CC allows users to exceed quotas | ||
| 12 四月 2017 | USN-3256-2 | Linux kernel (HWE) vulnerability | ||
| 10 四月 2017 | CVE-2017-4970 | Staticfile buildpack ignores basic authentication when misconfigured | ||
| 06 四月 2017 | USN-3243-1 | Git vulnerability | ||
| 06 四月 2017 | USN-3241-1 | audiofile vulnerabilities | ||
| 06 四月 2017 | USN-3239-2 | GNU C Library Regression | ||
| 06 四月 2017 | USN-3237-1 | FreeType vulnerability | ||
| 06 四月 2017 | USN-3235-1 | libxml2 vulnerabilities | ||
| 06 四月 2017 | USN-3232-1 | ImageMagick vulnerabilities | ||
| 06 四月 2017 | USN-3227-1 | ICU vulnerabilities | ||
| 06 四月 2017 | USN-3225-1 | libarchive vulnerabilities | ||
| 06 四月 2017 | USN-3183-2 | GnuTLS vulnerability | ||
| 05 四月 2017 | CVE-2017-5649 | Apache Geode privilege escalation vulnerability | ||
| 04 四月 2017 | USN-3201-1 | Bind vulnerabilities | ||
| 04 四月 2017 | USN-3234-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 04 四月 2017 | USN-3228-1 | libevent vulnerabilities | ||
| 04 四月 2017 | USN-3247-1 | AppArmor vulnerability | ||
| 04 四月 2017 | USN-3249-2 | Linux kernel (Xenial HWE) vulnerability | ||
| 31 三月 2017 | USN-3222-1 | ImageMagick vulnerabilities | ||
| 31 三月 2017 | USN-3213-1 | GD library vulnerabilities | ||
| 31 三月 2017 | USN-3212-1 | LibTIFF vulnerabilities | ||
| 31 三月 2017 | USN-3205-1 | tcpdump vulnerabilities | ||
| 31 三月 2017 | USN-3142-2 | ImageMagick vulnerabilities | ||
| 29 三月 2017 | CVE-2017-4963 | Session Fixation for UAA External Authentication | ||
| 17 三月 2017 | USN-3196-1 | Multiple PHP vulnerabilities | ||
| 17 三月 2017 | USN-3185-1 | libXpm vulnerability | ||
| 17 三月 2017 | USN-3193-1 | Nettle vulnerability | ||
| 17 三月 2017 | USN-3183-1 | GnuTLS vulnerabilities | ||
| 14 三月 2017 | USN-3189-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 14 三月 2017 | CVE-2017-5638 | Apache Struts Remote Code Execution | ||
| 13 三月 2017 | USN-3220-2 | Linux kernel (Xenial HWE) vulnerability | ||
| 09 三月 2017 | CVE-2017-4960 | UAA OAuth DOS via lockout feature | ||
| 01 三月 2017 | USN-3208-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 31 一月 2017 | USN-3172-1 | Bind vulnerabilities | ||
| 31 一月 2017 | USN-3169-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 31 一月 2017 | USN-3161-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 23 一月 2017 | CVE-2016-6660 | Cloud Controller logs application environment variables | ||
| 19 一月 2017 | USN-3024-1 | tomcat6, tomcat7 vulnerabilities | ||
| 12 一月 2017 | RunC Exec | RunC Exec Vulnerability | ||
| 10 一月 2017 | CVE-2016-9882 | Cloud Foundry Logs Service Credentials | ||
| 29 十二月 2016 | CVE-2016-3958 and CVE-2016-3959 | Golang vulnerabilities | ||
| 27 十二月 2016 | USN-3146-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 27 十二月 2016 | USN-3128-2 | Linux kernel (Xenial HWE) vulnerability | ||
| 27 十二月 2016 | USN-3142-1 | ImageMagick vulnerabilities | ||
| 19 十二月 2016 | CVE-2016-8219 | Space Auditor can restage apps | ||
| 21 十二月 2016 | Multiple CVEs | httpoxy vulnerabilities | ||
| 20 十二月 2016 | USN-3156-1 | APT vulnerability | ||
| 19 十二月 2016 | USN-3131-1 | ImageMagick vulnerabilities | ||
| 19 十二月 2016 | USN-3067-1 | HarfBuzz vulnerabilities | ||
| 19 十二月 2016 | USN-3117-1 | GD library vulnerabilities | ||
| 14 十二月 2016 | USN-3132-1 | tar vulnerability | ||
| 14 十二月 2016 | USN-3134-1 | Python vulnerabilities | ||
| 14 十二月 2016 | USN-3139-1 | Vim vulnerability | ||
| 14 十二月 2016 | CVE-2016-6659 | UAA Privilege Escalation | ||
| 14 十二月 2016 | USN-3116-1 | DBus vulnerabilities | ||
| 14 十二月 2016 | USN-3119-1 | Bind vulnerability | ||
| 13 十二月 2016 | USN-3123-1 | curl vulnerabilities | ||
| 13 十二月 2016 | USN-3088-1 | Bind vulnerability | ||
| 09 十二月 2016 | CVE-2016-8218 | Unauthenticated JWT signing algorithm in routing | ||
| 07 十二月 2016 | USN-3151-2 | Linux kernel (Xenial HWE) vulnerability | ||
| 17 十一月 2016 | CVE-2016-6663/CVE-2016-6664 | MariaDB Root Privilege Escalation | ||
| 17 十一月 2016 | Several | PCRE vulnerabilities prior to version 8.39 | ||
| 07 十一月 2016 | USN-3096-1 | NTP vulnerabilities | ||
| 07 十一月 2016 | USN-3095-1 | PHP vulnerabilities | ||
| 02 十一月 2016 | CVE-2016-6658 | Incomplete fix for Credential Vulnerability for Custom Buildpacks | ||
| 21 十月 2016 | CVE-2016-5195 | Linux kernel vulnerability | ||
| 17 十月 2016 | CVE-2016-6655 | Utility Script Command Injection | ||
| 17 十月 2016 | USN-3099-2 | Linux kernel vulnerabilities | ||
| 29 九月 2016 | CVE-2016-6653 | MySQL Audit logs sent to Syslog | ||
| 28 九月 2016 | USN-3087-2 | OpenSSL Regression | ||
| 28 九月 2016 | USN-3083-1 | Linux kernel vulnerabilities | ||
| 28 九月 2016 | USN-3068-1 | Libidn vulnerabilities | ||
| 28 九月 2016 | CVE-2016-6662 | Multiple MySQL Vulnerabilities | ||
| 28 九月 2016 | USN-3085-1 | GDK-PixBuf vulnerabilities | ||
| 26 九月 2016 | CVE-2016-6651 | Privilege Escalation in UAA | ||
| 26 九月 2016 | CVE-2016-6636 | UAA Open Redirect Vulnerability for Subdomains | ||
| 26 九月 2016 | CVE-2016-6637 | UAA CSRF Vulnerability for OAuth Approvals | ||
| 21 九月 2016 | CVE-2014-9130 | LibYAML vulnerability | ||
| 09 九月 2016 | CVE-2016-6639 | PHP Buildpack exposes .profile file | ||
| 09 九月 2016 | USN-3045-1 | PHP vulnerabilities | ||
| 25 八月 2016 | USN-3065-1 | Libgcrypt vulnerability | ||
| 25 八月 2016 | USN-3064-1 | GnuPG vulnerability | ||
| 25 八月 2016 | USN-3063-1 | Fontconfig vulnerability | ||
| 25 八月 2016 | USN-3061-1 | OpenSSH vulnerability | ||
| 25 八月 2016 | USN-3030-1/USN-3060-1 | GD library vulnerability | ||
| 25 八月 2016 | USN-3053-1/USN-3037-1 | Linux kernel (Vivid HWE) vulnerability | ||
| 25 八月 2016 | USN-3048-1 | curl vulnerability | ||
| 25 八月 2016 | USN-3033-1 | libarchive vulnerability | ||
| 18 八月 2016 | CVE-2016-5016 | UAA accepts expired certificates | ||
| 26 七月 2016 | CVE-2016-5006 | Cloud Controller API logs user-provided service credentials | ||
| 13 七月 2016 | USN-3010-1 | Expat vulnerabilities | ||
| 13 七月 2016 | CVE-2016-4450 | Nginx Vulnerabilities | ||
| 13 七月 2016 | USN-3012-1 | Wget vulnerability | ||
| 01 七月 2016 | USN-3020-1 | Linux kernel (Vivid HWE) vulnerabilities | ||
| 30 六月 2016 | CVE-2016-4468 | UAA SQL Injection | ||
| 15 六月 2016 | USN-3001-1 | Linux kernel (Vivid HWE) vulnerabilities | ||
| 13 六月 2016 | CVE-2016-4435 | BOSH Agent Anonymous Endpoint | ||
| 13 六月 2016 | USN-2994-1 | libxml2 vulnerabilities | ||
| 13 六月 2016 | USN-2991-1 | nginx vulnerability | ||
| 13 六月 2016 | USN-2990-1 | ImageMagick vulnerability (a.k.a. ImageTragick) | ||
| 13 六月 2016 | USN-2987-1 | GD library vulnerabilities | ||
| 13 六月 2016 | USN-2985-2 | GNU C Library regression | ||
| 13 六月 2016 | USN-2983-1 | Expat vulnerability | ||
| 13 六月 2016 | USN-2981-1 | libarchive vulnerabilities | ||
| 13 六月 2016 | USN-2966-1 | OpenSSH vulnerabilities | ||
| 13 六月 2016 | USN-2961-1 | Little CMS vulnerability | ||
| 08 六月 2016 | CVE-2013-7456 | PHP vulnerabilities | ||
| 03 六月 2016 | USN-2970-1 | Linux kernel (Vivid HWE) vulnerabilities | ||
| 23 五月 2016 | CVE-2016-3084 | UAA Password Reset Vulnerability | ||
| 19 五月 2016 | USN-2977-1 | Linux kernel (Vivid HWE) vulnerabilities | ||
| 17 五月 2016 | CVE-2016-3091 | Diego log encoding vulnerability | ||
| 06 五月 2016 | USN-2959-1 | OpenSSL vulnerabilities | ||
| 06 五月 2016 | USN-2957-1 | Libtasn1 vulnerability | ||
| 06 五月 2016 | USN-2949-1 | Linux kernel (Vivid HWE) vulnerabilities | ||
| 06 五月 2016 | USN-2943-1 | PCRE vulnerabilities | ||
| 06 五月 2016 | USN-2935-2 | PAM regression | ||
| 02 五月 2016 | CVE-2015-5170-5173 | UAA Vulnerabilities | ||
| 14 四月 2016 | Badlock bug | Samba and Windows Vulnerabilities | ||
| 24 三月 2016 | USN-2939-1 | LibTIFF vulnerabilities | ||
| 24 三月 2016 | USN-2927-1 | Graphite2 vulnerabilities | ||
| 24 三月 2016 | USN-2925-1 | Bind9 vulnerabilities | ||
| 24 三月 2016 | USN-2919-1 | JasPer vulnerabilities | ||
| 24 三月 2016 | USN-2918-1 | Pixman vulnerabilities | ||
| 24 三月 2016 | USN-2916-1 | Perl vulnerabilities | ||
| 24 三月 2016 | USN-2914-1 | OpenSSL vulnerabilities | ||
| 24 三月 2016 | NPM Ownership Issue | Warning about NPM modules | ||
| 24 三月 2016 | USN-2938-1 | Git vulnerabilities | ||
| 16 三月 2016 | USN-2932-1 | Linux kernel vulnerabilities | ||
| 02 三月 2016 | CVE-2016-0800 | OpenSSL vulnerabilities | ||
| 26 二月 2016 | USN-2910-1 | Linux kernel vulnerability | ||
| 26 二月 2016 | CVE-2016-0761 | Docker Image Host Files Corruption | ||
| 19 二月 2016 | USN-2900-1 | GNU libc vulnerability | ||
| 02 二月 2016 | CVE-2016-0732 | Privilege Escalation | ||
| 01 二月 2016 | CVE-2016-0713 | Gorouter XSS | ||
| 22 一月 2016 | USN-2871-1 | Linux kernel vulnerability | ||
| 20 一月 2016 | CVE-2016-0715 | Remote Information Disclosure | ||
| 19 一月 2016 | USN-2865-1 | GnuTLS vulnerability | ||
| 19 一月 2016 | USN-2861-1 | libpng vulnerability | ||
| 19 一月 2016 | USN-2868-1 | DHCP vulnerability | ||
| 19 一月 2016 | USN-2869-1 | OpenSSH vulnerability | ||
| 18 一月 2016 | CVE-2016-0708 | Remote Information Disclosure | ||
| 07 一月 2016 | USN-2857-1 | Linux kernel vulnerability | ||
| 07 一月 2016 | USN-2842-1/USN-2842-2 | Linux kernel vulnerability | ||
| 07 一月 2016 | USN-2837-1 | bind9 vulnerability | ||
| 07 一月 2016 | USN-2836-1 | grub2 vulnerability | ||
| 07 一月 2016 | USN-2835-1 | git vulnerability | ||
| 07 一月 2016 | USN-2834-1 | libxml2 vulnerability | ||
| 07 一月 2016 | USN-2830-1 | OpenSSL vulnerability | ||
| 07 一月 2016 | USN-2829-1 | Linux kernel vulnerability | ||
| 15 十二月 2015 | CVE-2015-5350 | Garden Nstar vulnerability | ||
| 04 十二月 2015 | USN-2821-1 | GnuTLS vulnerability | ||
| 04 十二月 2015 | USN-2820-1 | dpkg vulnerability | ||
| 02 十二月 2015 | USN-2815-1 | PNG vulnerability | ||
| 02 十二月 2015 | USN-2812-1 | libxml2 vulnerability | ||
| 02 十二月 2015 | USN-2810-1 | Kerberos vulnerability | ||
| 02 十二月 2015 | USN-2787-1 | audiofile vulnerability | ||
| 24 十一月 2015 | USN-2788-1/2788-2 | unzip vulnerability | ||
| 12 十一月 2015 | USN-2798-1 | Linux kernel vulnerability | ||
| 12 十一月 2015 | USN-2806-1 | Linux kernel vulnerability | ||
| 03 十一月 2015 | USN-2778-1 | Linux kernel vulnerabilities | ||
| 03 十一月 2015 | USN-2767-1 | GDK-Pixbuf library vulnerability | ||
| 07 十月 2015 | Golang | Golang 1.4.3 CVE Fixes | ||
| 07 十月 2015 | USN-2722-1 | GDK-PixBuf Vulnerabilities | ||
| 07 十月 2015 | USN-2711-1 | Net-SNMP Vulnerabilities | ||
| 07 十月 2015 | USN-2739-1 | FreeType Vulnerabilities | ||
| 07 十月 2015 | USN-2740-1 | ICU Vulnerabilities | ||
| 07 十月 2015 | USN-2751-1 | Linux Kernel (Vivid HWE) Vulnerability | ||
| 07 十月 2015 | USN-2756-1 | rpcbind Vulnerability | ||
| 07 十月 2015 | USN-2765-1 | Linux Kernel (Vivid HWE) Vulnerability | ||
| 08 九月 2015 | USN-2710-1 | OpenSSH Vulnerabilities | ||
| 08 九月 2015 | USN-2698-1 | SQLite Vulnerabilities | ||
| 08 九月 2015 | USN-2694-1 | PCRE Vulnerabilities | ||
| 08 九月 2015 | USN-2718-1 | Address Configuration Change Vulnerabilities | ||
| 06 八月 2015 | USN-2696-1 | OpenJDK 7 Vulnerabilities | ||
| 29 七月 2015 | CVE-2015-3290 | Linux Kernel NMI Vulnerability | ||
| 10 七月 2015 | CVE-2015-1420 | file_handle size verification | ||
| 06 七月 2015 | CVE-2015-1330 | Unattended-Upgrades Vulnerability | ||
| 25 六月 2015 | CVE-2015-3189 | Expire old reset password links | ||
| 25 六月 2015 | CVE-2015-3190 | Open redirect on Login | ||
| 25 六月 2015 | CVE-2015-3191 | CSRF attack on change email | ||
| 12 六月 2015 | USN-2639-1 | OpenSSL vulnerabilities | ||
| 12 六月 2015 | CVE-2015-3636 | ipv4 use-after-free | ||
| 17 六月 2015 | CVE-2015-1328 | overlayfs privilege escalation | ||
| 09 六月 2015 | Redis LUA Sandbox | Redis LUA Exploit | ||
| 22 五月 2015 | CVE-2015-1834 | Path Traversal Vulnerability | ||
| 22 五月 2015 | USN-2617-1 | FUSE Vulnerability | ||
| 30 四月 2015 | CVE-2015-1855 | Ruby OpenSSL Hostname Verification | ||
| 23 三月 2015 | CVE-2015-0282 | Multiple GnuTLS Vulnerabilities | ||
| 21 三月 2015 | USN-2537-1 | OpenSSL vulnerabilities | ||
| 13 三月 2015 | CVE-2014-8159 | Linux Kernel Infiniband Vulnerability | ||
| 09 二月 2015 | CVE-2014-0227 | Apache Tomcat Request Smuggling | ||
| 28 一月 2015 | CVE-2015-0235 | GHOST | ||
| 10 九月 2014 | CVE-2013-4444 | Remote Code Execution in Apache Tomcat | ||
| 16 十月 2014 | CVE-2014-3566 | SSLV3 POODLE | ||
| 29 九月 2014 | CVE-2014-7186 | Bash Out-of Bonds | ||
| 25 九月 2014 | CVE-2014-6271 | Bash - ShellShock | ||
| 19 九月 2014 | CVE-2014-5119 | glib_gconv_translit_find() exploit | ||
| 18 八月 2014 | CVE-2014-3153 | Futex requeue exploit | ||
| 05 六月 2014 | CVE-2014-0224 | SSL/TLS MITM Vulnerability | ||
| 10 四月 2014 | CVE-2014-0160 | Heartbleed |
[1] This table is not yet a complete list of vulnerabilities in dependencies. Formulating such a list is an extensive undertaking which Pivotal is addressing systematically. When this table becomes a complete and comprehensive list, we will remove this footnote.
Thanks
Note: Reports of vulnerabilities in Pivotal products are listed in the credit section of the associated security announcement.