Notable Vulnerabilities in Dependencies (USNs) and legacy VMware Tanzu advisories
This page lists the legacy VMware Tanzu Vulnerability Reports. Starting in 2021, advisories documenting security vulnerabilities in VMware Tanzu products are continued on the VMware Security Advisories page. Information regarding open source vulnerabilities that are addressed in Tanzu products is present in the release notes of Tanzu products.
This page continues to list Spring advisories and USNs. Advisories pertaining to open source projects sponsored by VMware—apart from Spring—may be found in their GitHub repositories.
Reporting a vulnerability
The VMware Security Response team provides a single point of contact for the reporting of security vulnerabilities in VMware Tanzu products and coordinates the process of investigating any reported vulnerabilities.
To report a security vulnerability in a VMware service or product please refer to the VMware Security Response Policy.
VMware Tanzu Vulnerability Reports
| Date | CVE Reference | Description | ||
|---|---|---|---|---|
| 28 6월 2021 | CVE-2021-22119 | Denial-of-Service (DoS) attack via initiation of Authorization Request in Spring Security OAuth 2.0 Client Web and WebFlux Application | ||
| 25 5월 2021 | CVE-2021-22118 | Local Privilege Escalation within Spring Webflux Multipart Request Handling | ||
| 10 5월 2021 | CVE-2021-22117 | RabbitMQ Sever vulnerable to arbitrary code execution attack | ||
| 10 5월 2021 | CVE-2021-22116 | Denial-of-Service Vulnerability due to improper input validation in RabbitMQ server | ||
| 26 2월 2021 | CVE-2021-22114 | Zip-slip mitigation bypass in Spring Integration Zip extension | ||
| 19 2월 2021 | CVE-2021-22112 | Changing SecurityContext More Than Once in Single Request Can Fail to Save | ||
| 11 2월 2021 | CVE-2021-22113 | Spring Cloud Netflix Zuul “Sensitive Headers” Bypass Vulnerability | ||
| 25 1월 2021 | CVE-2020-5428 | Possibility of SQL Injection in Spring Cloud Task Execution Sorting Query | ||
| 25 1월 2021 | CVE-2020-5427 | Possibility of SQL Injection in Spring Cloud Data Flow Task Execution Sorting Query | ||
| 01 12월 2020 | CVE-2020-5423 | Cloud Controller is vulnerable to denial of service via YAML parsing | ||
| 16 11월 2020 | CVE-2020-5417 | Cloud Controller may allow developers to claim sensitive routes | ||
| 12 11월 2020 | CVE-2020-5422 | UAA password may appear in Operations Manager process arguments | ||
| 03 11월 2020 | CVE-2020-5426 | Scheduler for TAS can transmit privileged UAA token in plaintext | ||
| 29 10월 2020 | CVE-2020-5425 | User Impersonation possible in Tanzu SSO | ||
| 13 10월 2020 | MYSQL-SECURITY-UPDATES-APR2020 | Various MySQL Security Updates from April 2020 | ||
| 13 10월 2020 | MYSQL-SECURITY-UPDATES-JAN2020 | Various MySQL Security Updates from January 2020 | ||
| 17 9월 2020 | CVE-2020-5421 | RFD Protection Bypass via jsessionid | ||
| 10 9월 2020 | CVE-2020-5420 | Gorouter is vulnerable to DoS attack via invalid HTTP responses | ||
| 01 9월 2020 | CVE-2020-5416 | TAS clusters with NGINX in front of them may be vulnerable to DoS | ||
| 27 8월 2020 | CVE-2020-5419 | RabbitMQ arbitrary code execution using local binary planting | ||
| 11 8월 2020 | CVE-2020-5415 | Concourse's GitLab auth allows impersonation | ||
| 04 8월 2020 | CVE-2020-5412 | Hystrix Dashboard Proxy In spring-cloud-netflix-hystrix-dashboard | ||
| 30 7월 2020 | CVE-2020-5414 | App Autoscaler logs credentials | ||
| 30 7월 2020 | CVE-2020-5396 | JMX Insecure Default Configuration in GemFire | ||
| 30 7월 2020 | MYSQL-SECURITY-UPDATES-OCT2019 | Various MySQL Security Updates from October 2019 | ||
| 30 7월 2020 | MYSQL-SECURITY-UPDATES-JUL2019 | Various MySQL Security Updates from July 2019 | ||
| 30 7월 2020 | CVE-2019-11286 | JMX Credential Deserialization in GemFire | ||
| 23 7월 2020 | CVE-2020-5413 | Kryo Configuration Allows Code Execution with Unknown “Serialization Gadgets” | ||
| 16 7월 2020 | CVE-2020-15586 | Gorouter is vulnerable to DoS Attack via Expect 100-continue requests | ||
| 10 6월 2020 | CVE-2020-5411 | Jackson Configuration Allows Code Execution with Unknown “Serialization Gadgets” | ||
| 01 6월 2020 | CVE-2020-5410 | Directory Traversal with spring-cloud-config-server | ||
| 26 5월 2020 | CVE-2019-15605 | Node.js is vulnerable to request smuggling | ||
| 13 5월 2020 | CVE-2020-5409 | Concourse Open Redirect in the /sky/login endpoint | ||
| 07 5월 2020 | CVE-2020-5408 | Dictionary attack with Spring Security queryable text encryptor | ||
| 07 5월 2020 | CVE-2020-5407 | Signature Wrapping Vulnerability with spring-security-saml2-service-provider | ||
| 14 4월 2020 | CVE-2020-5402 | UAA fails to check the state parameter when authenticating with external IDPs | ||
| 09 4월 2020 | CVE-2020-5406 | PCF Autoscaling logs its database credentials | ||
| 06 4월 2020 | CVE-2019-11282 | UAA is vulnerable to a Blind SCIM injection leading to information disclosure | ||
| 06 4월 2020 | CVE-2020-5400 | Cloud Controller logs environment variables from app manifests | ||
| 04 3월 2020 | VARIOUS-JACKSON-CVES-UAA | Various CVEs UAA consumes vulnerable versions of FasterXML jackson-databind | ||
| 04 3월 2020 | CVE-2019-11290 | UAA logs query parameters in tomcat access file | ||
| 03 3월 2020 | CVE-2019-11253 | PKS is vulnerable to a YAML/JSON parsing "Billion Laughs" Attack | ||
| 27 2월 2020 | CVE-2020-5403 | DoS Via Malformed URL with Reactor Netty HTTP Server | ||
| 27 2월 2020 | CVE-2020-5404 | Authentication Leak On Redirect With Reactor Netty HttpClient | ||
| 26 2월 2020 | CVE-2020-5405 | Directory Traversal with spring-cloud-config-server | ||
| 24 2월 2020 | CVE-2020-5401 | GoRouter is vulnerable to a cache poisoning DoS | ||
| 12 2월 2020 | CVE-2020-5399 | CredHub does not properly enable TLS for MySQL database connections | ||
| 11 2월 2020 | CVE-2019-19604 | Git submodule loading vulnerability | ||
| 16 1월 2020 | CVE-2020-5397 | CSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFlux | ||
| 16 1월 2020 | CVE-2020-5398 | RFD Attack via “Content-Disposition” Header Sourced from Request Input by Spring MVC or Spring WebFlux Application | ||
| 15 1월 2020 | CVE-2019-11288 | tc Server JMX Socket Listener Registry Rebinding Local Privilege Escalation | ||
| 10 1월 2020 | CVE-2019-18802 | CVE-2019-18801, CVE-2019-18838, MySQL for Pivotal Platform consumes a vulnerable version of Envoy | ||
| 08 1월 2020 | CVE-2019-11292 | Ops Manager logs query parameters in tomcat access file | ||
| 04 12월 2019 | CVE-2019-19029 | SQL Injection via user-groups in VMware Harbor Container Registry for Pivotal Platform | ||
| 04 12월 2019 | CVE-2019-19023 | Privilege Escalation Vulnerability in VMware Harbor Container Registry for Pivotal Platform | ||
| 04 12월 2019 | CVE-2019-19026 | SQL Injection via project quotas in VMware Harbor Container Registry for Pivotal Platform | ||
| 04 12월 2019 | CVE-2019-3990 | User Enumeration Flaw in VMware Harbor Container Registry for Pivotal Platform | ||
| 04 12월 2019 | CVE-2019-19025 | Cross-Site Request Forgery Vulnerability in VMware Harbor Container Registry for Pivotal Platform | ||
| 04 12월 2019 | CVE-2019-9517 | CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9518, CVE-2019-9511, CVE-2019-9516, Some Pivotal products are impacted by HTTP/2 denial of service attacks | ||
| 03 12월 2019 | CVE-2019-11293 | UAA logs all query parameters with debug logging level | ||
| 22 11월 2019 | CVE-2019-11291 | RabbitMQ XSS attack via federation and shovel endpoints | ||
| 22 11월 2019 | CVE-2019-11287 | RabbitMQ Web Management Plugin DoS via heap overflow | ||
| 18 11월 2019 | CVE-2019-11289 | A forged route service request using an invalid nonce can cause the gorouter to panic and crash | ||
| 06 11월 2019 | CVE-2019-9893 | libseccomp incorrectly generate 64-bit syscall argument comparisons | ||
| 28 10월 2019 | CVE-2019-16869 | Reactor Netty Consumes a Vulnerable Version of Netty | ||
| 24 10월 2019 | CVE-2019-11249 | PKS consumes a vulnerable version of kubectl | ||
| 23 10월 2019 | CVE-2019-11283 | Password leak in smbdriver logs | ||
| 17 10월 2019 | CVE-2019-16919 | Broken access control vulnerability in Harbor API | ||
| 15 10월 2019 | CVE-2019-11278 | Privilege Escalation via Blind SCIM Injection in UAA | ||
| 15 10월 2019 | CVE-2019-11279 | Privilege Escalation via Scope Manipulation in UAA | ||
| 15 10월 2019 | CVE-2019-11247 | Kubernetes API Server Vulnerability | ||
| 15 10월 2019 | CVE-2018-15664 | Docker Symlink Directory Traversal Vulnerability | ||
| 15 10월 2019 | CVE-2019-13139 | Docker build code execution | ||
| 14 10월 2019 | CVE-2019-11281 | RabbitMQ XSS attack | ||
| 11 10월 2019 | CVE-2019-11284 | Reactor Netty authentication leak in redirects | ||
| 25 9월 2019 | CVE-2019-11275 | CSV Injection in usage report downloaded from Pivotal Application Manager | ||
| 23 9월 2019 | CVE-2019-11277 | Volume Services is vulnerable to an LDAP injection attack | ||
| 19 9월 2019 | CVE-2019-11280 | Privilege escalation through the invitations service | ||
| 20 8월 2019 | CVE-2019-3775 | UAA allows users to modify their own email address | ||
| 20 8월 2019 | CVE-2019-3788 | UAA redirect-uri allows wildcards in the subdomain | ||
| 20 8월 2018 | CVE-2019-3787 | UAA defaults email address to an insecure domain | ||
| 20 8월 2019 | CVE-2019-10164 | Critical Security Issue in PostgreSQL | ||
| 19 8월 2019 | CVE-2019-11276 | Apps Manager sends tokens to Spring apps via HTTP | ||
| 15 8월 2019 | CVE-2017-15694 | Pivotal GemFire and Cloud Cache consume vulnerable versions of Apache Geode | ||
| 14 8월 2019 | CVE-2019-13232 | ClamAV Add-on for PCF consumes a vulnerable version of ClamAV | ||
| 01 8월 2019 | CVE-2019-11270 | UAA clients.write vulnerability | ||
| 25 7월 2019 | CVE-2019-3800 | CF CLI writes the client id and secret to config file | ||
| 25 7월 2019 | CVE-2019-3781 | CF CLI does not sanitize user's password in verbose/trace/debug | ||
| 23 7월 2019 | CVE-2019-11273 | PKS Telemetry logs credentials | ||
| 22 7월 2019 | VARIOUS-SQL | Various MySQL Security Updates from July 2018 through January 2019 | ||
| 22 7월 2019 | USN-4017-1 | Linux kernel vulnerabilities | ||
| 18 7월 2019 | CVE-2019-3786 | BBR could run arbitrary scripts on deployment VMs | ||
| 28 6월 2019 | CVE-2019-11271 | Bosh Deployment logs leak sensitive information | ||
| 19 6월 2019 | CVE-2019-11272 | PlaintextPasswordEncoder authenticates encoded passwords that are null | ||
| 30 5월 2019 | CVE-2019-5021 | Tile generator affected by insecure default password | ||
| 30 5월 2019 | CVE-2019-11269 | Open Redirector in spring-security-oauth2 | ||
| 24 5월 2019 | CVE-2019-3790 | Ops Manager uaa client issues tokens after refresh token expiration | ||
| 13 5월 2019 | CVE-2019-3802 | Additional information exposure with Spring Data JPA example matcher | ||
| 25 4월 2019 | CVE-2019-3801 | Java Projects using HTTP to fetch dependencies | ||
| 24 4월 2019 | CVE-2019-3798 | Escalation of Privileges in Cloud Controller | ||
| 24 4월 2019 | CVE-2019-3789 | Gorouter allows space developer to hijack route services hosted outside the platform | ||
| 16 4월 2019 | CVE-2019-3799 | Directory Traversal with spring-cloud-config-server | ||
| 12 4월 2019 | CVE-2019-3793 | Invitations Service supports HTTP connections | ||
| 08 4월 2019 | CVE-2019-3797 | Additional information exposure with Spring Data JPA derived queries | ||
| 04 4월 2019 | CVE-2019-3795 | Insecure Randomness When Using a SecureRandom Instance Constructed by Spring Security | ||
| 01 4월 2019 | CVE-2019-9946 | Kubernetes affecting certain network configurations with CNI | ||
| 01 4월 2019 | CVE-2019-1002100 | Kubernetes API Server Patch Request Consumes Excess Resource Cause Denial of Service | ||
| 01 4월 2019 | CVE-2019-1002101 | Kubernetes kubectl - potential directory traversal | ||
| 25 3월 2019 | CVE-2019-3792 | Concourse 5.0.0 SQL Injection vulnerability | ||
| 07 3월 2019 | CVE-2019-8331 | Bootstrap XSS | ||
| 28 2월 2019 | CVE-2018-15754 | UAA issues tokens across identity providers if users with matching usernames exist | ||
| 26 2월 2019 | CVE-2019-3777 | Apps Manager unverified SSL certs in Cloud Controller proxy | ||
| 21 2월 2019 | CVE-2019-3778 | Open Redirector in spring-security-oauth2 | ||
| 19 2월 2019 | CVE-2019-3776 | Reflected XSS in Pivotal Operations Manager | ||
| 14 2월 2019 | CVE-2019-3780 | Cloud Foundry Container Runtime Leaks IAAS Credentials | ||
| 14 2월 2019 | CVE-2019-3779 | Pivotal Container Service allows a user to bypass security policy when talking to ETCD | ||
| 14 1월 2019 | CVE-2019-3772 | XML External Entity Injection (XXE) | ||
| 14 1월 2019 | CVE-2019-3773 | XML External Entity Injection (XXE) | ||
| 14 1월 2019 | CVE-2019-3774 | XML External Entity Injection (XXE) | ||
| 08 1월 2019 | KUBERNETES-API-SERVER | Kubernetes API Server acts as proxy for internal and external IPs | ||
| 08 1월 2019 | CVE-2019-3803 | Concourse includes token in CLI authentication callback | ||
| 04 1월 2019 | CVE-2018-18264 | Kubernetes Dashboard TLS Certificate Leak | ||
| 18 12월 2018 | CVE-2018-15801 | Authorization Bypass During JWT Issuer Validation with spring-security | ||
| 13 12월 2018 | CVE-2018-15798 | Pivotal Concourse allows malicious redirect urls on login | ||
| 05 12월 2018 | CVE-2018-1279 | RabbitMQ cluster compromise due to deterministically generated cookie | ||
| 15 11월 2018 | CVE-2018-15759 | On Demand Services SDK Timing Attack Vulnerability | ||
| 09 11월 2018 | CVE-2018-15795 | CredHub Service Broker uses guessable client secret | ||
| 29 10월 2018 | CVE-2018-15762 | Pivotal Operations Manager gives all users heightened privileges | ||
| 16 10월 2018 | CVE-2018-15758 | Privilege Escalation in spring-security-oauth2 | ||
| 16 10월 2018 | CVE-2018-15756 | DoS Attack via Range Requests | ||
| 10 10월 2018 | CVE-2018-11084 | Garden-runC prevents deletion of some app environments | ||
| 10 10월 2018 | CVE-2018-15755 | CF networking internal policy server SQL injection | ||
| 03 10월 2018 | CVE-2018-11083 | BOSH accepts refresh token as access token | ||
| 02 10월 2018 | CVE-2018-15763 | PKS leaks IaaS credentials to application logs | ||
| 27 9월 2018 | CVE-2018-11081 | Ops Manager writes UAA credentials to disk | ||
| 13 9월 2018 | CVE-2018-1198 | PCC bosh deployment logs print a superuser password in plain text | ||
| 13 9월 2018 | CVE-2018-11088 | CF admin credentials accessible to developers through Applications Manager | ||
| 13 9월 2018 | CVE-2018-11086 | CF admin credentials accessible to developers through usage service | ||
| 11 9월 2018 | CVE-2018-11087 | RabbitMQ (Spring-AMQP) Host name verification | ||
| 23 7월 2018 | CVE-2018-11044 | Apps Manager allows unescaped content in invitation emails | ||
| 10 7월 2018 | CVE-2018-11045 | Operations Manager image contains static LRNG seed file | ||
| 20 6월 2018 | CVE-2018-11046 | Operations Manager includes outdated NGINX packages | ||
| 14 6월 2018 | CVE-2018-11040 | JSONP enabled by default in MappingJackson2JsonView | ||
| 14 6월 2018 | CVE-2018-11039 | Cross Site Tracing (XST) with Spring Framework | ||
| 11 5월 2018 | CVE-2018-1263 | Unsafe Unzip with spring-integration-zip | ||
| 10 5월 2018 | CVE-2018-1278 | Apps Manager allows unauthorized org invitations | ||
| 09 5월 2018 | CVE-2018-1261 | Unsafe Unzip with spring-integration-zip | ||
| 09 5월 2018 | CVE-2018-1260 | Remote Code Execution with spring-security-oauth2 | ||
| 09 5월 2018 | CVE-2018-1259 | XXE with Spring Data’s XMLBeam integration | ||
| 09 5월 2018 | CVE-2018-1258 | Unauthorized Access with Spring Security Method Security | ||
| 09 5월 2018 | CVE-2018-1257 | ReDoS Attack with spring-messaging | ||
| 07 5월 2018 | CVE-2018-1280 | Blind SQL injection in Pivotal Greenplum Command Center | ||
| 30 4월 2018 | CVE-2018-1256 | Issuer validation regression in Spring Cloud SSO Connector | ||
| 10 4월 2018 | CVE-2018-1274 | Denial of Service with Spring Data | ||
| 10 4월 2018 | CVE-2018-1273 | RCE with Spring Data Commons | ||
| 09 4월 2018 | CVE-2018-1275 | Address partial fix for CVE-2018-1270 | ||
| 05 4월 2018 | CVE-2018-1272 | Multipart Content Pollution with Spring Framework | ||
| 05 4월 2018 | CVE-2018-1271 | Directory Traversal with Spring MVC on Windows | ||
| 05 4월 2018 | CVE-2018-1270 | Remote Code Execution with spring-messaging | ||
| 16 3월 2018 | CVE-2018-1230 | Spring Batch Admin vulnerable to Cross Site Request Forgery | ||
| 16 3월 2018 | CVE-2018-1229 | Stored XSS in file upload of Spring Batch Admin | ||
| 13 2월 2018 | CVE-2018-1200 | Apps Manager File Access Vulnerability | ||
| 30 1월 2018 | CVE-2018-1196 | Symlink privilege escalation attack via Spring Boot launch script | ||
| 29 1월 2018 | CVE-2018-1199 | Security bypass with static resources | ||
| 16 10월 2017 | CVE-2017-8028 | Spring-LDAP authentication with userSearch and STARTTLS allows authentication with arbitrary password | ||
| 21 9월 2017 | CVE-2017-8046 | RCE in PATCH requests in Spring Data REST | ||
| 19 9월 2017 | CVE-2017-8045 | Remote code execution in spring-amqp | ||
| 15 9월 2017 | CVE-2017-8039 | Data Binding Expression Vulnerability in Spring Web Flow | ||
| 31 8월 2017 | CVE-2017-8044 | XSS vulnerability in Single Sign-On for PCF via DOM-based query parameters | ||
| 31 8월 2017 | CVE-2017-8041 | XSS vulnerability in org name in Single Sign-On for PCF | ||
| 31 8월 2017 | CVE-2017-8040 | XXE Vulnerability in Single Sign-On for PCF | ||
| 08 6월 2017 | CVE-2017-4995 | Jackson Configuration Allows Code Execution with Unknown “Serialization Gadgets” | ||
| 31 5월 2017 | CVE-2017-4971 | Data Binding Expression Vulnerability in Spring Web Flow | ||
| 15 5월 2017 | CVE-2017-4975 | Tile generator sets open security groups | ||
| 04 5월 2017 | CVE-2017-4966 | RabbitMQ local storage of credentials | ||
| 04 5월 2017 | CVE-2017-4965 | XSS vulnerabilities in RabbitMQ management UI | ||
| 27 3월 2017 | CVE-2017-2773 | Unauthenticated JWT signing algorithm in multiple components | ||
| 24 3월 2017 | CVE-2017-4955 | Credentials in Elastic Runtime Notifications errand log | ||
| 14 2월 2017 | CVE-2017-4959 | Pivotal Cloud Foundry account authorization vulnerability | ||
| 09 2월 2017 | CVE-2016-9880 | Unauthenticated access to GemFire for PCF broker endpoints | ||
| 04 1월 2017 | CVE-2016-9885 | gfsh exposed over go router for GemFire for PCF | ||
| 28 12월 2016 | CVE-2016-9879 | Encoded "/" in path variables | ||
| 28 12월 2016 | CVE-2016-0898 | Service backups log AWS key | ||
| 21 12월 2016 | CVE-2016-9878 | Directory Traversal in the Spring Framework ResourceServlet | ||
| 19 12월 2016 | CVE-2016-9877 | RabbitMQ authentication vulnerability | ||
| 31 10월 2016 | CVE-2016-6657 | PCF Open Redirects | ||
| 31 10월 2016 | CVE-2016-6656 | Code injection vulnerability via GPHDFS in Greenplum database | ||
| 30 9월 2016 | CVE-2016-6652 | Spring Data JPA Blind SQL Injection Vulnerability | ||
| 12 9월 2016 | CVE-2016-0930 | Ops Manager Compilation VMs Vulnerability on vSphere and vCloud | ||
| 27 7월 2016 | CVE-2016-0896 | IaaS Metadata Endpoint Accessible from Application Containers | ||
| 15 7월 2016 | CVE-2016-0929 | RabbitMQ for PCF vulnerability | ||
| 07 7월 2016 | CVE-2016-5007 | Spring Security / MVC Path Matching Inconsistency | ||
| 07 7월 2016 | CVE-2016-0926 | Apps Manager XSS vulnerability | ||
| 05 7월 2016 | CVE-2016-4977 | Remote Code Execution (RCE) in Spring Security OAuth | ||
| 29 6월 2016 | CVE-2016-0928 | PCF Open Redirects | ||
| 24 6월 2016 | CVE-2016-0897 | Ops Manager vSphere and vCloud vulnerability | ||
| 23 6월 2016 | CVE-2016-0927 | Ops Manager XSS vulnerability | ||
| 11 4월 2016 | CVE-2016-2173 | Remote Code Execution in Spring AMQP | ||
| 23 3월 2016 | CVE-2016-0780 | Cloud Controller Disk Quota Enforcement | ||
| 23 3월 2016 | CVE-2016-2165 | Loggregator Request URL Paths | ||
| 23 3월 2016 | CVE-2016-0781 | UAA Persistent XSS Vulnerability | ||
| 03 2월 2016 | CVE-2016-0883 | Pivotal Ops Manager Weak Authentication Scheme | ||
| 12 11월 2015 | CVE-2015-5258 | Spring Social CSRF | ||
| 15 10월 2015 | CVE-2015-5211 | RFD Attack in Spring Framework | ||
| 30 6월 2015 | CVE-2015-3192 | DoS Attack with XML Input | ||
| 06 3월 2015 | CVE-2015-0201 | Insufficiently random session id in Java SockJS client | ||
| 13 1월 2015 | CVE-2014-3626 | Directory Traversal in Grails Resources Plugin | ||
| 11 11월 2014 | CVE-2014-3625 | Directory Traversal in Spring Framework | ||
| 05 9월 2014 | CVE-2014-3578 | Directory Traversal in Spring Framework | ||
| 15 8월 2014 | CVE-2014-3527 | Access Control Bypass in Spring Security | ||
| 28 5월 2014 | CVE-2014-0225 | Information Disclosure when using Spring MVC | ||
| 11 3월 2014 | CVE-2014-1904 | XSS when using Spring MVC | ||
| 11 3월 2014 | CVE-2014-0097 | Blank password may bypass user authentication | ||
| 11 3월 2014 | CVE-2014-0054 | Incomplete fix for CVE-2013-7315 / CVE-2013-6429 (XXE) | ||
| 19 2월 2014 | CVE-2014-0053 | Information Disclosure when using Grails | ||
| 14 1월 2014 | CVE-2013-6430 | Possible XSS when using Spring MVC | ||
| 14 1월 2014 | CVE-2013-6429 | Incomplete fix for CVE-2013-7315 (XXE) | ||
| 22 8월 2013 | CVE-2013-7315 | XML External Entity (XXE) injection in Spring Framework | ||
| 22 8월 2013 | CVE-2013-4152 | XML eXternal Entity (XXE) injection in Spring Framework |
Notable Vulnerabilities in Dependencies
| Date | CVE Reference | Description | ||
|---|---|---|---|---|
| 13 9월 2021 | USN-5021-1 | curl vulnerabilities | ||
| 13 9월 2021 | USN-5020-1 | Ruby vulnerabilities | ||
| 13 9월 2021 | USN-5013-1 | systemd vulnerabilities | ||
| 13 9월 2021 | USN-5005-1 | DjVuLibre vulnerability | ||
| 13 9월 2021 | USN-4996-1 | OpenEXR vulnerabilities | ||
| 13 9월 2021 | USN-4990-1 | Nettle vulnerabilities | ||
| 13 9월 2021 | USN-4988-1 | ImageMagick vulnerabilities | ||
| 13 9월 2021 | USN-4971-1 | libwebp vulnerabilities | ||
| 13 9월 2021 | USN-4969-1 | DHCP vulnerability | ||
| 13 9월 2021 | USN-4968-1 | LZ4 vulnerability | ||
| 13 9월 2021 | USN-4966-1 | libx11 vulnerability | ||
| 13 9월 2021 | USN-4900-1 | OpenEXR vulnerabilities | ||
| 13 9월 2021 | USN-4891-1 | OpenSSL vulnerability | ||
| 13 9월 2021 | USN-4890-1 | Linux kernel vulnerabilities | ||
| 13 9월 2021 | USN-4883-1 | Linux kernel vulnerabilities | ||
| 13 9월 2021 | USN-4882-1 | Ruby vulnerabilities | ||
| 13 9월 2021 | USN-4877-1 | Linux kernel vulnerabilities | ||
| 13 9월 2021 | USN-4764-1 | GLib vulnerability | ||
| 13 9월 2021 | USN-4761-1 | Git vulnerability | ||
| 13 9월 2021 | USN-4760-1 | libzstd vulnerabilities | ||
| 13 9월 2021 | USN-4759-1 | GLib vulnerabilities | ||
| 13 9월 2021 | USN-4719-1 | ca-certificates update | ||
| 15 6월 2021 | USN-4922-1 | Ruby vulnerability | ||
| 15 6월 2021 | USN-4938-1 | Unbound vulnerabilities | ||
| 15 6월 2021 | USN-4957-1 | DjVuLibre vulnerabilities | ||
| 15 6월 2021 | USN-4966-2 | libx11 vulnerability | ||
| 15 6월 2021 | USN-4967-2 | nginx vulnerability | ||
| 16 4월 2021 | USN-4755-1 | LibTIFF vulnerabilities | ||
| 16 4월 2021 | USN-4754-4 | Python 2.7 vulnerability | ||
| 16 4월 2021 | USN-4754-2 | Python regression | ||
| 16 4월 2021 | USN-4754-1 | Python vulnerabilities | ||
| 16 4월 2021 | USN-4749-1 | Linux kernel vulnerabilities | ||
| 16 4월 2021 | USN-4738-1 | OpenSSL vulnerabilities | ||
| 01 3월 2021 | USN-4705-1 | Sudo vulnerabilities | ||
| 01 3월 2021 | USN-4700-1 | PyXDG vulnerability | ||
| 01 3월 2021 | USN-4694-1 | Linux kernel vulnerability | ||
| 01 3월 2021 | USN-4692-1 | tar vulnerabilities | ||
| 01 3월 2021 | USN-4680-1 | Linux kernel vulnerabilities | ||
| 01 3월 2021 | USN-4677-1 | p11-kit vulnerabilities | ||
| 01 3월 2021 | USN-4676-1 | OpenEXR vulnerabilities | ||
| 01 3월 2021 | USN-4673-1 | libproxy vulnerability | ||
| 01 3월 2021 | USN-4668-3 | python-apt regression | ||
| 01 3월 2021 | USN-4489-1 | Linux kernel vulnerability | ||
| 13 1월 2021 | USN-4662-1 | OpenSSL vulnerability | ||
| 13 1월 2021 | USN-4660-1 | Linux kernel vulnerabilities | ||
| 13 1월 2021 | USN-4635-1 | Kerberos vulnerability | ||
| 13 1월 2021 | USN-4628-2 | Intel Microcode regression | ||
| 13 1월 2021 | USN-4628-1 | Intel Microcode vulnerabilities | ||
| 11 12월 2020 | USN-4633-1 | PostgreSQL vulnerabilities | ||
| 11 12월 2020 | USN-4613-1 | python-cryptography vulnerability | ||
| 11 12월 2020 | USN-4428-1 | Python vulnerabilities | ||
| 11 12월 2020 | USN-4416-1 | GNU C Library vulnerabilities | ||
| 11 12월 2020 | USN-4360-2 | json-c regression | ||
| 11 12월 2020 | USN-4360-1 | json-c vulnerability | ||
| 11 12월 2020 | USN-4359-1 | APT vulnerability | ||
| 11 12월 2020 | USN-4309-1 | Vim vulnerabilities | ||
| 20 11월 2020 | USN-4593-1 | FreeType vulnerability | ||
| 20 11월 2020 | USN-4591-1 | Linux kernel vulnerabilities | ||
| 20 11월 2020 | USN-4582-1 | Vim vulnerabilities | ||
| 20 11월 2020 | USN-4581-1 | Python vulnerability | ||
| 20 11월 2020 | USN-4578-1 | Linux kernel vulnerabilities | ||
| 20 11월 2020 | USN-4526-1 | Linux kernel vulnerabilities | ||
| 24 9월 2020 | USN-4466-1 | curl vulnerability | ||
| 24 9월 2020 | USN-4457-1 | Software Properties vulnerability | ||
| 28 8월 2020 | USN-4414-1 | Linux kernel vulnerabilities | ||
| 28 8월 2020 | USN-4402-1 | curl vulnerabilities | ||
| 28 8월 2020 | USN-4398-1 | DBus vulnerability | ||
| 30 7월 2020 | USN-4394-1 | SQLite vulnerabilities | ||
| 30 7월 2020 | USN-4390-1 | Linux kernel vulnerabilities | ||
| 30 7월 2020 | USN-4385-2 | Intel Microcode regression | ||
| 30 7월 2020 | USN-4385-1 | Intel Microcode vulnerabilities | ||
| 30 7월 2020 | USN-4377-1 | ca-certificates update | ||
| 30 7월 2020 | USN-4376-1 | OpenSSL vulnerabilities | ||
| 30 7월 2020 | USN-4360-4 | json-c vulnerability | ||
| 30 7월 2020 | USN-3911-2 | file regression | ||
| 14 5월 2020 | USN-4318-1 | Linux kernel vulnerabilities | ||
| 28 4월 2020 | USN-4345-1 | Linux kernel vulnerabilities | ||
| 23 4월 2020 | USN-4305-1 | ICU vulnerability | ||
| 23 4월 2020 | USN-4302-1 | Linux kernel vulnerabilities | ||
| 23 4월 2020 | USN-4298-1 | SQLite vulnerabilities | ||
| 21 4월 2020 | USN-4333-1 | Python vulnerabilities | ||
| 08 4월 2020 | USN-4292-1 | rsync vulnerabilities | ||
| 02 3월 2020 | USN-4293-1 | libarchive vulnerabilities | ||
| 18 2월 2020 | USN-4287-1 | Linux kernel vulnerabilities | ||
| 10 2월 2020 | USN-4274-1 | libxml2 vulnerabilities | ||
| 05 2월 2020 | USN-4269-1 | systemd vulnerabilities | ||
| 03 2월 2020 | USN-4263-1 | Sudo vulnerability | ||
| 28 1월 2020 | USN-4255-2 | Linux kernel (HWE) vulnerabilities | ||
| 28 1월 2020 | USN-4256-1 | Cyrus SASL vulnerability | ||
| 27 1월 2020 | USN-4252-1 | tcpdump vulnerabilities | ||
| 23 1월 2020 | USN-4233-2 | GnuTLS update | ||
| 23 1월 2020 | USN-4249-1 | e2fsprogs vulnerability | ||
| 22 1월 2020 | USN-4247-1 | python-apt vulnerabilities | ||
| 22 1월 2020 | USN-4247-2 | python-apt regression | ||
| 22 1월 2020 | USN-4246-1 | zlib vulnerabilities | ||
| 20 1월 2020 | USN-4242-1 | Sysstat vulnerabilities | ||
| 20 1월 2020 | USN-4243-1 | libbsd vulnerabilities | ||
| 19 1월 2020 | CVE-2020-0601 | Windows Stemcells vulnerable to Windows CryptoAPI Spoofing Vulnerability | ||
| 15 1월 2020 | USN-4205-1 | SQLite vulnerabilities | ||
| 15 1월 2020 | USN-4215-1 | NSS vulnerability | ||
| 15 1월 2020 | USN-4182-3 | Intel Microcode regression | ||
| 15 1월 2020 | USN-4220-1 | Git vulnerabilities | ||
| 15 1월 2020 | USN-4210-1 | Linux kernel vulnerabilities | ||
| 14 1월 2020 | USN-4236-2 | Libgcrypt vulnerability | ||
| 13 1월 2020 | USN-4235-1 | nginx vulnerability | ||
| 09 1월 2020 | USN-4233-1 | GnuTLS update | ||
| 08 1월 2020 | USN-4231-1 | NSS vulnerability | ||
| 07 1월 2020 | USN-4227-1 | Linux kernel vulnerabilities | ||
| 18 12월 2019 | USN-4194-1 | postgresql-common vulnerability | ||
| 18 12월 2019 | USN-4185-1 | Linux kernel vulnerabilities | ||
| 18 12월 2019 | USN-4162-1 | Linux kernel vulnerabilities | ||
| 18 12월 2019 | USN-4191-1 | QEMU vulnerabilities | ||
| 18 12월 2019 | USN-4164-1 | Libxslt vulnerabilities | ||
| 18 12월 2019 | USN-4190-1 | libjpeg-turbo vulnerabilities | ||
| 18 12월 2019 | USN-4176-1 | GNU cpio vulnerability | ||
| 18 12월 2019 | USN-4172-1 | file vulnerability | ||
| 18 12월 2019 | USN-4203-1 | NSS vulnerability | ||
| 18 12월 2019 | USN-4169-1 | libarchive vulnerability | ||
| 18 12월 2019 | USN-4182-1 | Intel Microcode update | ||
| 18 12월 2019 | USN-4185-3 | Linux kernel vulnerability and regression | ||
| 18 12월 2019 | USN-4199-1 | libvpx vulnerabilities | ||
| 11 12월 2019 | USN-4221-1 | libpcap vulnerability | ||
| 25 11월 2019 | CVE-2019-15587 | Ops Manager contains a vulnerable Loofah gem | ||
| 14 11월 2019 | USN-4004-1 | Berkeley DB vulnerability | ||
| 14 11월 2019 | USN-4038-1 | bzip2 vulnerabilities | ||
| 14 11월 2019 | USN-3911-1 | file vulnerabilities | ||
| 14 11월 2019 | USN-4015-1 | DBus vulnerability | ||
| 14 11월 2019 | USN-4011-1 | Jinja2 vulnerabilities | ||
| 14 11월 2019 | USN-4008-2 | AppArmor update | ||
| 14 11월 2019 | USN-3999-1 | GnuTLS vulnerabilities | ||
| 14 11월 2019 | USN-3967-1 | FFmpeg vulnerabilities | ||
| 14 11월 2019 | USN-3990-1 | urllib3 vulnerabilities | ||
| 14 11월 2019 | USN-4040-1 | Expat vulnerability | ||
| 14 11월 2019 | USN-3885-2 | OpenSSH vulnerability | ||
| 14 11월 2019 | USN-3993-1 | curl vulnerabilities | ||
| 14 11월 2019 | USN-4012-1 | elfutils vulnerabilities | ||
| 14 11월 2019 | USN-3968-1 | Sudo vulnerabilities | ||
| 14 11월 2019 | USN-4016-1 | Vim vulnerabilities | ||
| 14 11월 2019 | USN-4019-1 | SQLite vulnerabilities | ||
| 06 11월 2019 | USN-4151-1 | Python vulnerabilities | ||
| 06 11월 2019 | USN-4144-1 | Linux kernel vulnerabilities | ||
| 06 11월 2019 | USN-4142-1 | e2fsprogs vulnerability | ||
| 06 11월 2019 | USN-4132-1 | Expat vulnerability | ||
| 06 11월 2019 | USN-4129-1 | curl vulnerabilities | ||
| 06 11월 2019 | USN-4127-1 | Python vulnerabilities | ||
| 06 11월 2019 | USN-4126-1 | FreeType vulnerability | ||
| 30 9월 2019 | USN-4135-1 | Linux kernel vulnerabilities | ||
| 30 9월 2019 | USN-4115-2 | Linux kernel regression | ||
| 30 9월 2019 | USN-4115-1 | Linux kernel vulnerabilities | ||
| 30 9월 2019 | USN-4094-1 | Linux kernel vulnerabilities | ||
| 30 9월 2019 | USN-4071-1 | Patch vulnerabilities | ||
| 30 9월 2019 | USN-4049-3 | GLib regression | ||
| 24 9월 2019 | CVE-2019-16097 | Harbor Privilege Escalation | ||
| 05 9월 2019 | USN-4099-1 | nginx vulnerabilities | ||
| 05 9월 2019 | USN-4090-1 | PostgreSQL vulnerabilities | ||
| 05 9월 2019 | USN-4068-2 | Linux kernel (HWE) vulnerabilities | ||
| 05 9월 2019 | USN-4060-1 | NSS vulnerabilities | ||
| 05 9월 2019 | USN-4058-1 | Bash vulnerability | ||
| 05 9월 2019 | USN-4049-1 | GLib vulnerability | ||
| 05 9월 2019 | USN-4038-3 | bzip2 regression | ||
| 06 8월 2019 | USN-4041-1 | Linux kernel update | ||
| 05 8월 2019 | USN-4014-1 | GLib vulnerability | ||
| 05 8월 2019 | USN-4001-1 | libseccomp vulnerability | ||
| 05 8월 2019 | USN-3977-3 | Intel Microcode update (AKA ZombieLoad Attack) | ||
| 19 6월 2019 | USN-3981-2 | Linux kernel (HWE) vulnerabilities (AKA ZombieLoad Attack) | ||
| 19 6월 2019 | USN-3977-2 | Intel Microcode update (AKA ZombieLoad Attack) | ||
| 19 6월 2019 | USN-3977-1 | Intel Microcode update (AKA ZombieLoad Attack) | ||
| 21 5월 2019 | USN-3972-1 | PostgreSQL vulnerabilities | ||
| 21 5월 2019 | USN-3962-1 | libpng vulnerability | ||
| 21 5월 2019 | USN-3960-1 | WavPack vulnerability | ||
| 21 5월 2019 | USN-3947-1 | Libxslt vulnerability | ||
| 21 5월 2019 | USN-3943-1 | Wget vulnerabilities | ||
| 21 5월 2019 | USN-3932-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 21 5월 2019 | USN-3931-2 | Linux kernel (HWE) vulnerabilities | ||
| 08 5월 2019 | USN-3935-1 | BusyBox vulnerabilities | ||
| 25 4월 2019 | USN-3945-1 | Ruby vulnerabilities | ||
| 25 4월 2019 | USN-3910-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 25 4월 2019 | USN-3906-1 | LibTIFF vulnerabilities | ||
| 25 4월 2019 | USN-3901-2 | Linux kernel (HWE) vulnerabilities | ||
| 25 4월 2019 | USN-3900-1 | GD vulnerabilities | ||
| 25 4월 2019 | USN-3899-1 | OpenSSL vulnerability | ||
| 25 4월 2019 | USN-3898-1 | NSS vulnerability | ||
| 25 4월 2019 | USN-3891-1 | systemd vulnerability | ||
| 25 4월 2019 | USN-3885-1 | OpenSSH vulnerabilities | ||
| 25 4월 2019 | USN-3884-1 | libarchive vulnerabilities | ||
| 25 4월 2019 | USN-3882-1 | curl vulnerabilities | ||
| 25 4월 2019 | USN-3879-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 25 4월 2019 | USN-3871-4 | Linux kernel (HWE) vulnerabilities | ||
| 25 4월 2019 | USN-3864-1 | LibTIFF vulnerabilities | ||
| 25 4월 2019 | USN-3859-1 | libarchive vulnerabilities | ||
| 25 4월 2019 | USN-3848-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 25 4월 2019 | USN-3847-2 | Linux kernel (HWE) vulnerabilities | ||
| 25 4월 2019 | USN-3840-1 | OpenSSL vulnerabilities | ||
| 25 4월 2019 | USN-3834-1 | Perl vulnerabilities | ||
| 25 4월 2019 | USN-3816-3 | systemd regression | ||
| 25 4월 2019 | USN-3855-1 | systemd vulnerabilities | ||
| 25 4월 2019 | USN-3863-1 | APT vulnerability | ||
| 13 2월 2019 | CVE-2019-5736 | runC container breakout | ||
| 06 2월 2019 | USN-3836-2 | Linux kernel (HWE) vulnerabilities | ||
| 06 2월 2019 | USN-3841-1 | lxml vulnerability | ||
| 06 2월 2019 | USN-3850-1 | NSS vulnerabilities | ||
| 03 1월 2019 | USN-3843-1 | pixman vulnerability | ||
| 03 1월 2019 | USN-3816-2 | systemd vulnerability | ||
| 03 1월 2019 | USN-3839-1 | WavPack vulnerabilities | ||
| 03 1월 2019 | USN-3829-1 | Git vulnerabilities | ||
| 14 12월 2018 | USN-3805-1 | curl vulnerabilities | ||
| 14 12월 2018 | USN-3809-1 | OpenSSH vulnerabilities | ||
| 14 12월 2018 | USN-3812-1 | nginx vulnerabilities | ||
| 14 12월 2018 | USN-3815-1 | gettext vulnerability | ||
| 14 12월 2018 | USN-3817-1 | Python vulnerabilities | ||
| 14 12월 2018 | USN-3821-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 12 12월 2018 | USN-3820-2 | Linux kernel (HWE) vulnerabilities | ||
| 12 12월 2018 | USN-3816-1 | systemd vulnerabilities | ||
| 12 12월 2018 | USN-3806-1 | systemd vulnerability | ||
| 12 12월 2018 | USN-3808-1 | Ruby vulnerabilities | ||
| 03 12월 2018 | CVE-2018-15797 | NFS Volume release errand leaks cf admin credentials in logs | ||
| 03 12월 2018 | CVE-2018-1002105 | Proxy request handling in kube-apiserver can leave vulnerable TCP connections | ||
| 28 11월 2018 | USN-3797-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 08 11월 2018 | USN-3800-1 | audiofile vulnerabilities | ||
| 08 11월 2018 | USN-3791-1 | Git vulnerability | ||
| 08 11월 2018 | USN-3786-1 | libxkbcommon vulnerabilities | ||
| 08 11월 2018 | USN-3785-1 | ImageMagick vulnerabilities | ||
| 06 11월 2018 | CVE-2018-15761 | UAA Privilege Escalation | ||
| 26 10월 2018 | USN-3790-1 | Requests vulnerability | ||
| 26 10월 2018 | USN-3777-2 | Linux kernel (HWE) vulnerabilities | ||
| 26 10월 2018 | USN-3762-2 | Linux kernel (HWE) vulnerabilities | ||
| 09 10월 2018 | USN-3752-2 | Linux kernel (HWE) vulnerabilities | ||
| 09 10월 2018 | USN-3765-1 | curl vulnerability | ||
| 09 10월 2018 | USN-3767-1 | GLib vulnerabilities | ||
| 09 10월 2018 | USN-3770-1 | Little CMS vulnerabilities | ||
| 27 9월 2018 | USN-3759-1 | libtirpc vulnerabilities | ||
| 27 9월 2018 | USN-3758-1 | libx11 vulnerabilities | ||
| 27 9월 2018 | USN-3756-1 | Intel Microcode vulnerabilities | ||
| 27 9월 2018 | USN-3755-1 | GD vulnerabilities | ||
| 27 9월 2018 | USN-3753-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 27 9월 2018 | USN-3744-1 | PostgreSQL vulnerabilities | ||
| 27 9월 2018 | USN-3741-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 27 9월 2018 | USN-3739-1 | libxml2 vulnerabilities | ||
| 27 9월 2018 | USN-3736-1 | libarchive vulnerabilities | ||
| 27 9월 2018 | USN-3733-1 | GnuPG vulnerability | ||
| 27 9월 2018 | USN-3729-1 | libxcursor vulnerability | ||
| 27 9월 2018 | USN-3712-1 | libpng vulnerabilities | ||
| 27 9월 2018 | USN-3696-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 27 9월 2018 | USN-3692-1 | OpenSSL vulnerabilities | ||
| 27 9월 2018 | USN-3690-2 | AMD Microcode regression | ||
| 27 9월 2018 | USN-3690-1 | AMD Microcode update | ||
| 27 9월 2018 | USN-3689-1 | Libgcrypt vulnerability | ||
| 27 9월 2018 | USN-3605-1 | Sharutils vulnerability | ||
| 27 9월 2018 | USN-3589-1 | PostgreSQL vulnerability | ||
| 27 9월 2018 | USN-3564-1 | PostgreSQL vulnerability | ||
| 27 9월 2018 | USN-3532-1 | GDK-PixBuf vulnerabilities | ||
| 27 9월 2018 | USN-3509-4 | Linux kernel (Xenial HWE) regression | ||
| 27 9월 2018 | USN-3352-1 | nginx vulnerability | ||
| 09 8월 2018 | CVE-2018-8037 | Apache Tomcat - NIO/NIO2 connectors user sessions can get mixed up | ||
| 09 8월 2018 | CVE-2018-1336 | Apache Tomcat - UTF-8 decoder can lead to DoS | ||
| 02 8월 2018 | USN-3711-1 | ImageMagick vulnerabilities | ||
| 02 8월 2018 | USN-3707-1 | NTP vulnerabilities | ||
| 02 8월 2018 | USN-3706-1 | libjpeg-turbo vulnerabilities | ||
| 23 7월 2018 | CVE-2018-11047 | UAA accepts refresh token as access token on admin endpoints | ||
| 20 7월 2018 | USN-3693-1 | JasPer vulnerabilities | ||
| 20 7월 2018 | USN-3686-1 | file vulnerabilities | ||
| 20 7월 2018 | USN-3684-1 | Perl vulnerability | ||
| 20 7월 2018 | USN-3681-1 | ImageMagick vulnerabilities | ||
| 20 7월 2018 | USN-3676-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 20 7월 2018 | USN-3675-1 | GnuPG vulnerabilities | ||
| 20 7월 2018 | USN-3658-1 | procps-ng vulnerabilities | ||
| 17 7월 2018 | CVE-2018-11041 | UAA open redirect | ||
| 16 7월 2018 | CVE-2018-1269 | Loggregator does not properly close some TCP connections | ||
| 16 7월 2018 | CVE-2018-1268 | Loggregator lacks app GUID validation | ||
| 19 6월 2018 | CVE-2018-1265 | Diego does not properly sanitize file paths in tar/zip files | ||
| 21 6월 2018 | USN-3671-1 | Git vulnerabilities | ||
| 21 6월 2018 | USN-3654-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 21 6월 2018 | USN-3648-1 | curl vulnerabilities | ||
| 14 6월 2018 | USN-3643-1 | Wget vulnerability | ||
| 14 6월 2018 | USN-3641-1 | Linux kernel vulnerabilities | ||
| 14 6월 2018 | USN-3631-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 14 6월 2018 | USN-3628-1 | OpenSSL vulnerability | ||
| 14 6월 2018 | USN-3625-1 | Perl vulnerabilities | ||
| 14 6월 2018 | USN-3624-1 | Patch vulnerabilities | ||
| 14 6월 2018 | USN-3622-1 | Wayland vulnerability | ||
| 21 5월 2018 | CVE-2018-1277 | Garden does not correctly enforce Docker image disc quotas | ||
| 21 5월 2018 | CVE-2018-1276 | Windows2012R2 stemcell exposes IaaS metadata on vSphere | ||
| 10 5월 2018 | MS-ISAC-2018-046 | MS-ISAC 2018-046 Multiple Vulnerabilities in PHP | ||
| 08 5월 2018 | CVE-2018-1191 | Garden may log Docker passwords | ||
| 02 5월 2018 | USN-3619-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 02 5월 2018 | USN-3611-1 | OpenSSL vulnerability | ||
| 02 5월 2018 | USN-3610-1 | ICU vulnerability | ||
| 02 5월 2018 | USN-3606-1 | LibTIFF vulnerabilities | ||
| 02 5월 2018 | USN-3604-1 | libvorbis vulnerabilities | ||
| 02 5월 2018 | USN-3602-1 | LibTIFF vulnerabilities | ||
| 02 5월 2018 | USN-3598-1 | curl vulnerabilities | ||
| 02 5월 2018 | USN-3586-1 | DHCP vulnerabilities | ||
| 02 5월 2018 | USN-3584-1 | sensible-utils vulnerability | ||
| 02 5월 2018 | USN-3569-1 | libvorbis vulnerabilities | ||
| 02 5월 2018 | USN-3554-1 | curl vulnerabilities | ||
| 02 5월 2018 | USN-3547-1 | Libtasn1 vulnerabilities | ||
| 02 5월 2018 | USN-3543-1 | rsync vulnerabilities | ||
| 02 5월 2018 | USN-3534-1 | GNU C Library vulnerabilities | ||
| 02 5월 2018 | USN-3506-1 | rsync vulnerabilities | ||
| 02 5월 2018 | USN-3501-1 | libxcursor vulnerability | ||
| 02 5월 2018 | USN-3346-2 | Bind regression | ||
| 30 4월 2018 | CVE-2018-1197 | GCP Metadata Endpoint Accessible from Application Containers on Windows | ||
| 05 4월 2018 | CVE-2018-1266 | Cloud Controller file modification via malicious application | ||
| 05 4월 2018 | CVE-2018-1231 | BOSH CLI does not restrict access to configuration file | ||
| 03 4월 2018 | USN-3582-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 28 3월 2018 | CVE-2018-1195 | Cloud Controller API will accept a refresh token for authentication | ||
| 28 3월 2018 | CVE-2018-1192 | UAA SessionID present in Audit Event Logs | ||
| 28 3월 2018 | CVE-2018-1190 | XSS on UAA OpenID Connect check session iframe endpoint | ||
| 09 3월 2018 | CVE-2018-1227 | Concourse-dot-ci Domain Issue | ||
| 27 2월 2018 | VU475445 | VU#475445 SAML Authentication Bypass | ||
| 27 2월 2018 | CVE-2018-1221 | Gorouter websocket handling vulnerability | ||
| 01 2월 2018 | USN-3540-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 01 2월 2018 | USN-3538-1 | OpenSSH vulnerabilities | ||
| 01 2월 2018 | USN-3535-1 | Bind vulnerability | ||
| 01 2월 2018 | USN-3522-4 | Linux (Xenial HWE) vulnerability | ||
| 01 2월 2018 | USN-3522-2 | Linux (Xenial HWE) vulnerability | ||
| 01 2월 2018 | USN-3513-1 | libxml2 vulnerability | ||
| 01 2월 2018 | USN-3504-1 | libxml2 vulnerability | ||
| 03 1월 2018 | Meltdown and Spectre Attacks | Meltdown and Spectre Attacks | ||
| 19 12월 2017 | CVE-2017-1000353 | Jenkins unauthenticated remote code execution | ||
| 15 12월 2017 | USN-3509-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 15 12월 2017 | USN-3505-1 | Linux firmware vulnerabilities | ||
| 15 12월 2017 | USN-3498-1 | curl vulnerabilities | ||
| 15 12월 2017 | USN-3496-3 | Python vulnerability | ||
| 15 12월 2017 | USN-3496-1 | Python vulnerability | ||
| 15 12월 2017 | USN-3489-1 | Berkeley DB vulnerability | ||
| 15 12월 2017 | USN-3485-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 15 12월 2017 | USN-3478-1 | Perl vulnerabilities | ||
| 15 12월 2017 | USN-3475-1 | OpenSSL vulnerabilities | ||
| 15 12월 2017 | USN-3469-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 15 12월 2017 | USN-3464-1 | Wget vulnerabilities | ||
| 15 12월 2017 | USN-3458-1 | ICU vulnerability | ||
| 15 12월 2017 | USN-3457-1 | curl vulnerability | ||
| 21 11월 2017 | USN-3454-1 | libffi vulnerability | ||
| 21 11월 2017 | USN-3444-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 21 11월 2017 | USN-3441-1 | curl vulnerabilities | ||
| 21 11월 2017 | USN-3437-1 | OCaml vulnerability | ||
| 21 11월 2017 | USN-3434-1 | Libidn vulnerability | ||
| 21 11월 2017 | USN-3432-1 | ca-certificates update | ||
| 21 11월 2017 | USN-3424-1 | libxml2 vulnerabilities | ||
| 21 11월 2017 | USN-3387-1 | Git vulnerability | ||
| 16 11월 2017 | CVE-2017-8031 | UAA Denial of Service through client token revocation endpoint | ||
| 15 11월 2017 | CVE-2017-14388 | GrootFS doesn’t validate DiffIDs | ||
| 11 10월 2017 | CVE-2017-8048 | Cloud Controller API regression | ||
| 10 10월 2017 | CVE-2017-8047 | Cloud Foundry router open redirect | ||
| 28 9월 2017 | USN-3420-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 28 9월 2017 | USN-3418-1 | GDK-PixBuf vulnerabilities | ||
| 28 9월 2017 | USN-3415-1 | tcpdump vulnerabilities | ||
| 28 9월 2017 | USN-3411-1 | Bazaar vulnerability | ||
| 28 9월 2017 | USN-3410-1 | GD library vulnerability | ||
| 28 9월 2017 | USN-3405-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 28 9월 2017 | USN-3398-1 | graphite2 vulnerabilities | ||
| 08 9월 2017 | CVE-2017-9805 | Apache Struts Remote Code Execution | ||
| 28 8월 2017 | USN-3392-2 | Linux kernel (Xenial HWE) regression | ||
| 21 8월 2017 | USN-3385-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 14 8월 2017 | USN-3378-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 14 8월 2017 | USN-3367-1 | gdb vulnerabilities | ||
| 14 8월 2017 | USN-3364-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 14 8월 2017 | USN-3363-2 | ImageMagick regression References | ||
| 14 8월 2017 | USN-3363-1 | ImageMagick vulnerabilities | ||
| 14 8월 2017 | USN-3356-1 | Expat vulnerability | ||
| 14 8월 2017 | USN-3353-1 | Heimdal vulnerability | ||
| 14 8월 2017 | USN-3349-1 | NTP vulnerabilities | ||
| 14 8월 2017 | USN-3347-1 | Libgcrypt vulnerabilities | ||
| 14 8월 2017 | USN-3346-1 | bind9 vulnerabilities | ||
| 14 8월 2017 | USN-3344-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 07 8월 2017 | CVE-2017-8037 | Incomplete fix for Cloud Controller API access to CC VM contents | ||
| 02 8월 2017 | CVE-2017-9022/CVE-2017-9023 | strongSwan DOS Vulnerabilities | ||
| 01 8월 2017 | CVE-2017-8038 | Credentials readable from CredHub endpoint | ||
| 25 7월 2017 | CVE-2017-8036 | Cloud Controller API regression | ||
| 25 7월 2017 | CVE-2017-8035 | Cloud Controller API access to CC VM contents | ||
| 25 7월 2017 | CVE-2017-8033 | Cloud Controller API filesystem traversal vulnerability | ||
| 24 7월 2017 | CVE-2017-8032 | UAA Identity Zone Admin Privilege Escalation | ||
| 05 7월 2017 | CVE-2017-7485 | PostgreSQL vulnerabilities | ||
| 26 6월 2017 | CVE-2017-5946 | Directory Traversal in Rubyzip | ||
| 26 6월 2017 | USN-3334-1 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 26 6월 2017 | USN-3323-1 | GNU C Library vulnerability | ||
| 26 6월 2017 | USN-3318-1 | GnuTLS vulnerabilities | ||
| 26 6월 2017 | USN-3312-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 26 6월 2017 | USN-3311-1 | libnl vulnerability | ||
| 26 6월 2017 | USN-3309-1 | Libtasn1 vulnerability | ||
| 26 6월 2017 | USN-3302-1 | ImageMagick vulnerabilities | ||
| 26 6월 2017 | USN-3212-2 | LibTIFF regression | ||
| 22 6월 2017 | USN-3304-1 | Sudo vulnerability | ||
| 08 6월 2017 | CVE-2017-4994 | Forwarded Headers in UAA | ||
| 08 6월 2017 | USN-3295-1 | JasPer vulnerabilities | ||
| 08 6월 2017 | USN-3294-1 | Bash vulnerabilities | ||
| 08 6월 2017 | USN-3291-3 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 08 6월 2017 | USN-3287-1 | Git vulnerability | ||
| 08 6월 2017 | USN-3283-1 | rtmpdump vulnerabilities | ||
| 08 6월 2017 | USN-3282-1 | FreeType vulnerabilities | ||
| 08 6월 2017 | USN-3276-2 | shadow regression | ||
| 08 6월 2017 | USN-3263-1 | FreeType vulnerability | ||
| 08 6월 2017 | USN-3259-1 | Bind vulnerabilities | ||
| 08 6월 2017 | USN-3246-1 | Eject vulnerability | ||
| 08 6월 2017 | USN-3181-1 | OpenSSL vulnerabilities | ||
| 19 5월 2017 | CVE-2017-4992 | Privilege escalation with user invitations | ||
| 19 5월 2017 | CVE-2017-4991 | UAA password reset vulnerability | ||
| 02 5월 2017 | USN-3265-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 01 5월 2017 | CVE-2017-4974 | Blind SQL Injection with privileged UAA endpoints | ||
| 20 4월 2017 | CVE-2015-3281 | HAProxy vulnerabilities | ||
| 20 4월 2017 | CVE-2017-4973 | Privilege Escalation in UAA | ||
| 20 4월 2017 | CVE-2017-4972 | Blind SQL Injection in UAA | ||
| 13 4월 2017 | CVE-2017-4969 | Bug in CC allows users to exceed quotas | ||
| 12 4월 2017 | USN-3256-2 | Linux kernel (HWE) vulnerability | ||
| 10 4월 2017 | CVE-2017-4970 | Staticfile buildpack ignores basic authentication when misconfigured | ||
| 06 4월 2017 | USN-3243-1 | Git vulnerability | ||
| 06 4월 2017 | USN-3241-1 | audiofile vulnerabilities | ||
| 06 4월 2017 | USN-3239-2 | GNU C Library Regression | ||
| 06 4월 2017 | USN-3237-1 | FreeType vulnerability | ||
| 06 4월 2017 | USN-3235-1 | libxml2 vulnerabilities | ||
| 06 4월 2017 | USN-3232-1 | ImageMagick vulnerabilities | ||
| 06 4월 2017 | USN-3227-1 | ICU vulnerabilities | ||
| 06 4월 2017 | USN-3225-1 | libarchive vulnerabilities | ||
| 06 4월 2017 | USN-3183-2 | GnuTLS vulnerability | ||
| 05 4월 2017 | CVE-2017-5649 | Apache Geode privilege escalation vulnerability | ||
| 04 4월 2017 | USN-3201-1 | Bind vulnerabilities | ||
| 04 4월 2017 | USN-3234-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 04 4월 2017 | USN-3228-1 | libevent vulnerabilities | ||
| 04 4월 2017 | USN-3247-1 | AppArmor vulnerability | ||
| 04 4월 2017 | USN-3249-2 | Linux kernel (Xenial HWE) vulnerability | ||
| 31 3월 2017 | USN-3222-1 | ImageMagick vulnerabilities | ||
| 31 3월 2017 | USN-3213-1 | GD library vulnerabilities | ||
| 31 3월 2017 | USN-3212-1 | LibTIFF vulnerabilities | ||
| 31 3월 2017 | USN-3205-1 | tcpdump vulnerabilities | ||
| 31 3월 2017 | USN-3142-2 | ImageMagick vulnerabilities | ||
| 29 3월 2017 | CVE-2017-4963 | Session Fixation for UAA External Authentication | ||
| 17 3월 2017 | USN-3196-1 | Multiple PHP vulnerabilities | ||
| 17 3월 2017 | USN-3185-1 | libXpm vulnerability | ||
| 17 3월 2017 | USN-3193-1 | Nettle vulnerability | ||
| 17 3월 2017 | USN-3183-1 | GnuTLS vulnerabilities | ||
| 14 3월 2017 | USN-3189-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 14 3월 2017 | CVE-2017-5638 | Apache Struts Remote Code Execution | ||
| 13 3월 2017 | USN-3220-2 | Linux kernel (Xenial HWE) vulnerability | ||
| 09 3월 2017 | CVE-2017-4960 | UAA OAuth DOS via lockout feature | ||
| 01 3월 2017 | USN-3208-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 31 1월 2017 | USN-3172-1 | Bind vulnerabilities | ||
| 31 1월 2017 | USN-3169-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 31 1월 2017 | USN-3161-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 23 1월 2017 | CVE-2016-6660 | Cloud Controller logs application environment variables | ||
| 19 1월 2017 | USN-3024-1 | tomcat6, tomcat7 vulnerabilities | ||
| 12 1월 2017 | RunC Exec | RunC Exec Vulnerability | ||
| 10 1월 2017 | CVE-2016-9882 | Cloud Foundry Logs Service Credentials | ||
| 29 12월 2016 | CVE-2016-3958 and CVE-2016-3959 | Golang vulnerabilities | ||
| 27 12월 2016 | USN-3146-2 | Linux kernel (Xenial HWE) vulnerabilities | ||
| 27 12월 2016 | USN-3128-2 | Linux kernel (Xenial HWE) vulnerability | ||
| 27 12월 2016 | USN-3142-1 | ImageMagick vulnerabilities | ||
| 19 12월 2016 | CVE-2016-8219 | Space Auditor can restage apps | ||
| 21 12월 2016 | Multiple CVEs | httpoxy vulnerabilities | ||
| 20 12월 2016 | USN-3156-1 | APT vulnerability | ||
| 19 12월 2016 | USN-3131-1 | ImageMagick vulnerabilities | ||
| 19 12월 2016 | USN-3067-1 | HarfBuzz vulnerabilities | ||
| 19 12월 2016 | USN-3117-1 | GD library vulnerabilities | ||
| 14 12월 2016 | USN-3132-1 | tar vulnerability | ||
| 14 12월 2016 | USN-3134-1 | Python vulnerabilities | ||
| 14 12월 2016 | USN-3139-1 | Vim vulnerability | ||
| 14 12월 2016 | CVE-2016-6659 | UAA Privilege Escalation | ||
| 14 12월 2016 | USN-3116-1 | DBus vulnerabilities | ||
| 14 12월 2016 | USN-3119-1 | Bind vulnerability | ||
| 13 12월 2016 | USN-3123-1 | curl vulnerabilities | ||
| 13 12월 2016 | USN-3088-1 | Bind vulnerability | ||
| 09 12월 2016 | CVE-2016-8218 | Unauthenticated JWT signing algorithm in routing | ||
| 07 12월 2016 | USN-3151-2 | Linux kernel (Xenial HWE) vulnerability | ||
| 17 11월 2016 | CVE-2016-6663/CVE-2016-6664 | MariaDB Root Privilege Escalation | ||
| 17 11월 2016 | Several | PCRE vulnerabilities prior to version 8.39 | ||
| 07 11월 2016 | USN-3096-1 | NTP vulnerabilities | ||
| 07 11월 2016 | USN-3095-1 | PHP vulnerabilities | ||
| 02 11월 2016 | CVE-2016-6658 | Incomplete fix for Credential Vulnerability for Custom Buildpacks | ||
| 21 10월 2016 | CVE-2016-5195 | Linux kernel vulnerability | ||
| 17 10월 2016 | CVE-2016-6655 | Utility Script Command Injection | ||
| 17 10월 2016 | USN-3099-2 | Linux kernel vulnerabilities | ||
| 29 9월 2016 | CVE-2016-6653 | MySQL Audit logs sent to Syslog | ||
| 28 9월 2016 | USN-3087-2 | OpenSSL Regression | ||
| 28 9월 2016 | USN-3083-1 | Linux kernel vulnerabilities | ||
| 28 9월 2016 | USN-3068-1 | Libidn vulnerabilities | ||
| 28 9월 2016 | CVE-2016-6662 | Multiple MySQL Vulnerabilities | ||
| 28 9월 2016 | USN-3085-1 | GDK-PixBuf vulnerabilities | ||
| 26 9월 2016 | CVE-2016-6651 | Privilege Escalation in UAA | ||
| 26 9월 2016 | CVE-2016-6636 | UAA Open Redirect Vulnerability for Subdomains | ||
| 26 9월 2016 | CVE-2016-6637 | UAA CSRF Vulnerability for OAuth Approvals | ||
| 21 9월 2016 | CVE-2014-9130 | LibYAML vulnerability | ||
| 09 9월 2016 | CVE-2016-6639 | PHP Buildpack exposes .profile file | ||
| 09 9월 2016 | USN-3045-1 | PHP vulnerabilities | ||
| 25 8월 2016 | USN-3065-1 | Libgcrypt vulnerability | ||
| 25 8월 2016 | USN-3064-1 | GnuPG vulnerability | ||
| 25 8월 2016 | USN-3063-1 | Fontconfig vulnerability | ||
| 25 8월 2016 | USN-3061-1 | OpenSSH vulnerability | ||
| 25 8월 2016 | USN-3030-1/USN-3060-1 | GD library vulnerability | ||
| 25 8월 2016 | USN-3053-1/USN-3037-1 | Linux kernel (Vivid HWE) vulnerability | ||
| 25 8월 2016 | USN-3048-1 | curl vulnerability | ||
| 25 8월 2016 | USN-3033-1 | libarchive vulnerability | ||
| 18 8월 2016 | CVE-2016-5016 | UAA accepts expired certificates | ||
| 26 7월 2016 | CVE-2016-5006 | Cloud Controller API logs user-provided service credentials | ||
| 13 7월 2016 | USN-3010-1 | Expat vulnerabilities | ||
| 13 7월 2016 | CVE-2016-4450 | Nginx Vulnerabilities | ||
| 13 7월 2016 | USN-3012-1 | Wget vulnerability | ||
| 01 7월 2016 | USN-3020-1 | Linux kernel (Vivid HWE) vulnerabilities | ||
| 30 6월 2016 | CVE-2016-4468 | UAA SQL Injection | ||
| 15 6월 2016 | USN-3001-1 | Linux kernel (Vivid HWE) vulnerabilities | ||
| 13 6월 2016 | CVE-2016-4435 | BOSH Agent Anonymous Endpoint | ||
| 13 6월 2016 | USN-2994-1 | libxml2 vulnerabilities | ||
| 13 6월 2016 | USN-2991-1 | nginx vulnerability | ||
| 13 6월 2016 | USN-2990-1 | ImageMagick vulnerability (a.k.a. ImageTragick) | ||
| 13 6월 2016 | USN-2987-1 | GD library vulnerabilities | ||
| 13 6월 2016 | USN-2985-2 | GNU C Library regression | ||
| 13 6월 2016 | USN-2983-1 | Expat vulnerability | ||
| 13 6월 2016 | USN-2981-1 | libarchive vulnerabilities | ||
| 13 6월 2016 | USN-2966-1 | OpenSSH vulnerabilities | ||
| 13 6월 2016 | USN-2961-1 | Little CMS vulnerability | ||
| 08 6월 2016 | CVE-2013-7456 | PHP vulnerabilities | ||
| 03 6월 2016 | USN-2970-1 | Linux kernel (Vivid HWE) vulnerabilities | ||
| 23 5월 2016 | CVE-2016-3084 | UAA Password Reset Vulnerability | ||
| 19 5월 2016 | USN-2977-1 | Linux kernel (Vivid HWE) vulnerabilities | ||
| 17 5월 2016 | CVE-2016-3091 | Diego log encoding vulnerability | ||
| 06 5월 2016 | USN-2959-1 | OpenSSL vulnerabilities | ||
| 06 5월 2016 | USN-2957-1 | Libtasn1 vulnerability | ||
| 06 5월 2016 | USN-2949-1 | Linux kernel (Vivid HWE) vulnerabilities | ||
| 06 5월 2016 | USN-2943-1 | PCRE vulnerabilities | ||
| 06 5월 2016 | USN-2935-2 | PAM regression | ||
| 02 5월 2016 | CVE-2015-5170-5173 | UAA Vulnerabilities | ||
| 14 4월 2016 | Badlock bug | Samba and Windows Vulnerabilities | ||
| 24 3월 2016 | USN-2939-1 | LibTIFF vulnerabilities | ||
| 24 3월 2016 | USN-2927-1 | Graphite2 vulnerabilities | ||
| 24 3월 2016 | USN-2925-1 | Bind9 vulnerabilities | ||
| 24 3월 2016 | USN-2919-1 | JasPer vulnerabilities | ||
| 24 3월 2016 | USN-2918-1 | Pixman vulnerabilities | ||
| 24 3월 2016 | USN-2916-1 | Perl vulnerabilities | ||
| 24 3월 2016 | USN-2914-1 | OpenSSL vulnerabilities | ||
| 24 3월 2016 | NPM Ownership Issue | Warning about NPM modules | ||
| 24 3월 2016 | USN-2938-1 | Git vulnerabilities | ||
| 16 3월 2016 | USN-2932-1 | Linux kernel vulnerabilities | ||
| 02 3월 2016 | CVE-2016-0800 | OpenSSL vulnerabilities | ||
| 26 2월 2016 | USN-2910-1 | Linux kernel vulnerability | ||
| 26 2월 2016 | CVE-2016-0761 | Docker Image Host Files Corruption | ||
| 19 2월 2016 | USN-2900-1 | GNU libc vulnerability | ||
| 02 2월 2016 | CVE-2016-0732 | Privilege Escalation | ||
| 01 2월 2016 | CVE-2016-0713 | Gorouter XSS | ||
| 22 1월 2016 | USN-2871-1 | Linux kernel vulnerability | ||
| 20 1월 2016 | CVE-2016-0715 | Remote Information Disclosure | ||
| 19 1월 2016 | USN-2865-1 | GnuTLS vulnerability | ||
| 19 1월 2016 | USN-2861-1 | libpng vulnerability | ||
| 19 1월 2016 | USN-2868-1 | DHCP vulnerability | ||
| 19 1월 2016 | USN-2869-1 | OpenSSH vulnerability | ||
| 18 1월 2016 | CVE-2016-0708 | Remote Information Disclosure | ||
| 07 1월 2016 | USN-2857-1 | Linux kernel vulnerability | ||
| 07 1월 2016 | USN-2842-1/USN-2842-2 | Linux kernel vulnerability | ||
| 07 1월 2016 | USN-2837-1 | bind9 vulnerability | ||
| 07 1월 2016 | USN-2836-1 | grub2 vulnerability | ||
| 07 1월 2016 | USN-2835-1 | git vulnerability | ||
| 07 1월 2016 | USN-2834-1 | libxml2 vulnerability | ||
| 07 1월 2016 | USN-2830-1 | OpenSSL vulnerability | ||
| 07 1월 2016 | USN-2829-1 | Linux kernel vulnerability | ||
| 15 12월 2015 | CVE-2015-5350 | Garden Nstar vulnerability | ||
| 04 12월 2015 | USN-2821-1 | GnuTLS vulnerability | ||
| 04 12월 2015 | USN-2820-1 | dpkg vulnerability | ||
| 02 12월 2015 | USN-2815-1 | PNG vulnerability | ||
| 02 12월 2015 | USN-2812-1 | libxml2 vulnerability | ||
| 02 12월 2015 | USN-2810-1 | Kerberos vulnerability | ||
| 02 12월 2015 | USN-2787-1 | audiofile vulnerability | ||
| 24 11월 2015 | USN-2788-1/2788-2 | unzip vulnerability | ||
| 12 11월 2015 | USN-2798-1 | Linux kernel vulnerability | ||
| 12 11월 2015 | USN-2806-1 | Linux kernel vulnerability | ||
| 03 11월 2015 | USN-2778-1 | Linux kernel vulnerabilities | ||
| 03 11월 2015 | USN-2767-1 | GDK-Pixbuf library vulnerability | ||
| 07 10월 2015 | Golang | Golang 1.4.3 CVE Fixes | ||
| 07 10월 2015 | USN-2722-1 | GDK-PixBuf Vulnerabilities | ||
| 07 10월 2015 | USN-2711-1 | Net-SNMP Vulnerabilities | ||
| 07 10월 2015 | USN-2739-1 | FreeType Vulnerabilities | ||
| 07 10월 2015 | USN-2740-1 | ICU Vulnerabilities | ||
| 07 10월 2015 | USN-2751-1 | Linux Kernel (Vivid HWE) Vulnerability | ||
| 07 10월 2015 | USN-2756-1 | rpcbind Vulnerability | ||
| 07 10월 2015 | USN-2765-1 | Linux Kernel (Vivid HWE) Vulnerability | ||
| 08 9월 2015 | USN-2710-1 | OpenSSH Vulnerabilities | ||
| 08 9월 2015 | USN-2698-1 | SQLite Vulnerabilities | ||
| 08 9월 2015 | USN-2694-1 | PCRE Vulnerabilities | ||
| 08 9월 2015 | USN-2718-1 | Address Configuration Change Vulnerabilities | ||
| 06 8월 2015 | USN-2696-1 | OpenJDK 7 Vulnerabilities | ||
| 29 7월 2015 | CVE-2015-3290 | Linux Kernel NMI Vulnerability | ||
| 10 7월 2015 | CVE-2015-1420 | file_handle size verification | ||
| 06 7월 2015 | CVE-2015-1330 | Unattended-Upgrades Vulnerability | ||
| 25 6월 2015 | CVE-2015-3189 | Expire old reset password links | ||
| 25 6월 2015 | CVE-2015-3190 | Open redirect on Login | ||
| 25 6월 2015 | CVE-2015-3191 | CSRF attack on change email | ||
| 12 6월 2015 | USN-2639-1 | OpenSSL vulnerabilities | ||
| 12 6월 2015 | CVE-2015-3636 | ipv4 use-after-free | ||
| 17 6월 2015 | CVE-2015-1328 | overlayfs privilege escalation | ||
| 09 6월 2015 | Redis LUA Sandbox | Redis LUA Exploit | ||
| 22 5월 2015 | CVE-2015-1834 | Path Traversal Vulnerability | ||
| 22 5월 2015 | USN-2617-1 | FUSE Vulnerability | ||
| 30 4월 2015 | CVE-2015-1855 | Ruby OpenSSL Hostname Verification | ||
| 23 3월 2015 | CVE-2015-0282 | Multiple GnuTLS Vulnerabilities | ||
| 21 3월 2015 | USN-2537-1 | OpenSSL vulnerabilities | ||
| 13 3월 2015 | CVE-2014-8159 | Linux Kernel Infiniband Vulnerability | ||
| 09 2월 2015 | CVE-2014-0227 | Apache Tomcat Request Smuggling | ||
| 28 1월 2015 | CVE-2015-0235 | GHOST | ||
| 10 9월 2014 | CVE-2013-4444 | Remote Code Execution in Apache Tomcat | ||
| 16 10월 2014 | CVE-2014-3566 | SSLV3 POODLE | ||
| 29 9월 2014 | CVE-2014-7186 | Bash Out-of Bonds | ||
| 25 9월 2014 | CVE-2014-6271 | Bash - ShellShock | ||
| 19 9월 2014 | CVE-2014-5119 | glib_gconv_translit_find() exploit | ||
| 18 8월 2014 | CVE-2014-3153 | Futex requeue exploit | ||
| 05 6월 2014 | CVE-2014-0224 | SSL/TLS MITM Vulnerability | ||
| 10 4월 2014 | CVE-2014-0160 | Heartbleed |
Thanks
Reports of vulnerabilities in VMware Tanzu products are listed in the credit section of the associated security announcement.