Notable Vulnerabilities in Dependencies (USNs) and legacy VMware Tanzu advisories

This page lists the legacy VMware Tanzu Vulnerability Reports. Starting in 2021, advisories documenting security vulnerabilities in VMware Tanzu products are continued on the VMware Security Advisories page. Information regarding open source vulnerabilities that are addressed in Tanzu products is present in the release notes of Tanzu products.

This page continues to list Spring advisories and USNs. Advisories pertaining to open source projects sponsored by VMware—apart from Spring—may be found in their GitHub repositories.


Reporting a vulnerability

The VMware Security Response team provides a single point of contact for the reporting of security vulnerabilities in VMware Tanzu products and coordinates the process of investigating any reported vulnerabilities.

To report a security vulnerability in a VMware service or product please refer to the VMware Security Response Policy.



VMware Tanzu Vulnerability Reports

Date   CVE Reference   Description
28 6월 2021 CVE-2021-22119   Denial-of-Service (DoS) attack via initiation of Authorization Request in Spring Security OAuth 2.0 Client Web and WebFlux Application
25 5월 2021 CVE-2021-22118   Local Privilege Escalation within Spring Webflux Multipart Request Handling
10 5월 2021 CVE-2021-22117   RabbitMQ Sever vulnerable to arbitrary code execution attack
10 5월 2021 CVE-2021-22116   Denial-of-Service Vulnerability due to improper input validation in RabbitMQ server
26 2월 2021 CVE-2021-22114   Zip-slip mitigation bypass in Spring Integration Zip extension
19 2월 2021 CVE-2021-22112   Changing SecurityContext More Than Once in Single Request Can Fail to Save
11 2월 2021 CVE-2021-22113   Spring Cloud Netflix Zuul “Sensitive Headers” Bypass Vulnerability
25 1월 2021 CVE-2020-5428   Possibility of SQL Injection in Spring Cloud Task Execution Sorting Query
25 1월 2021 CVE-2020-5427   Possibility of SQL Injection in Spring Cloud Data Flow Task Execution Sorting Query
01 12월 2020 CVE-2020-5423   Cloud Controller is vulnerable to denial of service via YAML parsing
16 11월 2020 CVE-2020-5417   Cloud Controller may allow developers to claim sensitive routes
12 11월 2020 CVE-2020-5422   UAA password may appear in Operations Manager process arguments
03 11월 2020 CVE-2020-5426   Scheduler for TAS can transmit privileged UAA token in plaintext
29 10월 2020 CVE-2020-5425   User Impersonation possible in Tanzu SSO
13 10월 2020 MYSQL-SECURITY-UPDATES-APR2020   Various MySQL Security Updates from April 2020
13 10월 2020 MYSQL-SECURITY-UPDATES-JAN2020   Various MySQL Security Updates from January 2020
17 9월 2020 CVE-2020-5421   RFD Protection Bypass via jsessionid
10 9월 2020 CVE-2020-5420   Gorouter is vulnerable to DoS attack via invalid HTTP responses
01 9월 2020 CVE-2020-5416   TAS clusters with NGINX in front of them may be vulnerable to DoS
27 8월 2020 CVE-2020-5419   RabbitMQ arbitrary code execution using local binary planting
11 8월 2020 CVE-2020-5415   Concourse's GitLab auth allows impersonation
04 8월 2020 CVE-2020-5412   Hystrix Dashboard Proxy In spring-cloud-netflix-hystrix-dashboard
30 7월 2020 CVE-2020-5414   App Autoscaler logs credentials
30 7월 2020 CVE-2020-5396   JMX Insecure Default Configuration in GemFire
30 7월 2020 MYSQL-SECURITY-UPDATES-OCT2019   Various MySQL Security Updates from October 2019
30 7월 2020 MYSQL-SECURITY-UPDATES-JUL2019   Various MySQL Security Updates from July 2019
30 7월 2020 CVE-2019-11286   JMX Credential Deserialization in GemFire
23 7월 2020 CVE-2020-5413   Kryo Configuration Allows Code Execution with Unknown “Serialization Gadgets”
16 7월 2020 CVE-2020-15586   Gorouter is vulnerable to DoS Attack via Expect 100-continue requests
10 6월 2020 CVE-2020-5411   Jackson Configuration Allows Code Execution with Unknown “Serialization Gadgets”
01 6월 2020 CVE-2020-5410   Directory Traversal with spring-cloud-config-server
26 5월 2020 CVE-2019-15605   Node.js is vulnerable to request smuggling
13 5월 2020 CVE-2020-5409   Concourse Open Redirect in the /sky/login endpoint
07 5월 2020 CVE-2020-5408   Dictionary attack with Spring Security queryable text encryptor
07 5월 2020 CVE-2020-5407   Signature Wrapping Vulnerability with spring-security-saml2-service-provider
14 4월 2020 CVE-2020-5402   UAA fails to check the state parameter when authenticating with external IDPs
09 4월 2020 CVE-2020-5406   PCF Autoscaling logs its database credentials
06 4월 2020 CVE-2019-11282   UAA is vulnerable to a Blind SCIM injection leading to information disclosure
06 4월 2020 CVE-2020-5400   Cloud Controller logs environment variables from app manifests
04 3월 2020 VARIOUS-JACKSON-CVES-UAA   Various CVEs UAA consumes vulnerable versions of FasterXML jackson-databind
04 3월 2020 CVE-2019-11290   UAA logs query parameters in tomcat access file
03 3월 2020 CVE-2019-11253   PKS is vulnerable to a YAML/JSON parsing "Billion Laughs" Attack
27 2월 2020 CVE-2020-5403   DoS Via Malformed URL with Reactor Netty HTTP Server
27 2월 2020 CVE-2020-5404   Authentication Leak On Redirect With Reactor Netty HttpClient
26 2월 2020 CVE-2020-5405   Directory Traversal with spring-cloud-config-server
24 2월 2020 CVE-2020-5401   GoRouter is vulnerable to a cache poisoning DoS
12 2월 2020 CVE-2020-5399   CredHub does not properly enable TLS for MySQL database connections
11 2월 2020 CVE-2019-19604   Git submodule loading vulnerability
16 1월 2020 CVE-2020-5397   CSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFlux
16 1월 2020 CVE-2020-5398   RFD Attack via “Content-Disposition” Header Sourced from Request Input by Spring MVC or Spring WebFlux Application
15 1월 2020 CVE-2019-11288   tc Server JMX Socket Listener Registry Rebinding Local Privilege Escalation
10 1월 2020 CVE-2019-18802   CVE-2019-18801, CVE-2019-18838, MySQL for Pivotal Platform consumes a vulnerable version of Envoy
08 1월 2020 CVE-2019-11292   Ops Manager logs query parameters in tomcat access file
04 12월 2019 CVE-2019-19029   SQL Injection via user-groups in VMware Harbor Container Registry for Pivotal Platform
04 12월 2019 CVE-2019-19023   Privilege Escalation Vulnerability in VMware Harbor Container Registry for Pivotal Platform
04 12월 2019 CVE-2019-19026   SQL Injection via project quotas in VMware Harbor Container Registry for Pivotal Platform
04 12월 2019 CVE-2019-3990   User Enumeration Flaw in VMware Harbor Container Registry for Pivotal Platform
04 12월 2019 CVE-2019-19025   Cross-Site Request Forgery Vulnerability in VMware Harbor Container Registry for Pivotal Platform
04 12월 2019 CVE-2019-9517   CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9518, CVE-2019-9511, CVE-2019-9516, Some Pivotal products are impacted by HTTP/2 denial of service attacks
03 12월 2019 CVE-2019-11293   UAA logs all query parameters with debug logging level
22 11월 2019 CVE-2019-11291   RabbitMQ XSS attack via federation and shovel endpoints
22 11월 2019 CVE-2019-11287   RabbitMQ Web Management Plugin DoS via heap overflow
18 11월 2019 CVE-2019-11289   A forged route service request using an invalid nonce can cause the gorouter to panic and crash
06 11월 2019 CVE-2019-9893   libseccomp incorrectly generate 64-bit syscall argument comparisons
28 10월 2019 CVE-2019-16869   Reactor Netty Consumes a Vulnerable Version of Netty
24 10월 2019 CVE-2019-11249   PKS consumes a vulnerable version of kubectl
23 10월 2019 CVE-2019-11283   Password leak in smbdriver logs
17 10월 2019 CVE-2019-16919   Broken access control vulnerability in Harbor API
15 10월 2019 CVE-2019-11278   Privilege Escalation via Blind SCIM Injection in UAA
15 10월 2019 CVE-2019-11279   Privilege Escalation via Scope Manipulation in UAA
15 10월 2019 CVE-2019-11247   Kubernetes API Server Vulnerability
15 10월 2019 CVE-2018-15664   Docker Symlink Directory Traversal Vulnerability
15 10월 2019 CVE-2019-13139   Docker build code execution
14 10월 2019 CVE-2019-11281   RabbitMQ XSS attack
11 10월 2019 CVE-2019-11284   Reactor Netty authentication leak in redirects
25 9월 2019 CVE-2019-11275   CSV Injection in usage report downloaded from Pivotal Application Manager
23 9월 2019 CVE-2019-11277   Volume Services is vulnerable to an LDAP injection attack
19 9월 2019 CVE-2019-11280   Privilege escalation through the invitations service
20 8월 2019 CVE-2019-3775   UAA allows users to modify their own email address
20 8월 2019 CVE-2019-3788   UAA redirect-uri allows wildcards in the subdomain
20 8월 2018 CVE-2019-3787   UAA defaults email address to an insecure domain
20 8월 2019 CVE-2019-10164   Critical Security Issue in PostgreSQL
19 8월 2019 CVE-2019-11276   Apps Manager sends tokens to Spring apps via HTTP
15 8월 2019 CVE-2017-15694   Pivotal GemFire and Cloud Cache consume vulnerable versions of Apache Geode
14 8월 2019 CVE-2019-13232   ClamAV Add-on for PCF consumes a vulnerable version of ClamAV
01 8월 2019 CVE-2019-11270   UAA clients.write vulnerability
25 7월 2019 CVE-2019-3800   CF CLI writes the client id and secret to config file
25 7월 2019 CVE-2019-3781   CF CLI does not sanitize user's password in verbose/trace/debug
23 7월 2019 CVE-2019-11273   PKS Telemetry logs credentials
22 7월 2019 VARIOUS-SQL   Various MySQL Security Updates from July 2018 through January 2019
22 7월 2019 USN-4017-1   Linux kernel vulnerabilities
18 7월 2019 CVE-2019-3786   BBR could run arbitrary scripts on deployment VMs
28 6월 2019 CVE-2019-11271   Bosh Deployment logs leak sensitive information
19 6월 2019 CVE-2019-11272   PlaintextPasswordEncoder authenticates encoded passwords that are null
30 5월 2019 CVE-2019-5021   Tile generator affected by insecure default password
30 5월 2019 CVE-2019-11269   Open Redirector in spring-security-oauth2
24 5월 2019 CVE-2019-3790   Ops Manager uaa client issues tokens after refresh token expiration
13 5월 2019 CVE-2019-3802   Additional information exposure with Spring Data JPA example matcher
25 4월 2019 CVE-2019-3801   Java Projects using HTTP to fetch dependencies
24 4월 2019 CVE-2019-3798   Escalation of Privileges in Cloud Controller
24 4월 2019 CVE-2019-3789   Gorouter allows space developer to hijack route services hosted outside the platform
16 4월 2019 CVE-2019-3799   Directory Traversal with spring-cloud-config-server
12 4월 2019 CVE-2019-3793   Invitations Service supports HTTP connections
08 4월 2019 CVE-2019-3797   Additional information exposure with Spring Data JPA derived queries
04 4월 2019 CVE-2019-3795   Insecure Randomness When Using a SecureRandom Instance Constructed by Spring Security
01 4월 2019 CVE-2019-9946   Kubernetes affecting certain network configurations with CNI
01 4월 2019 CVE-2019-1002100   Kubernetes API Server Patch Request Consumes Excess Resource Cause Denial of Service
01 4월 2019 CVE-2019-1002101   Kubernetes kubectl - potential directory traversal
25 3월 2019 CVE-2019-3792   Concourse 5.0.0 SQL Injection vulnerability
07 3월 2019 CVE-2019-8331   Bootstrap XSS
28 2월 2019 CVE-2018-15754   UAA issues tokens across identity providers if users with matching usernames exist
26 2월 2019 CVE-2019-3777   Apps Manager unverified SSL certs in Cloud Controller proxy
21 2월 2019 CVE-2019-3778   Open Redirector in spring-security-oauth2
19 2월 2019 CVE-2019-3776   Reflected XSS in Pivotal Operations Manager
14 2월 2019 CVE-2019-3780   Cloud Foundry Container Runtime Leaks IAAS Credentials
14 2월 2019 CVE-2019-3779   Pivotal Container Service allows a user to bypass security policy when talking to ETCD
14 1월 2019 CVE-2019-3772   XML External Entity Injection (XXE)
14 1월 2019 CVE-2019-3773   XML External Entity Injection (XXE)
14 1월 2019 CVE-2019-3774   XML External Entity Injection (XXE)
08 1월 2019 KUBERNETES-API-SERVER   Kubernetes API Server acts as proxy for internal and external IPs
08 1월 2019 CVE-2019-3803   Concourse includes token in CLI authentication callback
04 1월 2019 CVE-2018-18264   Kubernetes Dashboard TLS Certificate Leak
18 12월 2018 CVE-2018-15801   Authorization Bypass During JWT Issuer Validation with spring-security
13 12월 2018 CVE-2018-15798   Pivotal Concourse allows malicious redirect urls on login
05 12월 2018 CVE-2018-1279   RabbitMQ cluster compromise due to deterministically generated cookie
15 11월 2018 CVE-2018-15759   On Demand Services SDK Timing Attack Vulnerability
09 11월 2018 CVE-2018-15795   CredHub Service Broker uses guessable client secret
29 10월 2018 CVE-2018-15762   Pivotal Operations Manager gives all users heightened privileges
16 10월 2018 CVE-2018-15758   Privilege Escalation in spring-security-oauth2
16 10월 2018 CVE-2018-15756   DoS Attack via Range Requests
10 10월 2018 CVE-2018-11084   Garden-runC prevents deletion of some app environments
10 10월 2018 CVE-2018-15755   CF networking internal policy server SQL injection
03 10월 2018 CVE-2018-11083   BOSH accepts refresh token as access token
02 10월 2018 CVE-2018-15763   PKS leaks IaaS credentials to application logs
27 9월 2018 CVE-2018-11081   Ops Manager writes UAA credentials to disk
13 9월 2018 CVE-2018-1198   PCC bosh deployment logs print a superuser password in plain text
13 9월 2018 CVE-2018-11088   CF admin credentials accessible to developers through Applications Manager
13 9월 2018 CVE-2018-11086   CF admin credentials accessible to developers through usage service
11 9월 2018 CVE-2018-11087   RabbitMQ (Spring-AMQP) Host name verification
23 7월 2018 CVE-2018-11044   Apps Manager allows unescaped content in invitation emails
10 7월 2018 CVE-2018-11045   Operations Manager image contains static LRNG seed file
20 6월 2018 CVE-2018-11046   Operations Manager includes outdated NGINX packages
14 6월 2018 CVE-2018-11040   JSONP enabled by default in MappingJackson2JsonView
14 6월 2018 CVE-2018-11039   Cross Site Tracing (XST) with Spring Framework
11 5월 2018 CVE-2018-1263   Unsafe Unzip with spring-integration-zip
10 5월 2018 CVE-2018-1278   Apps Manager allows unauthorized org invitations
09 5월 2018 CVE-2018-1261   Unsafe Unzip with spring-integration-zip
09 5월 2018 CVE-2018-1260   Remote Code Execution with spring-security-oauth2
09 5월 2018 CVE-2018-1259   XXE with Spring Data’s XMLBeam integration
09 5월 2018 CVE-2018-1258   Unauthorized Access with Spring Security Method Security
09 5월 2018 CVE-2018-1257   ReDoS Attack with spring-messaging
07 5월 2018 CVE-2018-1280   Blind SQL injection in Pivotal Greenplum Command Center
30 4월 2018 CVE-2018-1256   Issuer validation regression in Spring Cloud SSO Connector
10 4월 2018 CVE-2018-1274   Denial of Service with Spring Data
10 4월 2018 CVE-2018-1273   RCE with Spring Data Commons
09 4월 2018 CVE-2018-1275   Address partial fix for CVE-2018-1270
05 4월 2018 CVE-2018-1272   Multipart Content Pollution with Spring Framework
05 4월 2018 CVE-2018-1271   Directory Traversal with Spring MVC on Windows
05 4월 2018 CVE-2018-1270   Remote Code Execution with spring-messaging
16 3월 2018 CVE-2018-1230   Spring Batch Admin vulnerable to Cross Site Request Forgery
16 3월 2018 CVE-2018-1229   Stored XSS in file upload of Spring Batch Admin
13 2월 2018 CVE-2018-1200   Apps Manager File Access Vulnerability
30 1월 2018 CVE-2018-1196   Symlink privilege escalation attack via Spring Boot launch script
29 1월 2018 CVE-2018-1199   Security bypass with static resources
16 10월 2017 CVE-2017-8028   Spring-LDAP authentication with userSearch and STARTTLS allows authentication with arbitrary password
21 9월 2017 CVE-2017-8046   RCE in PATCH requests in Spring Data REST
19 9월 2017 CVE-2017-8045   Remote code execution in spring-amqp
15 9월 2017 CVE-2017-8039   Data Binding Expression Vulnerability in Spring Web Flow
31 8월 2017 CVE-2017-8044   XSS vulnerability in Single Sign-On for PCF via DOM-based query parameters
31 8월 2017 CVE-2017-8041   XSS vulnerability in org name in Single Sign-On for PCF
31 8월 2017 CVE-2017-8040   XXE Vulnerability in Single Sign-On for PCF
08 6월 2017 CVE-2017-4995   Jackson Configuration Allows Code Execution with Unknown “Serialization Gadgets”
31 5월 2017 CVE-2017-4971   Data Binding Expression Vulnerability in Spring Web Flow
15 5월 2017 CVE-2017-4975   Tile generator sets open security groups
04 5월 2017 CVE-2017-4966   RabbitMQ local storage of credentials
04 5월 2017 CVE-2017-4965   XSS vulnerabilities in RabbitMQ management UI
27 3월 2017 CVE-2017-2773   Unauthenticated JWT signing algorithm in multiple components
24 3월 2017 CVE-2017-4955   Credentials in Elastic Runtime Notifications errand log
14 2월 2017 CVE-2017-4959   Pivotal Cloud Foundry account authorization vulnerability
09 2월 2017 CVE-2016-9880   Unauthenticated access to GemFire for PCF broker endpoints
04 1월 2017 CVE-2016-9885   gfsh exposed over go router for GemFire for PCF
28 12월 2016 CVE-2016-9879   Encoded "/" in path variables
28 12월 2016 CVE-2016-0898   Service backups log AWS key
21 12월 2016 CVE-2016-9878   Directory Traversal in the Spring Framework ResourceServlet
19 12월 2016 CVE-2016-9877   RabbitMQ authentication vulnerability
31 10월 2016 CVE-2016-6657   PCF Open Redirects
31 10월 2016 CVE-2016-6656   Code injection vulnerability via GPHDFS in Greenplum database
30 9월 2016 CVE-2016-6652   Spring Data JPA Blind SQL Injection Vulnerability
12 9월 2016 CVE-2016-0930   Ops Manager Compilation VMs Vulnerability on vSphere and vCloud
27 7월 2016 CVE-2016-0896   IaaS Metadata Endpoint Accessible from Application Containers
15 7월 2016 CVE-2016-0929   RabbitMQ for PCF vulnerability
07 7월 2016 CVE-2016-5007   Spring Security / MVC Path Matching Inconsistency
07 7월 2016 CVE-2016-0926   Apps Manager XSS vulnerability
05 7월 2016 CVE-2016-4977   Remote Code Execution (RCE) in Spring Security OAuth
29 6월 2016 CVE-2016-0928   PCF Open Redirects
24 6월 2016 CVE-2016-0897   Ops Manager vSphere and vCloud vulnerability
23 6월 2016 CVE-2016-0927   Ops Manager XSS vulnerability
11 4월 2016 CVE-2016-2173   Remote Code Execution in Spring AMQP
23 3월 2016 CVE-2016-0780   Cloud Controller Disk Quota Enforcement
23 3월 2016 CVE-2016-2165   Loggregator Request URL Paths
23 3월 2016 CVE-2016-0781   UAA Persistent XSS Vulnerability
03 2월 2016 CVE-2016-0883   Pivotal Ops Manager Weak Authentication Scheme
12 11월 2015 CVE-2015-5258   Spring Social CSRF
15 10월 2015 CVE-2015-5211   RFD Attack in Spring Framework
30 6월 2015 CVE-2015-3192   DoS Attack with XML Input
06 3월 2015 CVE-2015-0201   Insufficiently random session id in Java SockJS client
13 1월 2015 CVE-2014-3626   Directory Traversal in Grails Resources Plugin
11 11월 2014 CVE-2014-3625   Directory Traversal in Spring Framework
05 9월 2014 CVE-2014-3578   Directory Traversal in Spring Framework
15 8월 2014 CVE-2014-3527   Access Control Bypass in Spring Security
28 5월 2014 CVE-2014-0225   Information Disclosure when using Spring MVC
11 3월 2014 CVE-2014-1904   XSS when using Spring MVC
11 3월 2014 CVE-2014-0097   Blank password may bypass user authentication
11 3월 2014 CVE-2014-0054   Incomplete fix for CVE-2013-7315 / CVE-2013-6429 (XXE)
19 2월 2014 CVE-2014-0053   Information Disclosure when using Grails
14 1월 2014 CVE-2013-6430   Possible XSS when using Spring MVC
14 1월 2014 CVE-2013-6429   Incomplete fix for CVE-2013-7315 (XXE)
22 8월 2013 CVE-2013-7315   XML External Entity (XXE) injection in Spring Framework
22 8월 2013 CVE-2013-4152   XML eXternal Entity (XXE) injection in Spring Framework
모두 보기


Notable Vulnerabilities in Dependencies

Date   CVE Reference   Description
13 9월 2021 USN-5021-1   curl vulnerabilities
13 9월 2021 USN-5020-1   Ruby vulnerabilities
13 9월 2021 USN-5013-1   systemd vulnerabilities
13 9월 2021 USN-5005-1   DjVuLibre vulnerability
13 9월 2021 USN-4996-1   OpenEXR vulnerabilities
13 9월 2021 USN-4990-1   Nettle vulnerabilities
13 9월 2021 USN-4988-1   ImageMagick vulnerabilities
13 9월 2021 USN-4971-1   libwebp vulnerabilities
13 9월 2021 USN-4969-1   DHCP vulnerability
13 9월 2021 USN-4968-1   LZ4 vulnerability
13 9월 2021 USN-4966-1   libx11 vulnerability
13 9월 2021 USN-4900-1   OpenEXR vulnerabilities
13 9월 2021 USN-4891-1   OpenSSL vulnerability
13 9월 2021 USN-4890-1   Linux kernel vulnerabilities
13 9월 2021 USN-4883-1   Linux kernel vulnerabilities
13 9월 2021 USN-4882-1   Ruby vulnerabilities
13 9월 2021 USN-4877-1   Linux kernel vulnerabilities
13 9월 2021 USN-4764-1   GLib vulnerability
13 9월 2021 USN-4761-1   Git vulnerability
13 9월 2021 USN-4760-1   libzstd vulnerabilities
13 9월 2021 USN-4759-1   GLib vulnerabilities
13 9월 2021 USN-4719-1   ca-certificates update
15 6월 2021 USN-4922-1   Ruby vulnerability
15 6월 2021 USN-4938-1   Unbound vulnerabilities
15 6월 2021 USN-4957-1   DjVuLibre vulnerabilities
15 6월 2021 USN-4966-2   libx11 vulnerability
15 6월 2021 USN-4967-2   nginx vulnerability
16 4월 2021 USN-4755-1   LibTIFF vulnerabilities
16 4월 2021 USN-4754-4   Python 2.7 vulnerability
16 4월 2021 USN-4754-2   Python regression
16 4월 2021 USN-4754-1   Python vulnerabilities
16 4월 2021 USN-4749-1   Linux kernel vulnerabilities
16 4월 2021 USN-4738-1   OpenSSL vulnerabilities
01 3월 2021 USN-4705-1   Sudo vulnerabilities
01 3월 2021 USN-4700-1   PyXDG vulnerability
01 3월 2021 USN-4694-1   Linux kernel vulnerability
01 3월 2021 USN-4692-1   tar vulnerabilities
01 3월 2021 USN-4680-1   Linux kernel vulnerabilities
01 3월 2021 USN-4677-1   p11-kit vulnerabilities
01 3월 2021 USN-4676-1   OpenEXR vulnerabilities
01 3월 2021 USN-4673-1   libproxy vulnerability
01 3월 2021 USN-4668-3   python-apt regression
01 3월 2021 USN-4489-1   Linux kernel vulnerability
13 1월 2021 USN-4662-1   OpenSSL vulnerability
13 1월 2021 USN-4660-1   Linux kernel vulnerabilities
13 1월 2021 USN-4635-1   Kerberos vulnerability
13 1월 2021 USN-4628-2   Intel Microcode regression
13 1월 2021 USN-4628-1   Intel Microcode vulnerabilities
11 12월 2020 USN-4633-1   PostgreSQL vulnerabilities
11 12월 2020 USN-4613-1   python-cryptography vulnerability
11 12월 2020 USN-4428-1   Python vulnerabilities
11 12월 2020 USN-4416-1   GNU C Library vulnerabilities
11 12월 2020 USN-4360-2   json-c regression
11 12월 2020 USN-4360-1   json-c vulnerability
11 12월 2020 USN-4359-1   APT vulnerability
11 12월 2020 USN-4309-1   Vim vulnerabilities
20 11월 2020 USN-4593-1   FreeType vulnerability
20 11월 2020 USN-4591-1   Linux kernel vulnerabilities
20 11월 2020 USN-4582-1   Vim vulnerabilities
20 11월 2020 USN-4581-1   Python vulnerability
20 11월 2020 USN-4578-1   Linux kernel vulnerabilities
20 11월 2020 USN-4526-1   Linux kernel vulnerabilities
24 9월 2020 USN-4466-1   curl vulnerability
24 9월 2020 USN-4457-1   Software Properties vulnerability
28 8월 2020 USN-4414-1   Linux kernel vulnerabilities
28 8월 2020 USN-4402-1   curl vulnerabilities
28 8월 2020 USN-4398-1   DBus vulnerability
30 7월 2020 USN-4394-1   SQLite vulnerabilities
30 7월 2020 USN-4390-1   Linux kernel vulnerabilities
30 7월 2020 USN-4385-2   Intel Microcode regression
30 7월 2020 USN-4385-1   Intel Microcode vulnerabilities
30 7월 2020 USN-4377-1   ca-certificates update
30 7월 2020 USN-4376-1   OpenSSL vulnerabilities
30 7월 2020 USN-4360-4   json-c vulnerability
30 7월 2020 USN-3911-2   file regression
14 5월 2020 USN-4318-1   Linux kernel vulnerabilities
28 4월 2020 USN-4345-1   Linux kernel vulnerabilities
23 4월 2020 USN-4305-1   ICU vulnerability
23 4월 2020 USN-4302-1   Linux kernel vulnerabilities
23 4월 2020 USN-4298-1   SQLite vulnerabilities
21 4월 2020 USN-4333-1   Python vulnerabilities
08 4월 2020 USN-4292-1   rsync vulnerabilities
02 3월 2020 USN-4293-1   libarchive vulnerabilities
18 2월 2020 USN-4287-1   Linux kernel vulnerabilities
10 2월 2020 USN-4274-1   libxml2 vulnerabilities
05 2월 2020 USN-4269-1   systemd vulnerabilities
03 2월 2020 USN-4263-1   Sudo vulnerability
28 1월 2020 USN-4255-2   Linux kernel (HWE) vulnerabilities
28 1월 2020 USN-4256-1   Cyrus SASL vulnerability
27 1월 2020 USN-4252-1   tcpdump vulnerabilities
23 1월 2020 USN-4233-2   GnuTLS update
23 1월 2020 USN-4249-1   e2fsprogs vulnerability
22 1월 2020 USN-4247-1   python-apt vulnerabilities
22 1월 2020 USN-4247-2   python-apt regression
22 1월 2020 USN-4246-1   zlib vulnerabilities
20 1월 2020 USN-4242-1   Sysstat vulnerabilities
20 1월 2020 USN-4243-1   libbsd vulnerabilities
19 1월 2020 CVE-2020-0601   Windows Stemcells vulnerable to Windows CryptoAPI Spoofing Vulnerability
15 1월 2020 USN-4205-1   SQLite vulnerabilities
15 1월 2020 USN-4215-1   NSS vulnerability
15 1월 2020 USN-4182-3   Intel Microcode regression
15 1월 2020 USN-4220-1   Git vulnerabilities
15 1월 2020 USN-4210-1   Linux kernel vulnerabilities
14 1월 2020 USN-4236-2   Libgcrypt vulnerability
13 1월 2020 USN-4235-1   nginx vulnerability
09 1월 2020 USN-4233-1   GnuTLS update
08 1월 2020 USN-4231-1   NSS vulnerability
07 1월 2020 USN-4227-1   Linux kernel vulnerabilities
18 12월 2019 USN-4194-1   postgresql-common vulnerability
18 12월 2019 USN-4185-1   Linux kernel vulnerabilities
18 12월 2019 USN-4162-1   Linux kernel vulnerabilities
18 12월 2019 USN-4191-1   QEMU vulnerabilities
18 12월 2019 USN-4164-1   Libxslt vulnerabilities
18 12월 2019 USN-4190-1   libjpeg-turbo vulnerabilities
18 12월 2019 USN-4176-1   GNU cpio vulnerability
18 12월 2019 USN-4172-1   file vulnerability
18 12월 2019 USN-4203-1   NSS vulnerability
18 12월 2019 USN-4169-1   libarchive vulnerability
18 12월 2019 USN-4182-1   Intel Microcode update
18 12월 2019 USN-4185-3   Linux kernel vulnerability and regression
18 12월 2019 USN-4199-1   libvpx vulnerabilities
11 12월 2019 USN-4221-1   libpcap vulnerability
25 11월 2019 CVE-2019-15587   Ops Manager contains a vulnerable Loofah gem
14 11월 2019 USN-4004-1   Berkeley DB vulnerability
14 11월 2019 USN-4038-1   bzip2 vulnerabilities
14 11월 2019 USN-3911-1   file vulnerabilities
14 11월 2019 USN-4015-1   DBus vulnerability
14 11월 2019 USN-4011-1   Jinja2 vulnerabilities
14 11월 2019 USN-4008-2   AppArmor update
14 11월 2019 USN-3999-1   GnuTLS vulnerabilities
14 11월 2019 USN-3967-1   FFmpeg vulnerabilities
14 11월 2019 USN-3990-1   urllib3 vulnerabilities
14 11월 2019 USN-4040-1   Expat vulnerability
14 11월 2019 USN-3885-2   OpenSSH vulnerability
14 11월 2019 USN-3993-1   curl vulnerabilities
14 11월 2019 USN-4012-1   elfutils vulnerabilities
14 11월 2019 USN-3968-1   Sudo vulnerabilities
14 11월 2019 USN-4016-1   Vim vulnerabilities
14 11월 2019 USN-4019-1   SQLite vulnerabilities
06 11월 2019 USN-4151-1   Python vulnerabilities
06 11월 2019 USN-4144-1   Linux kernel vulnerabilities
06 11월 2019 USN-4142-1   e2fsprogs vulnerability
06 11월 2019 USN-4132-1   Expat vulnerability
06 11월 2019 USN-4129-1   curl vulnerabilities
06 11월 2019 USN-4127-1   Python vulnerabilities
06 11월 2019 USN-4126-1   FreeType vulnerability
30 9월 2019 USN-4135-1   Linux kernel vulnerabilities
30 9월 2019 USN-4115-2   Linux kernel regression
30 9월 2019 USN-4115-1   Linux kernel vulnerabilities
30 9월 2019 USN-4094-1   Linux kernel vulnerabilities
30 9월 2019 USN-4071-1   Patch vulnerabilities
30 9월 2019 USN-4049-3   GLib regression
24 9월 2019 CVE-2019-16097   Harbor Privilege Escalation
05 9월 2019 USN-4099-1   nginx vulnerabilities
05 9월 2019 USN-4090-1   PostgreSQL vulnerabilities
05 9월 2019 USN-4068-2   Linux kernel (HWE) vulnerabilities
05 9월 2019 USN-4060-1   NSS vulnerabilities
05 9월 2019 USN-4058-1   Bash vulnerability
05 9월 2019 USN-4049-1   GLib vulnerability
05 9월 2019 USN-4038-3   bzip2 regression
06 8월 2019 USN-4041-1   Linux kernel update
05 8월 2019 USN-4014-1   GLib vulnerability
05 8월 2019 USN-4001-1   libseccomp vulnerability
05 8월 2019 USN-3977-3   Intel Microcode update (AKA ZombieLoad Attack)
19 6월 2019 USN-3981-2   Linux kernel (HWE) vulnerabilities (AKA ZombieLoad Attack)
19 6월 2019 USN-3977-2   Intel Microcode update (AKA ZombieLoad Attack)
19 6월 2019 USN-3977-1   Intel Microcode update (AKA ZombieLoad Attack)
21 5월 2019 USN-3972-1   PostgreSQL vulnerabilities
21 5월 2019 USN-3962-1   libpng vulnerability
21 5월 2019 USN-3960-1   WavPack vulnerability
21 5월 2019 USN-3947-1   Libxslt vulnerability
21 5월 2019 USN-3943-1   Wget vulnerabilities
21 5월 2019 USN-3932-2   Linux kernel (Xenial HWE) vulnerabilities
21 5월 2019 USN-3931-2   Linux kernel (HWE) vulnerabilities
08 5월 2019 USN-3935-1   BusyBox vulnerabilities
25 4월 2019 USN-3945-1   Ruby vulnerabilities
25 4월 2019 USN-3910-2   Linux kernel (Xenial HWE) vulnerabilities
25 4월 2019 USN-3906-1   LibTIFF vulnerabilities
25 4월 2019 USN-3901-2   Linux kernel (HWE) vulnerabilities
25 4월 2019 USN-3900-1   GD vulnerabilities
25 4월 2019 USN-3899-1   OpenSSL vulnerability
25 4월 2019 USN-3898-1   NSS vulnerability
25 4월 2019 USN-3891-1   systemd vulnerability
25 4월 2019 USN-3885-1   OpenSSH vulnerabilities
25 4월 2019 USN-3884-1   libarchive vulnerabilities
25 4월 2019 USN-3882-1   curl vulnerabilities
25 4월 2019 USN-3879-2   Linux kernel (Xenial HWE) vulnerabilities
25 4월 2019 USN-3871-4   Linux kernel (HWE) vulnerabilities
25 4월 2019 USN-3864-1   LibTIFF vulnerabilities
25 4월 2019 USN-3859-1   libarchive vulnerabilities
25 4월 2019 USN-3848-2   Linux kernel (Xenial HWE) vulnerabilities
25 4월 2019 USN-3847-2   Linux kernel (HWE) vulnerabilities
25 4월 2019 USN-3840-1   OpenSSL vulnerabilities
25 4월 2019 USN-3834-1   Perl vulnerabilities
25 4월 2019 USN-3816-3   systemd regression
25 4월 2019 USN-3855-1   systemd vulnerabilities
25 4월 2019 USN-3863-1   APT vulnerability
13 2월 2019 CVE-2019-5736   runC container breakout
06 2월 2019 USN-3836-2   Linux kernel (HWE) vulnerabilities
06 2월 2019 USN-3841-1   lxml vulnerability
06 2월 2019 USN-3850-1   NSS vulnerabilities
03 1월 2019 USN-3843-1   pixman vulnerability
03 1월 2019 USN-3816-2   systemd vulnerability
03 1월 2019 USN-3839-1   WavPack vulnerabilities
03 1월 2019 USN-3829-1   Git vulnerabilities
14 12월 2018 USN-3805-1   curl vulnerabilities
14 12월 2018 USN-3809-1   OpenSSH vulnerabilities
14 12월 2018 USN-3812-1   nginx vulnerabilities
14 12월 2018 USN-3815-1   gettext vulnerability
14 12월 2018 USN-3817-1   Python vulnerabilities
14 12월 2018 USN-3821-2   Linux kernel (Xenial HWE) vulnerabilities
12 12월 2018 USN-3820-2   Linux kernel (HWE) vulnerabilities
12 12월 2018 USN-3816-1   systemd vulnerabilities
12 12월 2018 USN-3806-1   systemd vulnerability
12 12월 2018 USN-3808-1   Ruby vulnerabilities
03 12월 2018 CVE-2018-15797   NFS Volume release errand leaks cf admin credentials in logs
03 12월 2018 CVE-2018-1002105   Proxy request handling in kube-apiserver can leave vulnerable TCP connections
28 11월 2018 USN-3797-2   Linux kernel (Xenial HWE) vulnerabilities
08 11월 2018 USN-3800-1   audiofile vulnerabilities
08 11월 2018 USN-3791-1   Git vulnerability
08 11월 2018 USN-3786-1   libxkbcommon vulnerabilities
08 11월 2018 USN-3785-1   ImageMagick vulnerabilities
06 11월 2018 CVE-2018-15761   UAA Privilege Escalation
26 10월 2018 USN-3790-1   Requests vulnerability
26 10월 2018 USN-3777-2   Linux kernel (HWE) vulnerabilities
26 10월 2018 USN-3762-2   Linux kernel (HWE) vulnerabilities
09 10월 2018 USN-3752-2   Linux kernel (HWE) vulnerabilities
09 10월 2018 USN-3765-1   curl vulnerability
09 10월 2018 USN-3767-1   GLib vulnerabilities
09 10월 2018 USN-3770-1   Little CMS vulnerabilities
27 9월 2018 USN-3759-1   libtirpc vulnerabilities
27 9월 2018 USN-3758-1   libx11 vulnerabilities
27 9월 2018 USN-3756-1   Intel Microcode vulnerabilities
27 9월 2018 USN-3755-1   GD vulnerabilities
27 9월 2018 USN-3753-2   Linux kernel (Xenial HWE) vulnerabilities
27 9월 2018 USN-3744-1   PostgreSQL vulnerabilities
27 9월 2018 USN-3741-2   Linux kernel (Xenial HWE) vulnerabilities
27 9월 2018 USN-3739-1   libxml2 vulnerabilities
27 9월 2018 USN-3736-1   libarchive vulnerabilities
27 9월 2018 USN-3733-1   GnuPG vulnerability
27 9월 2018 USN-3729-1   libxcursor vulnerability
27 9월 2018 USN-3712-1   libpng vulnerabilities
27 9월 2018 USN-3696-2   Linux kernel (Xenial HWE) vulnerabilities
27 9월 2018 USN-3692-1   OpenSSL vulnerabilities
27 9월 2018 USN-3690-2   AMD Microcode regression
27 9월 2018 USN-3690-1   AMD Microcode update
27 9월 2018 USN-3689-1   Libgcrypt vulnerability
27 9월 2018 USN-3605-1   Sharutils vulnerability
27 9월 2018 USN-3589-1   PostgreSQL vulnerability
27 9월 2018 USN-3564-1   PostgreSQL vulnerability
27 9월 2018 USN-3532-1   GDK-PixBuf vulnerabilities
27 9월 2018 USN-3509-4   Linux kernel (Xenial HWE) regression
27 9월 2018 USN-3352-1   nginx vulnerability
09 8월 2018 CVE-2018-8037   Apache Tomcat - NIO/NIO2 connectors user sessions can get mixed up
09 8월 2018 CVE-2018-1336   Apache Tomcat - UTF-8 decoder can lead to DoS
02 8월 2018 USN-3711-1   ImageMagick vulnerabilities
02 8월 2018 USN-3707-1   NTP vulnerabilities
02 8월 2018 USN-3706-1   libjpeg-turbo vulnerabilities
23 7월 2018 CVE-2018-11047   UAA accepts refresh token as access token on admin endpoints
20 7월 2018 USN-3693-1   JasPer vulnerabilities
20 7월 2018 USN-3686-1   file vulnerabilities
20 7월 2018 USN-3684-1   Perl vulnerability
20 7월 2018 USN-3681-1   ImageMagick vulnerabilities
20 7월 2018 USN-3676-2   Linux kernel (Xenial HWE) vulnerabilities
20 7월 2018 USN-3675-1   GnuPG vulnerabilities
20 7월 2018 USN-3658-1   procps-ng vulnerabilities
17 7월 2018 CVE-2018-11041   UAA open redirect
16 7월 2018 CVE-2018-1269   Loggregator does not properly close some TCP connections
16 7월 2018 CVE-2018-1268   Loggregator lacks app GUID validation
19 6월 2018 CVE-2018-1265   Diego does not properly sanitize file paths in tar/zip files
21 6월 2018 USN-3671-1   Git vulnerabilities
21 6월 2018 USN-3654-2   Linux kernel (Xenial HWE) vulnerabilities
21 6월 2018 USN-3648-1   curl vulnerabilities
14 6월 2018 USN-3643-1   Wget vulnerability
14 6월 2018 USN-3641-1   Linux kernel vulnerabilities
14 6월 2018 USN-3631-2   Linux kernel (Xenial HWE) vulnerabilities
14 6월 2018 USN-3628-1   OpenSSL vulnerability
14 6월 2018 USN-3625-1   Perl vulnerabilities
14 6월 2018 USN-3624-1   Patch vulnerabilities
14 6월 2018 USN-3622-1   Wayland vulnerability
21 5월 2018 CVE-2018-1277   Garden does not correctly enforce Docker image disc quotas
21 5월 2018 CVE-2018-1276   Windows2012R2 stemcell exposes IaaS metadata on vSphere
10 5월 2018 MS-ISAC-2018-046   MS-ISAC 2018-046 Multiple Vulnerabilities in PHP
08 5월 2018 CVE-2018-1191   Garden may log Docker passwords
02 5월 2018 USN-3619-2   Linux kernel (Xenial HWE) vulnerabilities
02 5월 2018 USN-3611-1   OpenSSL vulnerability
02 5월 2018 USN-3610-1   ICU vulnerability
02 5월 2018 USN-3606-1   LibTIFF vulnerabilities
02 5월 2018 USN-3604-1   libvorbis vulnerabilities
02 5월 2018 USN-3602-1   LibTIFF vulnerabilities
02 5월 2018 USN-3598-1   curl vulnerabilities
02 5월 2018 USN-3586-1   DHCP vulnerabilities
02 5월 2018 USN-3584-1   sensible-utils vulnerability
02 5월 2018 USN-3569-1   libvorbis vulnerabilities
02 5월 2018 USN-3554-1   curl vulnerabilities
02 5월 2018 USN-3547-1   Libtasn1 vulnerabilities
02 5월 2018 USN-3543-1   rsync vulnerabilities
02 5월 2018 USN-3534-1   GNU C Library vulnerabilities
02 5월 2018 USN-3506-1   rsync vulnerabilities
02 5월 2018 USN-3501-1   libxcursor vulnerability
02 5월 2018 USN-3346-2   Bind regression
30 4월 2018 CVE-2018-1197   GCP Metadata Endpoint Accessible from Application Containers on Windows
05 4월 2018 CVE-2018-1266   Cloud Controller file modification via malicious application
05 4월 2018 CVE-2018-1231   BOSH CLI does not restrict access to configuration file
03 4월 2018 USN-3582-2   Linux kernel (Xenial HWE) vulnerabilities
28 3월 2018 CVE-2018-1195   Cloud Controller API will accept a refresh token for authentication
28 3월 2018 CVE-2018-1192   UAA SessionID present in Audit Event Logs
28 3월 2018 CVE-2018-1190   XSS on UAA OpenID Connect check session iframe endpoint
09 3월 2018 CVE-2018-1227   Concourse-dot-ci Domain Issue
27 2월 2018 VU475445   VU#475445 SAML Authentication Bypass
27 2월 2018 CVE-2018-1221   Gorouter websocket handling vulnerability
01 2월 2018 USN-3540-2   Linux kernel (Xenial HWE) vulnerabilities
01 2월 2018 USN-3538-1   OpenSSH vulnerabilities
01 2월 2018 USN-3535-1   Bind vulnerability
01 2월 2018 USN-3522-4   Linux (Xenial HWE) vulnerability
01 2월 2018 USN-3522-2   Linux (Xenial HWE) vulnerability
01 2월 2018 USN-3513-1   libxml2 vulnerability
01 2월 2018 USN-3504-1   libxml2 vulnerability
03 1월 2018 Meltdown and Spectre Attacks   Meltdown and Spectre Attacks
19 12월 2017 CVE-2017-1000353   Jenkins unauthenticated remote code execution
15 12월 2017 USN-3509-2   Linux kernel (Xenial HWE) vulnerabilities
15 12월 2017 USN-3505-1   Linux firmware vulnerabilities
15 12월 2017 USN-3498-1   curl vulnerabilities
15 12월 2017 USN-3496-3   Python vulnerability
15 12월 2017 USN-3496-1   Python vulnerability
15 12월 2017 USN-3489-1   Berkeley DB vulnerability
15 12월 2017 USN-3485-2   Linux kernel (Xenial HWE) vulnerabilities
15 12월 2017 USN-3478-1   Perl vulnerabilities
15 12월 2017 USN-3475-1   OpenSSL vulnerabilities
15 12월 2017 USN-3469-2   Linux kernel (Xenial HWE) vulnerabilities
15 12월 2017 USN-3464-1   Wget vulnerabilities
15 12월 2017 USN-3458-1   ICU vulnerability
15 12월 2017 USN-3457-1   curl vulnerability
21 11월 2017 USN-3454-1   libffi vulnerability
21 11월 2017 USN-3444-2   Linux kernel (Xenial HWE) vulnerabilities
21 11월 2017 USN-3441-1   curl vulnerabilities
21 11월 2017 USN-3437-1   OCaml vulnerability
21 11월 2017 USN-3434-1   Libidn vulnerability
21 11월 2017 USN-3432-1   ca-certificates update
21 11월 2017 USN-3424-1   libxml2 vulnerabilities
21 11월 2017 USN-3387-1   Git vulnerability
16 11월 2017 CVE-2017-8031   UAA Denial of Service through client token revocation endpoint
15 11월 2017 CVE-2017-14388   GrootFS doesn’t validate DiffIDs
11 10월 2017 CVE-2017-8048   Cloud Controller API regression
10 10월 2017 CVE-2017-8047   Cloud Foundry router open redirect
28 9월 2017 USN-3420-2   Linux kernel (Xenial HWE) vulnerabilities
28 9월 2017 USN-3418-1   GDK-PixBuf vulnerabilities
28 9월 2017 USN-3415-1   tcpdump vulnerabilities
28 9월 2017 USN-3411-1   Bazaar vulnerability
28 9월 2017 USN-3410-1   GD library vulnerability
28 9월 2017 USN-3405-2   Linux kernel (Xenial HWE) vulnerabilities
28 9월 2017 USN-3398-1   graphite2 vulnerabilities
08 9월 2017 CVE-2017-9805   Apache Struts Remote Code Execution
28 8월 2017 USN-3392-2   Linux kernel (Xenial HWE) regression
21 8월 2017 USN-3385-2   Linux kernel (Xenial HWE) vulnerabilities
14 8월 2017 USN-3378-2   Linux kernel (Xenial HWE) vulnerabilities
14 8월 2017 USN-3367-1   gdb vulnerabilities
14 8월 2017 USN-3364-2   Linux kernel (Xenial HWE) vulnerabilities
14 8월 2017 USN-3363-2   ImageMagick regression References
14 8월 2017 USN-3363-1   ImageMagick vulnerabilities
14 8월 2017 USN-3356-1   Expat vulnerability
14 8월 2017 USN-3353-1   Heimdal vulnerability
14 8월 2017 USN-3349-1   NTP vulnerabilities
14 8월 2017 USN-3347-1   Libgcrypt vulnerabilities
14 8월 2017 USN-3346-1   bind9 vulnerabilities
14 8월 2017 USN-3344-2   Linux kernel (Xenial HWE) vulnerabilities
07 8월 2017 CVE-2017-8037   Incomplete fix for Cloud Controller API access to CC VM contents
02 8월 2017 CVE-2017-9022/CVE-2017-9023   strongSwan DOS Vulnerabilities
01 8월 2017 CVE-2017-8038   Credentials readable from CredHub endpoint
25 7월 2017 CVE-2017-8036   Cloud Controller API regression
25 7월 2017 CVE-2017-8035   Cloud Controller API access to CC VM contents
25 7월 2017 CVE-2017-8033   Cloud Controller API filesystem traversal vulnerability
24 7월 2017 CVE-2017-8032   UAA Identity Zone Admin Privilege Escalation
05 7월 2017 CVE-2017-7485   PostgreSQL vulnerabilities
26 6월 2017 CVE-2017-5946   Directory Traversal in Rubyzip
26 6월 2017 USN-3334-1   Linux kernel (Xenial HWE) vulnerabilities
26 6월 2017 USN-3323-1   GNU C Library vulnerability
26 6월 2017 USN-3318-1   GnuTLS vulnerabilities
26 6월 2017 USN-3312-2   Linux kernel (Xenial HWE) vulnerabilities
26 6월 2017 USN-3311-1   libnl vulnerability
26 6월 2017 USN-3309-1   Libtasn1 vulnerability
26 6월 2017 USN-3302-1   ImageMagick vulnerabilities
26 6월 2017 USN-3212-2   LibTIFF regression
22 6월 2017 USN-3304-1   Sudo vulnerability
08 6월 2017 CVE-2017-4994   Forwarded Headers in UAA
08 6월 2017 USN-3295-1   JasPer vulnerabilities
08 6월 2017 USN-3294-1   Bash vulnerabilities
08 6월 2017 USN-3291-3   Linux kernel (Xenial HWE) vulnerabilities
08 6월 2017 USN-3287-1   Git vulnerability
08 6월 2017 USN-3283-1   rtmpdump vulnerabilities
08 6월 2017 USN-3282-1   FreeType vulnerabilities
08 6월 2017 USN-3276-2   shadow regression
08 6월 2017 USN-3263-1   FreeType vulnerability
08 6월 2017 USN-3259-1   Bind vulnerabilities
08 6월 2017 USN-3246-1   Eject vulnerability
08 6월 2017 USN-3181-1   OpenSSL vulnerabilities
19 5월 2017 CVE-2017-4992   Privilege escalation with user invitations
19 5월 2017 CVE-2017-4991   UAA password reset vulnerability
02 5월 2017 USN-3265-2   Linux kernel (Xenial HWE) vulnerabilities
01 5월 2017 CVE-2017-4974   Blind SQL Injection with privileged UAA endpoints
20 4월 2017 CVE-2015-3281   HAProxy vulnerabilities
20 4월 2017 CVE-2017-4973   Privilege Escalation in UAA
20 4월 2017 CVE-2017-4972   Blind SQL Injection in UAA
13 4월 2017 CVE-2017-4969   Bug in CC allows users to exceed quotas
12 4월 2017 USN-3256-2   Linux kernel (HWE) vulnerability
10 4월 2017 CVE-2017-4970   Staticfile buildpack ignores basic authentication when misconfigured
06 4월 2017 USN-3243-1   Git vulnerability
06 4월 2017 USN-3241-1   audiofile vulnerabilities
06 4월 2017 USN-3239-2   GNU C Library Regression
06 4월 2017 USN-3237-1   FreeType vulnerability
06 4월 2017 USN-3235-1   libxml2 vulnerabilities
06 4월 2017 USN-3232-1   ImageMagick vulnerabilities
06 4월 2017 USN-3227-1   ICU vulnerabilities
06 4월 2017 USN-3225-1   libarchive vulnerabilities
06 4월 2017 USN-3183-2   GnuTLS vulnerability
05 4월 2017 CVE-2017-5649   Apache Geode privilege escalation vulnerability
04 4월 2017 USN-3201-1   Bind vulnerabilities
04 4월 2017 USN-3234-2   Linux kernel (Xenial HWE) vulnerabilities
04 4월 2017 USN-3228-1   libevent vulnerabilities
04 4월 2017 USN-3247-1   AppArmor vulnerability
04 4월 2017 USN-3249-2   Linux kernel (Xenial HWE) vulnerability
31 3월 2017 USN-3222-1   ImageMagick vulnerabilities
31 3월 2017 USN-3213-1   GD library vulnerabilities
31 3월 2017 USN-3212-1   LibTIFF vulnerabilities
31 3월 2017 USN-3205-1   tcpdump vulnerabilities
31 3월 2017 USN-3142-2   ImageMagick vulnerabilities
29 3월 2017 CVE-2017-4963   Session Fixation for UAA External Authentication
17 3월 2017 USN-3196-1   Multiple PHP vulnerabilities
17 3월 2017 USN-3185-1   libXpm vulnerability
17 3월 2017 USN-3193-1   Nettle vulnerability
17 3월 2017 USN-3183-1   GnuTLS vulnerabilities
14 3월 2017 USN-3189-2   Linux kernel (Xenial HWE) vulnerabilities
14 3월 2017 CVE-2017-5638   Apache Struts Remote Code Execution
13 3월 2017 USN-3220-2   Linux kernel (Xenial HWE) vulnerability
09 3월 2017 CVE-2017-4960   UAA OAuth DOS via lockout feature
01 3월 2017 USN-3208-2   Linux kernel (Xenial HWE) vulnerabilities
31 1월 2017 USN-3172-1   Bind vulnerabilities
31 1월 2017 USN-3169-2   Linux kernel (Xenial HWE) vulnerabilities
31 1월 2017 USN-3161-2   Linux kernel (Xenial HWE) vulnerabilities
23 1월 2017 CVE-2016-6660   Cloud Controller logs application environment variables
19 1월 2017 USN-3024-1   tomcat6, tomcat7 vulnerabilities
12 1월 2017 RunC Exec   RunC Exec Vulnerability
10 1월 2017 CVE-2016-9882   Cloud Foundry Logs Service Credentials
29 12월 2016 CVE-2016-3958 and CVE-2016-3959   Golang vulnerabilities
27 12월 2016 USN-3146-2   Linux kernel (Xenial HWE) vulnerabilities
27 12월 2016 USN-3128-2   Linux kernel (Xenial HWE) vulnerability
27 12월 2016 USN-3142-1   ImageMagick vulnerabilities
19 12월 2016 CVE-2016-8219   Space Auditor can restage apps
21 12월 2016 Multiple CVEs   httpoxy vulnerabilities
20 12월 2016 USN-3156-1   APT vulnerability
19 12월 2016 USN-3131-1   ImageMagick vulnerabilities
19 12월 2016 USN-3067-1   HarfBuzz vulnerabilities
19 12월 2016 USN-3117-1   GD library vulnerabilities
14 12월 2016 USN-3132-1   tar vulnerability
14 12월 2016 USN-3134-1   Python vulnerabilities
14 12월 2016 USN-3139-1   Vim vulnerability
14 12월 2016 CVE-2016-6659   UAA Privilege Escalation
14 12월 2016 USN-3116-1   DBus vulnerabilities
14 12월 2016 USN-3119-1   Bind vulnerability
13 12월 2016 USN-3123-1   curl vulnerabilities
13 12월 2016 USN-3088-1   Bind vulnerability
09 12월 2016 CVE-2016-8218   Unauthenticated JWT signing algorithm in routing
07 12월 2016 USN-3151-2   Linux kernel (Xenial HWE) vulnerability
17 11월 2016 CVE-2016-6663/CVE-2016-6664   MariaDB Root Privilege Escalation
17 11월 2016 Several   PCRE vulnerabilities prior to version 8.39
07 11월 2016 USN-3096-1   NTP vulnerabilities
07 11월 2016 USN-3095-1   PHP vulnerabilities
02 11월 2016 CVE-2016-6658   Incomplete fix for Credential Vulnerability for Custom Buildpacks
21 10월 2016 CVE-2016-5195   Linux kernel vulnerability
17 10월 2016 CVE-2016-6655   Utility Script Command Injection
17 10월 2016 USN-3099-2   Linux kernel vulnerabilities
29 9월 2016 CVE-2016-6653   MySQL Audit logs sent to Syslog
28 9월 2016 USN-3087-2   OpenSSL Regression
28 9월 2016 USN-3083-1   Linux kernel vulnerabilities
28 9월 2016 USN-3068-1   Libidn vulnerabilities
28 9월 2016 CVE-2016-6662   Multiple MySQL Vulnerabilities
28 9월 2016 USN-3085-1   GDK-PixBuf vulnerabilities
26 9월 2016 CVE-2016-6651   Privilege Escalation in UAA
26 9월 2016 CVE-2016-6636   UAA Open Redirect Vulnerability for Subdomains
26 9월 2016 CVE-2016-6637   UAA CSRF Vulnerability for OAuth Approvals
21 9월 2016 CVE-2014-9130   LibYAML vulnerability
09 9월 2016 CVE-2016-6639   PHP Buildpack exposes .profile file
09 9월 2016 USN-3045-1   PHP vulnerabilities
25 8월 2016 USN-3065-1   Libgcrypt vulnerability
25 8월 2016 USN-3064-1   GnuPG vulnerability
25 8월 2016 USN-3063-1   Fontconfig vulnerability
25 8월 2016 USN-3061-1   OpenSSH vulnerability
25 8월 2016 USN-3030-1/USN-3060-1   GD library vulnerability
25 8월 2016 USN-3053-1/USN-3037-1   Linux kernel (Vivid HWE) vulnerability
25 8월 2016 USN-3048-1   curl vulnerability
25 8월 2016 USN-3033-1   libarchive vulnerability
18 8월 2016 CVE-2016-5016   UAA accepts expired certificates
26 7월 2016 CVE-2016-5006   Cloud Controller API logs user-provided service credentials
13 7월 2016 USN-3010-1   Expat vulnerabilities
13 7월 2016 CVE-2016-4450   Nginx Vulnerabilities
13 7월 2016 USN-3012-1   Wget vulnerability
01 7월 2016 USN-3020-1   Linux kernel (Vivid HWE) vulnerabilities
30 6월 2016 CVE-2016-4468   UAA SQL Injection
15 6월 2016 USN-3001-1   Linux kernel (Vivid HWE) vulnerabilities
13 6월 2016 CVE-2016-4435   BOSH Agent Anonymous Endpoint
13 6월 2016 USN-2994-1   libxml2 vulnerabilities
13 6월 2016 USN-2991-1   nginx vulnerability
13 6월 2016 USN-2990-1   ImageMagick vulnerability (a.k.a. ImageTragick)
13 6월 2016 USN-2987-1   GD library vulnerabilities
13 6월 2016 USN-2985-2   GNU C Library regression
13 6월 2016 USN-2983-1   Expat vulnerability
13 6월 2016 USN-2981-1   libarchive vulnerabilities
13 6월 2016 USN-2966-1   OpenSSH vulnerabilities
13 6월 2016 USN-2961-1   Little CMS vulnerability
08 6월 2016 CVE-2013-7456   PHP vulnerabilities
03 6월 2016 USN-2970-1   Linux kernel (Vivid HWE) vulnerabilities
23 5월 2016 CVE-2016-3084   UAA Password Reset Vulnerability
19 5월 2016 USN-2977-1   Linux kernel (Vivid HWE) vulnerabilities
17 5월 2016 CVE-2016-3091   Diego log encoding vulnerability
06 5월 2016 USN-2959-1   OpenSSL vulnerabilities
06 5월 2016 USN-2957-1   Libtasn1 vulnerability
06 5월 2016 USN-2949-1   Linux kernel (Vivid HWE) vulnerabilities
06 5월 2016 USN-2943-1   PCRE vulnerabilities
06 5월 2016 USN-2935-2   PAM regression
02 5월 2016 CVE-2015-5170-5173   UAA Vulnerabilities
14 4월 2016 Badlock bug   Samba and Windows Vulnerabilities
24 3월 2016 USN-2939-1   LibTIFF vulnerabilities
24 3월 2016 USN-2927-1   Graphite2 vulnerabilities
24 3월 2016 USN-2925-1   Bind9 vulnerabilities
24 3월 2016 USN-2919-1   JasPer vulnerabilities
24 3월 2016 USN-2918-1   Pixman vulnerabilities
24 3월 2016 USN-2916-1   Perl vulnerabilities
24 3월 2016 USN-2914-1   OpenSSL vulnerabilities
24 3월 2016 NPM Ownership Issue   Warning about NPM modules
24 3월 2016 USN-2938-1   Git vulnerabilities
16 3월 2016 USN-2932-1   Linux kernel vulnerabilities
02 3월 2016 CVE-2016-0800   OpenSSL vulnerabilities
26 2월 2016 USN-2910-1   Linux kernel vulnerability
26 2월 2016 CVE-2016-0761   Docker Image Host Files Corruption
19 2월 2016 USN-2900-1   GNU libc vulnerability
02 2월 2016 CVE-2016-0732   Privilege Escalation
01 2월 2016 CVE-2016-0713   Gorouter XSS
22 1월 2016 USN-2871-1   Linux kernel vulnerability
20 1월 2016 CVE-2016-0715   Remote Information Disclosure
19 1월 2016 USN-2865-1   GnuTLS vulnerability
19 1월 2016 USN-2861-1   libpng vulnerability
19 1월 2016 USN-2868-1   DHCP vulnerability
19 1월 2016 USN-2869-1   OpenSSH vulnerability
18 1월 2016 CVE-2016-0708   Remote Information Disclosure
07 1월 2016 USN-2857-1   Linux kernel vulnerability
07 1월 2016 USN-2842-1/USN-2842-2   Linux kernel vulnerability
07 1월 2016 USN-2837-1   bind9 vulnerability
07 1월 2016 USN-2836-1   grub2 vulnerability
07 1월 2016 USN-2835-1   git vulnerability
07 1월 2016 USN-2834-1   libxml2 vulnerability
07 1월 2016 USN-2830-1   OpenSSL vulnerability
07 1월 2016 USN-2829-1   Linux kernel vulnerability
15 12월 2015 CVE-2015-5350   Garden Nstar vulnerability
04 12월 2015 USN-2821-1   GnuTLS vulnerability
04 12월 2015 USN-2820-1   dpkg vulnerability
02 12월 2015 USN-2815-1   PNG vulnerability
02 12월 2015 USN-2812-1   libxml2 vulnerability
02 12월 2015 USN-2810-1   Kerberos vulnerability
02 12월 2015 USN-2787-1   audiofile vulnerability
24 11월 2015 USN-2788-1/2788-2   unzip vulnerability
12 11월 2015 USN-2798-1   Linux kernel vulnerability
12 11월 2015 USN-2806-1   Linux kernel vulnerability
03 11월 2015 USN-2778-1   Linux kernel vulnerabilities
03 11월 2015 USN-2767-1   GDK-Pixbuf library vulnerability
07 10월 2015 Golang   Golang 1.4.3 CVE Fixes
07 10월 2015 USN-2722-1   GDK-PixBuf Vulnerabilities
07 10월 2015 USN-2711-1   Net-SNMP Vulnerabilities
07 10월 2015 USN-2739-1   FreeType Vulnerabilities
07 10월 2015 USN-2740-1   ICU Vulnerabilities
07 10월 2015 USN-2751-1   Linux Kernel (Vivid HWE) Vulnerability
07 10월 2015 USN-2756-1   rpcbind Vulnerability
07 10월 2015 USN-2765-1   Linux Kernel (Vivid HWE) Vulnerability
08 9월 2015 USN-2710-1   OpenSSH Vulnerabilities
08 9월 2015 USN-2698-1   SQLite Vulnerabilities
08 9월 2015 USN-2694-1   PCRE Vulnerabilities
08 9월 2015 USN-2718-1   Address Configuration Change Vulnerabilities
06 8월 2015 USN-2696-1   OpenJDK 7 Vulnerabilities
29 7월 2015 CVE-2015-3290   Linux Kernel NMI Vulnerability
10 7월 2015 CVE-2015-1420   file_handle size verification
06 7월 2015 CVE-2015-1330   Unattended-Upgrades Vulnerability
25 6월 2015 CVE-2015-3189   Expire old reset password links
25 6월 2015 CVE-2015-3190   Open redirect on Login
25 6월 2015 CVE-2015-3191   CSRF attack on change email
12 6월 2015 USN-2639-1   OpenSSL vulnerabilities
12 6월 2015 CVE-2015-3636   ipv4 use-after-free
17 6월 2015 CVE-2015-1328   overlayfs privilege escalation
09 6월 2015 Redis LUA Sandbox   Redis LUA Exploit
22 5월 2015 CVE-2015-1834   Path Traversal Vulnerability
22 5월 2015 USN-2617-1   FUSE Vulnerability
30 4월 2015 CVE-2015-1855   Ruby OpenSSL Hostname Verification
23 3월 2015 CVE-2015-0282   Multiple GnuTLS Vulnerabilities
21 3월 2015 USN-2537-1   OpenSSL vulnerabilities
13 3월 2015 CVE-2014-8159   Linux Kernel Infiniband Vulnerability
09 2월 2015 CVE-2014-0227   Apache Tomcat Request Smuggling
28 1월 2015 CVE-2015-0235   GHOST
10 9월 2014 CVE-2013-4444   Remote Code Execution in Apache Tomcat
16 10월 2014 CVE-2014-3566   SSLV3 POODLE
29 9월 2014 CVE-2014-7186   Bash Out-of Bonds
25 9월 2014 CVE-2014-6271   Bash - ShellShock
19 9월 2014 CVE-2014-5119   glib_gconv_translit_find() exploit
18 8월 2014 CVE-2014-3153   Futex requeue exploit
05 6월 2014 CVE-2014-0224   SSL/TLS MITM Vulnerability
10 4월 2014 CVE-2014-0160   Heartbleed
모두 보기



Thanks

Reports of vulnerabilities in VMware Tanzu products are listed in the credit section of the associated security announcement.