Notable vulnerabilities in Tanzu product dependencies

This page lists USNs. Advisories pertaining to open source projects sponsored by VMware—apart from Spring—may be found in their GitHub repositories. Spring advisories can be found on the Spring Security Advisories page.

This page also lists legacy Tanzu vulnerability reports. Starting in 2021, advisories documenting security vulnerabilities in Tanzu products are continued on the VMware Security Advisories page. Information regarding open source vulnerabilities that are addressed in Tanzu products is present in the release notes of Tanzu products.


Reporting a vulnerability

The VMware Security Response team provides a single point of contact for the reporting of security vulnerabilities in Tanzu products and coordinates the process of investigating any reported vulnerabilities.

To report a security vulnerability in a VMware service or product please refer to the VMware Security Response Policy.



Notable vulnerabilities in dependencies

Date   CVE Reference   Description
04 Dec 2023 USN-6165-2   GLib vulnerabilities
04 Dec 2023 USN-6288-2   MySQL vulnerability
04 Dec 2023 USN-6390-1   Bind vulnerabilities
04 Dec 2023 USN-6394-2   Python vulnerability
04 Dec 2023 USN-6400-1   Python vulnerability
04 Dec 2023 USN-6403-2   libvpx vulnerabilities
04 Dec 2023 USN-6403-3   libvpx vulnerabilities
04 Dec 2023 USN-6407-2   libx11 vulnerabilities
04 Dec 2023 USN-6408-2   libXpm vulnerabilities
04 Dec 2023 USN-6413-1   GNU binutils vulnerabilities
04 Dec 2023 USN-6420-1   Vim vulnerabilities
04 Dec 2023 USN-6421-1   Bind vulnerability
04 Dec 2023 USN-6428-1   LibTIFF vulnerability
04 Dec 2023 USN-6429-2   curl vulnerability
04 Dec 2023 USN-6430-1   FFmpeg vulnerabilities
04 Dec 2023 USN-6452-1   Vim vulnerabilities
04 Dec 2023 USN-6459-1   MySQL vulnerabilities
04 Dec 2023 USN-6467-1   Kerberos vulnerability
04 Dec 2023 USN-6473-2   pip vulnerabilities
04 Dec 2023 USN-6485-1   Intel Microcode vulnerability
18 Oct 2023 USN-6183-2   Bind vulnerability
18 Oct 2023 USN-6237-3   curl vulnerabilities
18 Oct 2023 USN-6242-2   OpenSSH vulnerability
18 Oct 2023 USN-6258-1   LLVM Toolchain vulnerabilities
18 Oct 2023 USN-6270-1   Vim vulnerabilities
18 Oct 2023 USN-6279-1   OpenSSH update
18 Oct 2023 USN-6286-1   Intel Microcode vulnerabilities
18 Oct 2023 USN-6288-1   MySQL vulnerabilities
18 Oct 2023 USN-6290-1   LibTIFF vulnerabilities
18 Oct 2023 USN-6302-1   Vim vulnerabilities
18 Oct 2023 USN-6310-1   json-c vulnerability
18 Oct 2023 USN-6319-1   AMD Microcode vulnerability
18 Oct 2023 USN-6322-1   elfutils vulnerabilities
18 Oct 2023 USN-6425-1   Samba vulnerabilities
18 Oct 2023 USN-6408-1   libXpm vulnerabilities
18 Oct 2023 USN-6407-1   libx11 vulnerabilities
18 Oct 2023 USN-6403-1   libvpx vulnerabilities
18 Oct 2023 USN-6394-1   Python vulnerability
18 Oct 2023 USN-6393-1   ImageMagick vulnerability
18 Oct 2023 USN-6381-1   GNU binutils vulnerabilities
18 Oct 2023 USN-6372-1   DBus vulnerability
18 Oct 2023 USN-6369-2   libwebp vulnerability
18 Oct 2023 USN-6369-1   libwebp vulnerability
18 Oct 2023 USN-6366-1   PostgreSQL vulnerability
18 Oct 2023 USN-6360-2   FLAC vulnerability
18 Oct 2023 USN-6360-1   FLAC vulnerability
18 Oct 2023 USN-6359-1   file vulnerability
18 Oct 2023 USN-6354-1   Python vulnerability
18 Oct 2023 USN-6335-1   BusyBox vulnerabilities
17 Oct 2023 USN-6219-1   Ruby vulnerabilities
17 Oct 2023 USN-6229-1   LibTIFF vulnerabilities
01 Sep 2023 USN-6112-1   Perl vulnerability
01 Sep 2023 USN-6119-1   OpenSSL vulnerabilities
01 Sep 2023 USN-6139-1   Python vulnerability
01 Sep 2023 USN-6142-1   nghttp2 vulnerability
01 Sep 2023 USN-6238-1   Samba vulnerabilities
01 Sep 2023 USN-6266-1   librsvg vulnerability
02 Aug 2023 USN-5971-1   Graphviz vulnerabilities
02 Aug 2023 USN-6101-1   GNU binutils vulnerabilities
02 Aug 2023 USN-6104-1   PostgreSQL vulnerabilities
02 Aug 2023 USN-6105-1   ca-certificates update
02 Aug 2023 USN-6145-1   Sysstat vulnerabilities
02 Aug 2023 USN-6154-1   Vim vulnerabilities
02 Aug 2023 USN-6165-1   GLib vulnerabilities
02 Aug 2023 USN-6166-1   libcap2 vulnerabilities
02 Aug 2023 USN-6166-2   libcap2 vulnerability
02 Aug 2023 USN-6168-1   libx11 vulnerability
02 Aug 2023 USN-6168-2   libx11 vulnerability
02 Aug 2023 USN-6183-1   Bind vulnerabilities
02 Aug 2023 USN-6195-1   Vim vulnerabilities
02 Aug 2023 USN-6197-1   OpenLDAP vulnerability
02 Aug 2023 USN-6230-1   PostgreSQL vulnerability
02 Aug 2023 USN-6244-1   AMD Microcode vulnerability
29 Jun 2023 USN-6188-1   OpenSSL vulnerability
29 Jun 2023 USN-5828-1   Kerberos vulnerabilities
29 Jun 2023 USN-6099-1   ncurses vulnerabilities
29 Jun 2023 USN-6055-2   Ruby regression
29 Jun 2023 USN-6060-1   MySQL vulnerabilities
29 Jun 2023 USN-5964-1   curl vulnerabilities
29 Jun 2023 USN-5964-2   curl vulnerabilities
29 Jun 2023 USN-6062-1   FreeType vulnerability
29 Jun 2023 USN-6087-1   Ruby vulnerabilities
29 Jun 2023 USN-6078-1   libwebp vulnerability
29 Jun 2023 USN-6050-2   Git vulnerability
29 Jun 2023 USN-6167-1   QEMU vulnerabilities
29 Jun 2023 USN-6155-2   Requests vulnerability
29 Jun 2023 USN-6105-2   ca-certificates update
29 Jun 2023 USN-6026-1   Vim vulnerabilities
29 Jun 2023 USN-6138-1   libssh vulnerabilities
29 Jun 2023 USN-6050-1   Git vulnerabilities
29 Jun 2023 USN-6155-1   Requests vulnerability
29 Jun 2023 USN-6005-1   Sudo vulnerabilities
29 Jun 2023 USN-6005-2   Sudo vulnerabilities
29 Jun 2023 USN-6157-1   GlusterFS vulnerability
29 Jun 2023 USN-5960-1   Python vulnerability
29 Jun 2023 USN-6060-3   MySQL regression
29 Jun 2023 USN-6060-2   MySQL vulnerabilities
29 Jun 2023 USN-6112-2   Perl vulnerability
29 Jun 2023 USN-6055-1   Ruby vulnerabilities
22 May 2023 USN-6042-1   Cloud-init vulnerability
22 May 2023 USN-5686-4   Git vulnerability
22 May 2023 USN-5761-1   ca-certificates update
22 May 2023 USN-5761-2   ca-certificates update
22 May 2023 USN-5767-3   Python vulnerability
22 May 2023 USN-5800-1   Heimdal vulnerabilities
22 May 2023 USN-5807-2   libXpm vulnerabilities
22 May 2023 USN-5810-2   Git regression
22 May 2023 USN-5810-3   Git vulnerabilities
22 May 2023 USN-5811-2   Sudo vulnerability
22 May 2023 USN-5817-1   Setuptools vulnerability
22 May 2023 USN-5821-3   pip regression
22 May 2023 USN-5823-2   MySQL vulnerability
22 May 2023 USN-5825-1   PAM vulnerability
22 May 2023 USN-5825-2   PAM regressions
22 May 2023 USN-5836-1   Vim vulnerabilities
22 May 2023 USN-5841-1   LibTIFF vulnerabilities
22 May 2023 USN-5844-1   OpenSSL vulnerabilities
22 May 2023 USN-5845-1   OpenSSL vulnerabilities
22 May 2023 USN-5845-2   OpenSSL vulnerabilities
22 May 2023 USN-5849-1   Heimdal vulnerabilities
22 May 2023 USN-5855-1   ImageMagick vulnerabilities
22 May 2023 USN-5855-2   ImageMagick vulnerabilities
22 May 2023 USN-5855-3   ImageMagick regression
22 May 2023 USN-5870-1   apr-util vulnerability
22 May 2023 USN-5871-1   Git vulnerabilities
22 May 2023 USN-5871-2   Git regression
22 May 2023 USN-5872-1   NSS vulnerabilities
22 May 2023 USN-5885-1   APR vulnerability
22 May 2023 USN-5886-1   Intel Microcode vulnerabilities
22 May 2023 USN-5891-1   curl vulnerabilities
22 May 2023 USN-5892-2   NSS vulnerability
22 May 2023 USN-5894-1   curl vulnerabilities
22 May 2023 USN-5900-1   tar vulnerability
22 May 2023 USN-5901-1   GnuTLS vulnerability
22 May 2023 USN-5906-1   PostgreSQL vulnerability
22 May 2023 USN-5908-1   Sudo vulnerability
22 May 2023 USN-5921-1   rsync vulnerabilities
22 May 2023 USN-5922-1   FriBidi vulnerabilities
22 May 2023 USN-5923-1   LibTIFF vulnerabilities
22 May 2023 USN-5928-1   systemd vulnerabilities
22 May 2023 USN-5952-1   OpenJPEG vulnerabilities
22 May 2023 USN-5959-1   Kerberos vulnerabilities
22 May 2023 USN-5963-1   Vim vulnerabilities
22 May 2023 USN-5993-1   Samba vulnerabilities
22 May 2023 USN-5995-1   Vim vulnerabilities
22 May 2023 USN-6028-1   libxml2 vulnerabilities
22 May 2023 USN-6039-1   OpenSSL vulnerabilities
22 May 2023 USN-5810-1   Git vulnerabilities
22 May 2023 USN-5821-4   pip regression
22 May 2023 USN-5823-1   MySQL vulnerabilities
11 May 2023 USN-5762-1   GNU binutils vulnerability
11 May 2023 USN-5766-1   Heimdal vulnerability
11 May 2023 USN-5767-2   Python vulnerability
11 May 2023 USN-5768-1   GNU C Library vulnerabilities
11 May 2023 USN-5770-1   GCC vulnerability
11 May 2023 USN-5775-1   Vim vulnerabilities
11 May 2023 USN-5788-1   curl vulnerabilities
13 Apr 2023 USN-5767-1   Python vulnerabilities
13 Apr 2023 USN-5772-1   QEMU vulnerabilities
13 Apr 2023 USN-5787-1   Libksba vulnerability
13 Apr 2023 USN-5787-2   Libksba vulnerability
13 Apr 2023 USN-5795-2   Net-SNMP vulnerabilities
13 Apr 2023 USN-5801-1   Vim vulnerabilities
13 Apr 2023 USN-5806-2   Ruby vulnerability
13 Apr 2023 USN-5807-1   libXpm vulnerabilities
13 Apr 2023 USN-5811-1   Sudo vulnerabilities
13 Apr 2023 USN-5821-1   wheel vulnerability
12 Apr 2023 USN-5765-1   PostgreSQL vulnerability
02 Mar 2023 USN-5760-1   libxml2 vulnerabilities
02 Mar 2023 USN-5760-2   libxml2 vulnerabilities
08 Dec 2022 USN-5402-1   OpenSSL vulnerabilities
08 Dec 2022 USN-5403-1   SQLite vulnerability
08 Dec 2022 USN-5412-1   curl vulnerabilities
08 Dec 2022 USN-5431-1   GnuPG vulnerability
08 Dec 2022 USN-5440-1   PostgreSQL vulnerability
08 Dec 2022 USN-5445-1   Subversion vulnerabilities
08 Dec 2022 USN-5456-1   ImageMagick vulnerability
08 Dec 2022 USN-5462-1   Ruby vulnerabilities
08 Dec 2022 USN-5495-1   curl vulnerabilities
08 Dec 2022 USN-5502-1   OpenSSL vulnerability
08 Dec 2022 USN-5503-1   GnuPG vulnerability
08 Dec 2022 USN-5472-1   FFmpeg vulnerabilities
08 Dec 2022 USN-5355-1   zlib vulnerability
08 Dec 2022 USN-5359-1   rsync vulnerability
08 Dec 2022 USN-5371-3   nginx vulnerability
08 Dec 2022 USN-5376-1   Git vulnerability
08 Dec 2022 USN-5376-3   Git regression
08 Dec 2022 USN-5378-1   Gzip vulnerability
08 Dec 2022 USN-5378-2   XZ Utils vulnerability
08 Dec 2022 USN-5397-1   curl vulnerabilities
08 Dec 2022 USN-5400-2   MySQL vulnerabilities
08 Dec 2022 USN-5424-1   OpenLDAP vulnerability
08 Dec 2022 USN-5446-1   dpkg vulnerability
08 Dec 2022 USN-5488-1   OpenSSL vulnerability
08 Dec 2022 USN-5523-1   LibTIFF vulnerabilities
08 Dec 2022 USN-5537-1   MySQL vulnerabilities
08 Dec 2022 USN-5537-2   MySQL vulnerability
08 Dec 2022 USN-5553-1   libjpeg-turbo vulnerabilities
08 Dec 2022 USN-5593-1   Zstandard vulnerability
08 Dec 2022 USN-5604-1   LibTIFF vulnerabilities
08 Dec 2022 USN-5637-1   libvpx vulnerability
08 Dec 2022 USN-5688-1   Libksba vulnerability
08 Dec 2022 USN-5690-1   libXdmcp vulnerability
08 Dec 2022 USN-5696-1   MySQL vulnerabilities
08 Dec 2022 USN-5705-1   LibTIFF vulnerabilities
08 Dec 2022 USN-5722-1   nginx vulnerabilities
08 Dec 2022 USN-5743-1   LibTIFF vulnerability
25 Jul 2022 USN-5179-2   BusyBox vulnerability
25 Jul 2022 USN-5244-2   DBus vulnerability
25 Jul 2022 USN-5259-2   Cron vulnerabilities
25 Jul 2022 USN-5259-3   Cron regression
25 Jul 2022 USN-5331-2   tcpdump vulnerabilities
25 Jul 2022 USN-5349-1   GNU binutils vulnerability
25 Jul 2022 USN-5352-1   Libtasn1 vulnerability
25 Jul 2022 USN-5357-1   Linux kernel vulnerability
25 Jul 2022 USN-5359-2   rsync vulnerability
25 Jul 2022 USN-5361-1   Linux kernel vulnerabilities
25 Jul 2022 USN-5366-1   FriBidi vulnerabilities
25 Jul 2022 USN-5371-1   nginx vulnerabilities
25 Jul 2022 USN-5378-3   XZ Utils vulnerability
25 Jul 2022 USN-5378-4   Gzip vulnerability
25 Jul 2022 USN-5379-1   klibc vulnerabilities
25 Jul 2022 USN-5389-1   Libcroco vulnerabilities
25 Jul 2022 USN-5402-2   OpenSSL vulnerabilities
25 Jul 2022 USN-5419-1   Rsyslog vulnerabilities
25 Jul 2022 USN-5421-1   LibTIFF vulnerabilities
25 Jul 2022 USN-5432-1   libpng vulnerabilities
25 Jul 2022 USN-5433-1   Vim vulnerabilities
25 Jul 2022 USN-5448-1   ncurses vulnerabilities
25 Jul 2022 USN-5458-1   Vim vulnerabilities
25 Jul 2022 USN-5477-1   ncurses vulnerabilities
25 Jul 2022 USN-5478-1   util-linux vulnerability
12 May 2022 USN-5254-1   shadow vulnerabilities
12 May 2022 USN-5288-1   Expat vulnerabilities
12 May 2022 USN-5298-1   Linux kernel vulnerabilities
12 May 2022 USN-5299-1   Linux kernel vulnerabilities
12 May 2022 USN-5301-1   Cyrus SASL vulnerability
12 May 2022 USN-5319-1   Linux kernel vulnerabilities
12 May 2022 USN-5320-1   Expat vulnerabilities and regression
12 May 2022 USN-5324-1   libxml2 vulnerability
12 May 2022 USN-5328-1   OpenSSL vulnerability
12 May 2022 USN-5328-2   OpenSSL vulnerability
12 May 2022 USN-5329-1   tar vulnerability
12 May 2022 USN-5331-1   tcpdump vulnerabilities
12 May 2022 USN-5332-1   Bind vulnerabilities
12 May 2022 USN-5334-1   man-db vulnerability
12 May 2022 USN-5339-1   Linux kernel vulnerabilities
12 May 2022 USN-5341-1   GNU binutils vulnerabilities
12 May 2022 USN-5343-1   Linux kernel vulnerabilities
17 Mar 2022 USN-5021-2   curl vulnerability
17 Mar 2022 USN-5030-2   Perl DBI module vulnerabilities
17 Mar 2022 USN-5064-2   GNU cpio vulnerability
17 Mar 2022 USN-5158-1   ImageMagick vulnerabilities
17 Mar 2022 USN-5164-1   Linux kernel vulnerabilities
17 Mar 2022 USN-5174-1   Samba vulnerabilities
17 Mar 2022 USN-5174-2   Samba regression
17 Mar 2022 USN-5179-1   BusyBox vulnerabilities
17 Mar 2022 USN-5189-1   GLib vulnerability
17 Mar 2022 USN-5199-1   Python vulnerabilities
17 Mar 2022 USN-5209-1   Linux kernel vulnerabilities
17 Mar 2022 USN-5235-1   Ruby vulnerabilities
17 Mar 2022 USN-5244-1   DBus vulnerability
17 Mar 2022 USN-5247-1   Vim vulnerabilities
17 Mar 2022 USN-5259-1   Cron vulnerabilities
17 Mar 2022 USN-5260-2   Samba vulnerability
17 Mar 2022 USN-5262-1   GPT fdisk vulnerabilities
17 Mar 2022 USN-5268-1   Linux kernel vulnerabilities
17 Mar 2022 USN-5270-1   MySQL vulnerabilities
17 Mar 2022 USN-5270-2   MySQL vulnerabilities
17 Mar 2022 USN-5280-1   Speex vulnerability
25 Jan 2022 USN-5022-3   MySQL vulnerabilities
25 Jan 2022 USN-5076-1   Git vulnerability
25 Jan 2022 USN-5114-1   Linux kernel vulnerabilities
25 Jan 2022 USN-5123-1   MySQL vulnerabilities
25 Jan 2022 USN-5123-2   MySQL vulnerabilities
25 Jan 2022 USN-5124-1   GNU binutils vulnerabilities
25 Jan 2022 USN-5126-1   Bind vulnerability
25 Jan 2022 USN-5126-2   Bind vulnerability
25 Jan 2022 USN-5133-1   ICU vulnerability
25 Jan 2022 USN-5136-1   Linux kernel vulnerabilities
25 Jan 2022 USN-5144-1   OpenEXR vulnerability
25 Jan 2022 USN-5145-1   PostgreSQL vulnerabilities
25 Jan 2022 USN-5147-1   Vim vulnerabilities
25 Jan 2022 USN-5150-1   OpenEXR vulnerability
25 Jan 2022 USN-5168-3   NSS vulnerability
25 Jan 2022 USN-5168-4   NSS regression
09 Dec 2021 USN-5013-2   systemd vulnerabilities
09 Dec 2021 USN-5018-1   Linux kernel vulnerabilities
08 Dec 2021 USN-3809-2   OpenSSH regression
08 Dec 2021 USN-4336-2   GNU binutils vulnerabilities
08 Dec 2021 USN-4979-1   Linux kernel vulnerabilities
08 Dec 2021 USN-4985-1   Intel Microcode vulnerabilities
08 Dec 2021 USN-4991-1   libxml2 vulnerabilities
08 Dec 2021 USN-5003-1   Linux kernel vulnerabilities
08 Dec 2021 USN-5044-1   Linux kernel vulnerabilities
07 Dec 2021 USN-4898-1   curl vulnerabilities
07 Dec 2021 USN-4906-1   Nettle vulnerability
07 Dec 2021 USN-4916-1   Linux kernel vulnerabilities
07 Dec 2021 USN-4946-1   Linux kernel vulnerabilities
07 Dec 2021 USN-4954-1   GNU C Library vulnerabilities
07 Dec 2021 USN-4968-2   LZ4 vulnerability
07 Dec 2021 USN-4969-2   DHCP vulnerability
07 Dec 2021 USN-5051-1   OpenSSL vulnerabilities
07 Dec 2021 USN-5051-2   OpenSSL vulnerability
07 Dec 2021 USN-5051-3   OpenSSL vulnerability
07 Dec 2021 USN-5073-1   Linux kernel vulnerabilities
07 Dec 2021 USN-5079-1   curl vulnerabilities
07 Dec 2021 USN-5079-2   curl vulnerabilities
07 Dec 2021 USN-5079-3   curl vulnerabilities
07 Dec 2021 USN-5079-4   curl regression
07 Dec 2021 USN-5080-1   Libgcrypt vulnerabilities
07 Dec 2021 USN-5080-2   Libgcrypt vulnerabilities
07 Dec 2021 USN-5083-1   Python vulnerabilities
07 Dec 2021 USN-5086-1   Linux kernel vulnerability
07 Dec 2021 USN-5089-1   ca-certificates update
07 Dec 2021 USN-5093-1   Vim vulnerabilities
07 Dec 2021 USN-5094-1   Linux kernel vulnerabilities
07 Dec 2021 USN-5102-1   Mercurial vulnerabilities
07 Dec 2021 USN-5109-1   nginx vulnerability
04 Oct 2021 USN-5064-1   GNU cpio vulnerability
04 Oct 2021 USN-5068-1   GD library vulnerabilities
13 Sep 2021 USN-4719-1   ca-certificates update
13 Sep 2021 USN-4759-1   GLib vulnerabilities
13 Sep 2021 USN-4760-1   libzstd vulnerabilities
13 Sep 2021 USN-4761-1   Git vulnerability
13 Sep 2021 USN-4764-1   GLib vulnerability
13 Sep 2021 USN-4877-1   Linux kernel vulnerabilities
13 Sep 2021 USN-4882-1   Ruby vulnerabilities
13 Sep 2021 USN-4883-1   Linux kernel vulnerabilities
13 Sep 2021 USN-4890-1   Linux kernel vulnerabilities
13 Sep 2021 USN-4891-1   OpenSSL vulnerability
13 Sep 2021 USN-4900-1   OpenEXR vulnerabilities
13 Sep 2021 USN-4966-1   libx11 vulnerability
13 Sep 2021 USN-4968-1   LZ4 vulnerability
13 Sep 2021 USN-4969-1   DHCP vulnerability
13 Sep 2021 USN-4971-1   libwebp vulnerabilities
13 Sep 2021 USN-4988-1   ImageMagick vulnerabilities
13 Sep 2021 USN-4990-1   Nettle vulnerabilities
13 Sep 2021 USN-4996-1   OpenEXR vulnerabilities
13 Sep 2021 USN-5005-1   DjVuLibre vulnerability
13 Sep 2021 USN-5013-1   systemd vulnerabilities
13 Sep 2021 USN-5020-1   Ruby vulnerabilities
13 Sep 2021 USN-5021-1   curl vulnerabilities
15 Jun 2021 USN-4967-2   nginx vulnerability
15 Jun 2021 USN-4966-2   libx11 vulnerability
15 Jun 2021 USN-4957-1   DjVuLibre vulnerabilities
15 Jun 2021 USN-4938-1   Unbound vulnerabilities
15 Jun 2021 USN-4922-1   Ruby vulnerability
16 Apr 2021 USN-4738-1   OpenSSL vulnerabilities
16 Apr 2021 USN-4749-1   Linux kernel vulnerabilities
16 Apr 2021 USN-4754-1   Python vulnerabilities
16 Apr 2021 USN-4754-2   Python regression
16 Apr 2021 USN-4754-4   Python 2.7 vulnerability
16 Apr 2021 USN-4755-1   LibTIFF vulnerabilities
01 Mar 2021 USN-4489-1   Linux kernel vulnerability
01 Mar 2021 USN-4668-3   python-apt regression
01 Mar 2021 USN-4673-1   libproxy vulnerability
01 Mar 2021 USN-4676-1   OpenEXR vulnerabilities
01 Mar 2021 USN-4677-1   p11-kit vulnerabilities
01 Mar 2021 USN-4680-1   Linux kernel vulnerabilities
01 Mar 2021 USN-4692-1   tar vulnerabilities
01 Mar 2021 USN-4694-1   Linux kernel vulnerability
01 Mar 2021 USN-4700-1   PyXDG vulnerability
01 Mar 2021 USN-4705-1   Sudo vulnerabilities
13 Jan 2021 USN-4628-1   Intel Microcode vulnerabilities
13 Jan 2021 USN-4628-2   Intel Microcode regression
13 Jan 2021 USN-4635-1   Kerberos vulnerability
13 Jan 2021 USN-4660-1   Linux kernel vulnerabilities
13 Jan 2021 USN-4662-1   OpenSSL vulnerability
11 Dec 2020 USN-4309-1   Vim vulnerabilities
11 Dec 2020 USN-4359-1   APT vulnerability
11 Dec 2020 USN-4360-1   json-c vulnerability
11 Dec 2020 USN-4360-2   json-c regression
11 Dec 2020 USN-4416-1   GNU C Library vulnerabilities
11 Dec 2020 USN-4428-1   Python vulnerabilities
11 Dec 2020 USN-4613-1   python-cryptography vulnerability
11 Dec 2020 USN-4633-1   PostgreSQL vulnerabilities
20 Nov 2020 USN-4526-1   Linux kernel vulnerabilities
20 Nov 2020 USN-4578-1   Linux kernel vulnerabilities
20 Nov 2020 USN-4581-1   Python vulnerability
20 Nov 2020 USN-4582-1   Vim vulnerabilities
20 Nov 2020 USN-4591-1   Linux kernel vulnerabilities
20 Nov 2020 USN-4593-1   FreeType vulnerability
24 Sep 2020 USN-4457-1   Software Properties vulnerability
24 Sep 2020 USN-4466-1   curl vulnerability
28 Aug 2020 USN-4398-1   DBus vulnerability
28 Aug 2020 USN-4402-1   curl vulnerabilities
28 Aug 2020 USN-4414-1   Linux kernel vulnerabilities
30 Jul 2020 USN-3911-2   file regression
30 Jul 2020 USN-4360-4   json-c vulnerability
30 Jul 2020 USN-4376-1   OpenSSL vulnerabilities
30 Jul 2020 USN-4377-1   ca-certificates update
30 Jul 2020 USN-4385-1   Intel Microcode vulnerabilities
30 Jul 2020 USN-4385-2   Intel Microcode regression
30 Jul 2020 USN-4390-1   Linux kernel vulnerabilities
30 Jul 2020 USN-4394-1   SQLite vulnerabilities
14 May 2020 USN-4318-1   Linux kernel vulnerabilities
28 Apr 2020 USN-4345-1   Linux kernel vulnerabilities
23 Apr 2020 USN-4298-1   SQLite vulnerabilities
23 Apr 2020 USN-4302-1   Linux kernel vulnerabilities
23 Apr 2020 USN-4305-1   ICU vulnerability
21 Apr 2020 USN-4333-1   Python vulnerabilities
08 Apr 2020 USN-4292-1   rsync vulnerabilities
02 Mar 2020 USN-4293-1   libarchive vulnerabilities
18 Feb 2020 USN-4287-1   Linux kernel vulnerabilities
10 Feb 2020 USN-4274-1   libxml2 vulnerabilities
05 Feb 2020 USN-4269-1   systemd vulnerabilities
03 Feb 2020 USN-4263-1   Sudo vulnerability
28 Jan 2020 USN-4256-1   Cyrus SASL vulnerability
28 Jan 2020 USN-4255-2   Linux kernel (HWE) vulnerabilities
27 Jan 2020 USN-4252-1   tcpdump vulnerabilities
23 Jan 2020 USN-4249-1   e2fsprogs vulnerability
23 Jan 2020 USN-4233-2   GnuTLS update
22 Jan 2020 USN-4246-1   zlib vulnerabilities
22 Jan 2020 USN-4247-2   python-apt regression
22 Jan 2020 USN-4247-1   python-apt vulnerabilities
20 Jan 2020 USN-4243-1   libbsd vulnerabilities
20 Jan 2020 USN-4242-1   Sysstat vulnerabilities
19 Jan 2020 CVE-2020-0601   Windows Stemcells vulnerable to Windows CryptoAPI Spoofing Vulnerability
15 Jan 2020 USN-4210-1   Linux kernel vulnerabilities
15 Jan 2020 USN-4220-1   Git vulnerabilities
15 Jan 2020 USN-4182-3   Intel Microcode regression
15 Jan 2020 USN-4215-1   NSS vulnerability
15 Jan 2020 USN-4205-1   SQLite vulnerabilities
14 Jan 2020 USN-4236-2   Libgcrypt vulnerability
13 Jan 2020 USN-4235-1   nginx vulnerability
09 Jan 2020 USN-4233-1   GnuTLS update
08 Jan 2020 USN-4231-1   NSS vulnerability
07 Jan 2020 USN-4227-1   Linux kernel vulnerabilities
18 Dec 2019 USN-4199-1   libvpx vulnerabilities
18 Dec 2019 USN-4185-3   Linux kernel vulnerability and regression
18 Dec 2019 USN-4182-1   Intel Microcode update
18 Dec 2019 USN-4169-1   libarchive vulnerability
18 Dec 2019 USN-4203-1   NSS vulnerability
18 Dec 2019 USN-4172-1   file vulnerability
18 Dec 2019 USN-4176-1   GNU cpio vulnerability
18 Dec 2019 USN-4190-1   libjpeg-turbo vulnerabilities
18 Dec 2019 USN-4164-1   Libxslt vulnerabilities
18 Dec 2019 USN-4191-1   QEMU vulnerabilities
18 Dec 2019 USN-4162-1   Linux kernel vulnerabilities
18 Dec 2019 USN-4185-1   Linux kernel vulnerabilities
18 Dec 2019 USN-4194-1   postgresql-common vulnerability
11 Dec 2019 USN-4221-1   libpcap vulnerability
25 Nov 2019 CVE-2019-15587   Ops Manager contains a vulnerable Loofah gem
14 Nov 2019 USN-4019-1   SQLite vulnerabilities
14 Nov 2019 USN-4016-1   Vim vulnerabilities
14 Nov 2019 USN-3968-1   Sudo vulnerabilities
14 Nov 2019 USN-4012-1   elfutils vulnerabilities
14 Nov 2019 USN-3993-1   curl vulnerabilities
14 Nov 2019 USN-3885-2   OpenSSH vulnerability
14 Nov 2019 USN-4040-1   Expat vulnerability
14 Nov 2019 USN-3990-1   urllib3 vulnerabilities
14 Nov 2019 USN-3967-1   FFmpeg vulnerabilities
14 Nov 2019 USN-3999-1   GnuTLS vulnerabilities
14 Nov 2019 USN-4008-2   AppArmor update
14 Nov 2019 USN-4011-1   Jinja2 vulnerabilities
14 Nov 2019 USN-4015-1   DBus vulnerability
14 Nov 2019 USN-3911-1   file vulnerabilities
14 Nov 2019 USN-4038-1   bzip2 vulnerabilities
14 Nov 2019 USN-4004-1   Berkeley DB vulnerability
06 Nov 2019 USN-4126-1   FreeType vulnerability
06 Nov 2019 USN-4127-1   Python vulnerabilities
06 Nov 2019 USN-4129-1   curl vulnerabilities
06 Nov 2019 USN-4132-1   Expat vulnerability
06 Nov 2019 USN-4142-1   e2fsprogs vulnerability
06 Nov 2019 USN-4144-1   Linux kernel vulnerabilities
06 Nov 2019 USN-4151-1   Python vulnerabilities
30 Sep 2019 USN-4049-3   GLib regression
30 Sep 2019 USN-4071-1   Patch vulnerabilities
30 Sep 2019 USN-4094-1   Linux kernel vulnerabilities
30 Sep 2019 USN-4115-1   Linux kernel vulnerabilities
30 Sep 2019 USN-4115-2   Linux kernel regression
30 Sep 2019 USN-4135-1   Linux kernel vulnerabilities
24 Sep 2019 CVE-2019-16097   Harbor Privilege Escalation
05 Sep 2019 USN-4038-3   bzip2 regression
05 Sep 2019 USN-4049-1   GLib vulnerability
05 Sep 2019 USN-4058-1   Bash vulnerability
05 Sep 2019 USN-4060-1   NSS vulnerabilities
05 Sep 2019 USN-4068-2   Linux kernel (HWE) vulnerabilities
05 Sep 2019 USN-4090-1   PostgreSQL vulnerabilities
05 Sep 2019 USN-4099-1   nginx vulnerabilities
06 Aug 2019 USN-4041-1   Linux kernel update
05 Aug 2019 USN-3977-3   Intel Microcode update (AKA ZombieLoad Attack)
05 Aug 2019 USN-4001-1   libseccomp vulnerability
05 Aug 2019 USN-4014-1   GLib vulnerability
19 Jun 2019 USN-3977-1   Intel Microcode update (AKA ZombieLoad Attack)
19 Jun 2019 USN-3977-2   Intel Microcode update (AKA ZombieLoad Attack)
19 Jun 2019 USN-3981-2   Linux kernel (HWE) vulnerabilities (AKA ZombieLoad Attack)
21 May 2019 USN-3931-2   Linux kernel (HWE) vulnerabilities
21 May 2019 USN-3932-2   Linux kernel (Xenial HWE) vulnerabilities
21 May 2019 USN-3943-1   Wget vulnerabilities
21 May 2019 USN-3947-1   Libxslt vulnerability
21 May 2019 USN-3960-1   WavPack vulnerability
21 May 2019 USN-3962-1   libpng vulnerability
21 May 2019 USN-3972-1   PostgreSQL vulnerabilities
08 May 2019 USN-3935-1   BusyBox vulnerabilities
25 Apr 2019 USN-3863-1   APT vulnerability
25 Apr 2019 USN-3855-1   systemd vulnerabilities
25 Apr 2019 USN-3816-3   systemd regression
25 Apr 2019 USN-3834-1   Perl vulnerabilities
25 Apr 2019 USN-3840-1   OpenSSL vulnerabilities
25 Apr 2019 USN-3847-2   Linux kernel (HWE) vulnerabilities
25 Apr 2019 USN-3848-2   Linux kernel (Xenial HWE) vulnerabilities
25 Apr 2019 USN-3859-1   libarchive vulnerabilities
25 Apr 2019 USN-3864-1   LibTIFF vulnerabilities
25 Apr 2019 USN-3871-4   Linux kernel (HWE) vulnerabilities
25 Apr 2019 USN-3879-2   Linux kernel (Xenial HWE) vulnerabilities
25 Apr 2019 USN-3882-1   curl vulnerabilities
25 Apr 2019 USN-3884-1   libarchive vulnerabilities
25 Apr 2019 USN-3885-1   OpenSSH vulnerabilities
25 Apr 2019 USN-3891-1   systemd vulnerability
25 Apr 2019 USN-3898-1   NSS vulnerability
25 Apr 2019 USN-3899-1   OpenSSL vulnerability
25 Apr 2019 USN-3900-1   GD vulnerabilities
25 Apr 2019 USN-3901-2   Linux kernel (HWE) vulnerabilities
25 Apr 2019 USN-3906-1   LibTIFF vulnerabilities
25 Apr 2019 USN-3910-2   Linux kernel (Xenial HWE) vulnerabilities
25 Apr 2019 USN-3945-1   Ruby vulnerabilities
13 Feb 2019 CVE-2019-5736   runC container breakout
06 Feb 2019 USN-3850-1   NSS vulnerabilities
06 Feb 2019 USN-3841-1   lxml vulnerability
06 Feb 2019 USN-3836-2   Linux kernel (HWE) vulnerabilities
03 Jan 2019 USN-3829-1   Git vulnerabilities
03 Jan 2019 USN-3839-1   WavPack vulnerabilities
03 Jan 2019 USN-3816-2   systemd vulnerability
03 Jan 2019 USN-3843-1   pixman vulnerability
14 Dec 2018 USN-3821-2   Linux kernel (Xenial HWE) vulnerabilities
14 Dec 2018 USN-3817-1   Python vulnerabilities
14 Dec 2018 USN-3815-1   gettext vulnerability
14 Dec 2018 USN-3812-1   nginx vulnerabilities
14 Dec 2018 USN-3809-1   OpenSSH vulnerabilities
14 Dec 2018 USN-3805-1   curl vulnerabilities
12 Dec 2018 USN-3808-1   Ruby vulnerabilities
12 Dec 2018 USN-3806-1   systemd vulnerability
12 Dec 2018 USN-3816-1   systemd vulnerabilities
12 Dec 2018 USN-3820-2   Linux kernel (HWE) vulnerabilities
03 Dec 2018 CVE-2018-1002105   Proxy request handling in kube-apiserver can leave vulnerable TCP connections
03 Dec 2018 CVE-2018-15797   NFS Volume release errand leaks cf admin credentials in logs
28 Nov 2018 USN-3797-2   Linux kernel (Xenial HWE) vulnerabilities
08 Nov 2018 USN-3785-1   ImageMagick vulnerabilities
08 Nov 2018 USN-3786-1   libxkbcommon vulnerabilities
08 Nov 2018 USN-3791-1   Git vulnerability
08 Nov 2018 USN-3800-1   audiofile vulnerabilities
06 Nov 2018 CVE-2018-15761   UAA Privilege Escalation
26 Oct 2018 USN-3762-2   Linux kernel (HWE) vulnerabilities
26 Oct 2018 USN-3777-2   Linux kernel (HWE) vulnerabilities
26 Oct 2018 USN-3790-1   Requests vulnerability
09 Oct 2018 USN-3770-1   Little CMS vulnerabilities
09 Oct 2018 USN-3767-1   GLib vulnerabilities
09 Oct 2018 USN-3765-1   curl vulnerability
09 Oct 2018 USN-3752-2   Linux kernel (HWE) vulnerabilities
27 Sep 2018 USN-3352-1   nginx vulnerability
27 Sep 2018 USN-3509-4   Linux kernel (Xenial HWE) regression
27 Sep 2018 USN-3532-1   GDK-PixBuf vulnerabilities
27 Sep 2018 USN-3564-1   PostgreSQL vulnerability
27 Sep 2018 USN-3589-1   PostgreSQL vulnerability
27 Sep 2018 USN-3605-1   Sharutils vulnerability
27 Sep 2018 USN-3689-1   Libgcrypt vulnerability
27 Sep 2018 USN-3690-1   AMD Microcode update
27 Sep 2018 USN-3690-2   AMD Microcode regression
27 Sep 2018 USN-3692-1   OpenSSL vulnerabilities
27 Sep 2018 USN-3696-2   Linux kernel (Xenial HWE) vulnerabilities
27 Sep 2018 USN-3712-1   libpng vulnerabilities
27 Sep 2018 USN-3729-1   libxcursor vulnerability
27 Sep 2018 USN-3733-1   GnuPG vulnerability
27 Sep 2018 USN-3736-1   libarchive vulnerabilities
27 Sep 2018 USN-3739-1   libxml2 vulnerabilities
27 Sep 2018 USN-3741-2   Linux kernel (Xenial HWE) vulnerabilities
27 Sep 2018 USN-3744-1   PostgreSQL vulnerabilities
27 Sep 2018 USN-3753-2   Linux kernel (Xenial HWE) vulnerabilities
27 Sep 2018 USN-3755-1   GD vulnerabilities
27 Sep 2018 USN-3756-1   Intel Microcode vulnerabilities
27 Sep 2018 USN-3758-1   libx11 vulnerabilities
27 Sep 2018 USN-3759-1   libtirpc vulnerabilities
09 Aug 2018 CVE-2018-1336   Apache Tomcat - UTF-8 decoder can lead to DoS
09 Aug 2018 CVE-2018-8037   Apache Tomcat - NIO/NIO2 connectors user sessions can get mixed up
02 Aug 2018 USN-3706-1   libjpeg-turbo vulnerabilities
02 Aug 2018 USN-3707-1   NTP vulnerabilities
02 Aug 2018 USN-3711-1   ImageMagick vulnerabilities
23 Jul 2018 CVE-2018-11047   UAA accepts refresh token as access token on admin endpoints
20 Jul 2018 USN-3658-1   procps-ng vulnerabilities
20 Jul 2018 USN-3675-1   GnuPG vulnerabilities
20 Jul 2018 USN-3676-2   Linux kernel (Xenial HWE) vulnerabilities
20 Jul 2018 USN-3681-1   ImageMagick vulnerabilities
20 Jul 2018 USN-3684-1   Perl vulnerability
20 Jul 2018 USN-3686-1   file vulnerabilities
20 Jul 2018 USN-3693-1   JasPer vulnerabilities
17 Jul 2018 CVE-2018-11041   UAA open redirect
16 Jul 2018 CVE-2018-1268   Loggregator lacks app GUID validation
16 Jul 2018 CVE-2018-1269   Loggregator does not properly close some TCP connections
21 Jun 2018 USN-3648-1   curl vulnerabilities
21 Jun 2018 USN-3654-2   Linux kernel (Xenial HWE) vulnerabilities
21 Jun 2018 USN-3671-1   Git vulnerabilities
19 Jun 2018 CVE-2018-1265   Diego does not properly sanitize file paths in tar/zip files
14 Jun 2018 USN-3622-1   Wayland vulnerability
14 Jun 2018 USN-3624-1   Patch vulnerabilities
14 Jun 2018 USN-3625-1   Perl vulnerabilities
14 Jun 2018 USN-3628-1   OpenSSL vulnerability
14 Jun 2018 USN-3631-2   Linux kernel (Xenial HWE) vulnerabilities
14 Jun 2018 USN-3641-1   Linux kernel vulnerabilities
14 Jun 2018 USN-3643-1   Wget vulnerability
21 May 2018 CVE-2018-1276   Windows2012R2 stemcell exposes IaaS metadata on vSphere
21 May 2018 CVE-2018-1277   Garden does not correctly enforce Docker image disc quotas
10 May 2018 MS-ISAC-2018-046   MS-ISAC 2018-046 Multiple Vulnerabilities in PHP
08 May 2018 CVE-2018-1191   Garden may log Docker passwords
02 May 2018 USN-3346-2   Bind regression
02 May 2018 USN-3501-1   libxcursor vulnerability
02 May 2018 USN-3506-1   rsync vulnerabilities
02 May 2018 USN-3534-1   GNU C Library vulnerabilities
02 May 2018 USN-3543-1   rsync vulnerabilities
02 May 2018 USN-3547-1   Libtasn1 vulnerabilities
02 May 2018 USN-3554-1   curl vulnerabilities
02 May 2018 USN-3569-1   libvorbis vulnerabilities
02 May 2018 USN-3584-1   sensible-utils vulnerability
02 May 2018 USN-3586-1   DHCP vulnerabilities
02 May 2018 USN-3598-1   curl vulnerabilities
02 May 2018 USN-3602-1   LibTIFF vulnerabilities
02 May 2018 USN-3604-1   libvorbis vulnerabilities
02 May 2018 USN-3606-1   LibTIFF vulnerabilities
02 May 2018 USN-3610-1   ICU vulnerability
02 May 2018 USN-3611-1   OpenSSL vulnerability
02 May 2018 USN-3619-2   Linux kernel (Xenial HWE) vulnerabilities
30 Apr 2018 CVE-2018-1197   GCP Metadata Endpoint Accessible from Application Containers on Windows
05 Apr 2018 CVE-2018-1231   BOSH CLI does not restrict access to configuration file
05 Apr 2018 CVE-2018-1266   Cloud Controller file modification via malicious application
03 Apr 2018 USN-3582-2   Linux kernel (Xenial HWE) vulnerabilities
28 Mar 2018 CVE-2018-1190   XSS on UAA OpenID Connect check session iframe endpoint
28 Mar 2018 CVE-2018-1192   UAA SessionID present in Audit Event Logs
28 Mar 2018 CVE-2018-1195   Cloud Controller API will accept a refresh token for authentication
09 Mar 2018 CVE-2018-1227   Concourse-dot-ci Domain Issue
27 Feb 2018 CVE-2018-1221   Gorouter websocket handling vulnerability
27 Feb 2018 VU475445   VU#475445 SAML Authentication Bypass
01 Feb 2018 USN-3504-1   libxml2 vulnerability
01 Feb 2018 USN-3513-1   libxml2 vulnerability
01 Feb 2018 USN-3522-2   Linux (Xenial HWE) vulnerability
01 Feb 2018 USN-3522-4   Linux (Xenial HWE) vulnerability
01 Feb 2018 USN-3535-1   Bind vulnerability
01 Feb 2018 USN-3538-1   OpenSSH vulnerabilities
01 Feb 2018 USN-3540-2   Linux kernel (Xenial HWE) vulnerabilities
03 Jan 2018 Meltdown and Spectre Attacks   Meltdown and Spectre Attacks
19 Dec 2017 CVE-2017-1000353   Jenkins unauthenticated remote code execution
15 Dec 2017 USN-3457-1   curl vulnerability
15 Dec 2017 USN-3458-1   ICU vulnerability
15 Dec 2017 USN-3464-1   Wget vulnerabilities
15 Dec 2017 USN-3469-2   Linux kernel (Xenial HWE) vulnerabilities
15 Dec 2017 USN-3475-1   OpenSSL vulnerabilities
15 Dec 2017 USN-3478-1   Perl vulnerabilities
15 Dec 2017 USN-3485-2   Linux kernel (Xenial HWE) vulnerabilities
15 Dec 2017 USN-3489-1   Berkeley DB vulnerability
15 Dec 2017 USN-3496-1   Python vulnerability
15 Dec 2017 USN-3496-3   Python vulnerability
15 Dec 2017 USN-3498-1   curl vulnerabilities
15 Dec 2017 USN-3505-1   Linux firmware vulnerabilities
15 Dec 2017 USN-3509-2   Linux kernel (Xenial HWE) vulnerabilities
21 Nov 2017 USN-3387-1   Git vulnerability
21 Nov 2017 USN-3424-1   libxml2 vulnerabilities
21 Nov 2017 USN-3432-1   ca-certificates update
21 Nov 2017 USN-3434-1   Libidn vulnerability
21 Nov 2017 USN-3437-1   OCaml vulnerability
21 Nov 2017 USN-3441-1   curl vulnerabilities
21 Nov 2017 USN-3444-2   Linux kernel (Xenial HWE) vulnerabilities
21 Nov 2017 USN-3454-1   libffi vulnerability
16 Nov 2017 CVE-2017-8031   UAA Denial of Service through client token revocation endpoint
15 Nov 2017 CVE-2017-14388   GrootFS doesn’t validate DiffIDs
11 Oct 2017 CVE-2017-8048   Cloud Controller API regression
10 Oct 2017 CVE-2017-8047   Cloud Foundry router open redirect
28 Sep 2017 USN-3398-1   graphite2 vulnerabilities
28 Sep 2017 USN-3405-2   Linux kernel (Xenial HWE) vulnerabilities
28 Sep 2017 USN-3410-1   GD library vulnerability
28 Sep 2017 USN-3411-1   Bazaar vulnerability
28 Sep 2017 USN-3415-1   tcpdump vulnerabilities
28 Sep 2017 USN-3418-1   GDK-PixBuf vulnerabilities
28 Sep 2017 USN-3420-2   Linux kernel (Xenial HWE) vulnerabilities
08 Sep 2017 CVE-2017-9805   Apache Struts Remote Code Execution
28 Aug 2017 USN-3392-2   Linux kernel (Xenial HWE) regression
21 Aug 2017 USN-3385-2   Linux kernel (Xenial HWE) vulnerabilities
14 Aug 2017 USN-3344-2   Linux kernel (Xenial HWE) vulnerabilities
14 Aug 2017 USN-3346-1   bind9 vulnerabilities
14 Aug 2017 USN-3347-1   Libgcrypt vulnerabilities
14 Aug 2017 USN-3349-1   NTP vulnerabilities
14 Aug 2017 USN-3353-1   Heimdal vulnerability
14 Aug 2017 USN-3356-1   Expat vulnerability
14 Aug 2017 USN-3363-1   ImageMagick vulnerabilities
14 Aug 2017 USN-3363-2   ImageMagick regression References
14 Aug 2017 USN-3364-2   Linux kernel (Xenial HWE) vulnerabilities
14 Aug 2017 USN-3367-1   gdb vulnerabilities
14 Aug 2017 USN-3378-2   Linux kernel (Xenial HWE) vulnerabilities
07 Aug 2017 CVE-2017-8037   Incomplete fix for Cloud Controller API access to CC VM contents
02 Aug 2017 CVE-2017-9022/CVE-2017-9023   strongSwan DOS Vulnerabilities
01 Aug 2017 CVE-2017-8038   Credentials readable from CredHub endpoint
25 Jul 2017 CVE-2017-8033   Cloud Controller API filesystem traversal vulnerability
25 Jul 2017 CVE-2017-8035   Cloud Controller API access to CC VM contents
25 Jul 2017 CVE-2017-8036   Cloud Controller API regression
24 Jul 2017 CVE-2017-8032   UAA Identity Zone Admin Privilege Escalation
05 Jul 2017 CVE-2017-7485   PostgreSQL vulnerabilities
26 Jun 2017 USN-3212-2   LibTIFF regression
26 Jun 2017 USN-3302-1   ImageMagick vulnerabilities
26 Jun 2017 USN-3309-1   Libtasn1 vulnerability
26 Jun 2017 USN-3311-1   libnl vulnerability
26 Jun 2017 USN-3312-2   Linux kernel (Xenial HWE) vulnerabilities
26 Jun 2017 USN-3318-1   GnuTLS vulnerabilities
26 Jun 2017 USN-3323-1   GNU C Library vulnerability
26 Jun 2017 USN-3334-1   Linux kernel (Xenial HWE) vulnerabilities
26 Jun 2017 CVE-2017-5946   Directory Traversal in Rubyzip
22 Jun 2017 USN-3304-1   Sudo vulnerability
08 Jun 2017 USN-3181-1   OpenSSL vulnerabilities
08 Jun 2017 USN-3246-1   Eject vulnerability
08 Jun 2017 USN-3259-1   Bind vulnerabilities
08 Jun 2017 USN-3263-1   FreeType vulnerability
08 Jun 2017 USN-3276-2   shadow regression
08 Jun 2017 USN-3282-1   FreeType vulnerabilities
08 Jun 2017 USN-3283-1   rtmpdump vulnerabilities
08 Jun 2017 USN-3287-1   Git vulnerability
08 Jun 2017 USN-3291-3   Linux kernel (Xenial HWE) vulnerabilities
08 Jun 2017 USN-3294-1   Bash vulnerabilities
08 Jun 2017 USN-3295-1   JasPer vulnerabilities
08 Jun 2017 CVE-2017-4994   Forwarded Headers in UAA
19 May 2017 CVE-2017-4991   UAA password reset vulnerability
19 May 2017 CVE-2017-4992   Privilege escalation with user invitations
02 May 2017 USN-3265-2   Linux kernel (Xenial HWE) vulnerabilities
01 May 2017 CVE-2017-4974   Blind SQL Injection with privileged UAA endpoints
20 Apr 2017 CVE-2017-4972   Blind SQL Injection in UAA
20 Apr 2017 CVE-2017-4973   Privilege Escalation in UAA
20 Apr 2017 CVE-2015-3281   HAProxy vulnerabilities
13 Apr 2017 CVE-2017-4969   Bug in CC allows users to exceed quotas
12 Apr 2017 USN-3256-2   Linux kernel (HWE) vulnerability
10 Apr 2017 CVE-2017-4970   Staticfile buildpack ignores basic authentication when misconfigured
06 Apr 2017 USN-3183-2   GnuTLS vulnerability
06 Apr 2017 USN-3225-1   libarchive vulnerabilities
06 Apr 2017 USN-3227-1   ICU vulnerabilities
06 Apr 2017 USN-3232-1   ImageMagick vulnerabilities
06 Apr 2017 USN-3235-1   libxml2 vulnerabilities
06 Apr 2017 USN-3237-1   FreeType vulnerability
06 Apr 2017 USN-3239-2   GNU C Library Regression
06 Apr 2017 USN-3241-1   audiofile vulnerabilities
06 Apr 2017 USN-3243-1   Git vulnerability
05 Apr 2017 CVE-2017-5649   Apache Geode privilege escalation vulnerability
04 Apr 2017 USN-3249-2   Linux kernel (Xenial HWE) vulnerability
04 Apr 2017 USN-3247-1   AppArmor vulnerability
04 Apr 2017 USN-3228-1   libevent vulnerabilities
04 Apr 2017 USN-3234-2   Linux kernel (Xenial HWE) vulnerabilities
04 Apr 2017 USN-3201-1   Bind vulnerabilities
31 Mar 2017 USN-3142-2   ImageMagick vulnerabilities
31 Mar 2017 USN-3205-1   tcpdump vulnerabilities
31 Mar 2017 USN-3212-1   LibTIFF vulnerabilities
31 Mar 2017 USN-3213-1   GD library vulnerabilities
31 Mar 2017 USN-3222-1   ImageMagick vulnerabilities
29 Mar 2017 CVE-2017-4963   Session Fixation for UAA External Authentication
17 Mar 2017 USN-3183-1   GnuTLS vulnerabilities
17 Mar 2017 USN-3193-1   Nettle vulnerability
17 Mar 2017 USN-3185-1   libXpm vulnerability
17 Mar 2017 USN-3196-1   Multiple PHP vulnerabilities
14 Mar 2017 CVE-2017-5638   Apache Struts Remote Code Execution
14 Mar 2017 USN-3189-2   Linux kernel (Xenial HWE) vulnerabilities
13 Mar 2017 USN-3220-2   Linux kernel (Xenial HWE) vulnerability
09 Mar 2017 CVE-2017-4960   UAA OAuth DOS via lockout feature
01 Mar 2017 USN-3208-2   Linux kernel (Xenial HWE) vulnerabilities
31 Jan 2017 USN-3161-2   Linux kernel (Xenial HWE) vulnerabilities
31 Jan 2017 USN-3169-2   Linux kernel (Xenial HWE) vulnerabilities
31 Jan 2017 USN-3172-1   Bind vulnerabilities
23 Jan 2017 CVE-2016-6660   Cloud Controller logs application environment variables
19 Jan 2017 USN-3024-1   tomcat6, tomcat7 vulnerabilities
12 Jan 2017 RunC Exec   RunC Exec Vulnerability
10 Jan 2017 CVE-2016-9882   Cloud Foundry Logs Service Credentials
29 Dec 2016 CVE-2016-3958 and CVE-2016-3959   Golang vulnerabilities
27 Dec 2016 USN-3142-1   ImageMagick vulnerabilities
27 Dec 2016 USN-3128-2   Linux kernel (Xenial HWE) vulnerability
27 Dec 2016 USN-3146-2   Linux kernel (Xenial HWE) vulnerabilities
21 Dec 2016 Multiple CVEs   httpoxy vulnerabilities
20 Dec 2016 USN-3156-1   APT vulnerability
19 Dec 2016 USN-3117-1   GD library vulnerabilities
19 Dec 2016 USN-3067-1   HarfBuzz vulnerabilities
19 Dec 2016 USN-3131-1   ImageMagick vulnerabilities
19 Dec 2016 CVE-2016-8219   Space Auditor can restage apps
14 Dec 2016 USN-3119-1   Bind vulnerability
14 Dec 2016 USN-3116-1   DBus vulnerabilities
14 Dec 2016 CVE-2016-6659   UAA Privilege Escalation
14 Dec 2016 USN-3139-1   Vim vulnerability
14 Dec 2016 USN-3134-1   Python vulnerabilities
14 Dec 2016 USN-3132-1   tar vulnerability
13 Dec 2016 USN-3088-1   Bind vulnerability
13 Dec 2016 USN-3123-1   curl vulnerabilities
09 Dec 2016 CVE-2016-8218   Unauthenticated JWT signing algorithm in routing
07 Dec 2016 USN-3151-2   Linux kernel (Xenial HWE) vulnerability
17 Nov 2016 Several   PCRE vulnerabilities prior to version 8.39
17 Nov 2016 CVE-2016-6663/CVE-2016-6664   MariaDB Root Privilege Escalation
07 Nov 2016 USN-3095-1   PHP vulnerabilities
07 Nov 2016 USN-3096-1   NTP vulnerabilities
02 Nov 2016 CVE-2016-6658   Incomplete fix for Credential Vulnerability for Custom Buildpacks
21 Oct 2016 CVE-2016-5195   Linux kernel vulnerability
17 Oct 2016 USN-3099-2   Linux kernel vulnerabilities
17 Oct 2016 CVE-2016-6655   Utility Script Command Injection
29 Sep 2016 CVE-2016-6653   MySQL Audit logs sent to Syslog
28 Sep 2016 USN-3085-1   GDK-PixBuf vulnerabilities
28 Sep 2016 CVE-2016-6662   Multiple MySQL Vulnerabilities
28 Sep 2016 USN-3068-1   Libidn vulnerabilities
28 Sep 2016 USN-3083-1   Linux kernel vulnerabilities
28 Sep 2016 USN-3087-2   OpenSSL Regression
26 Sep 2016 CVE-2016-6637   UAA CSRF Vulnerability for OAuth Approvals
26 Sep 2016 CVE-2016-6636   UAA Open Redirect Vulnerability for Subdomains
26 Sep 2016 CVE-2016-6651   Privilege Escalation in UAA
21 Sep 2016 CVE-2014-9130   LibYAML vulnerability
09 Sep 2016 USN-3045-1   PHP vulnerabilities
09 Sep 2016 CVE-2016-6639   PHP Buildpack exposes .profile file
25 Aug 2016 USN-3033-1   libarchive vulnerability
25 Aug 2016 USN-3048-1   curl vulnerability
25 Aug 2016 USN-3053-1/USN-3037-1   Linux kernel (Vivid HWE) vulnerability
25 Aug 2016 USN-3030-1/USN-3060-1   GD library vulnerability
25 Aug 2016 USN-3061-1   OpenSSH vulnerability
25 Aug 2016 USN-3063-1   Fontconfig vulnerability
25 Aug 2016 USN-3064-1   GnuPG vulnerability
25 Aug 2016 USN-3065-1   Libgcrypt vulnerability
18 Aug 2016 CVE-2016-5016   UAA accepts expired certificates
26 Jul 2016 CVE-2016-5006   Cloud Controller API logs user-provided service credentials
13 Jul 2016 USN-3012-1   Wget vulnerability
13 Jul 2016 CVE-2016-4450   Nginx Vulnerabilities
13 Jul 2016 USN-3010-1   Expat vulnerabilities
01 Jul 2016 USN-3020-1   Linux kernel (Vivid HWE) vulnerabilities
30 Jun 2016 CVE-2016-4468   UAA SQL Injection
15 Jun 2016 USN-3001-1   Linux kernel (Vivid HWE) vulnerabilities
13 Jun 2016 USN-2961-1   Little CMS vulnerability
13 Jun 2016 USN-2966-1   OpenSSH vulnerabilities
13 Jun 2016 USN-2981-1   libarchive vulnerabilities
13 Jun 2016 USN-2983-1   Expat vulnerability
13 Jun 2016 USN-2985-2   GNU C Library regression
13 Jun 2016 USN-2987-1   GD library vulnerabilities
13 Jun 2016 USN-2990-1   ImageMagick vulnerability (a.k.a. ImageTragick)
13 Jun 2016 USN-2991-1   nginx vulnerability
13 Jun 2016 USN-2994-1   libxml2 vulnerabilities
13 Jun 2016 CVE-2016-4435   BOSH Agent Anonymous Endpoint
08 Jun 2016 CVE-2013-7456   PHP vulnerabilities
03 Jun 2016 USN-2970-1   Linux kernel (Vivid HWE) vulnerabilities
23 May 2016 CVE-2016-3084   UAA Password Reset Vulnerability
19 May 2016 USN-2977-1   Linux kernel (Vivid HWE) vulnerabilities
17 May 2016 CVE-2016-3091   Diego log encoding vulnerability
06 May 2016 USN-2935-2   PAM regression
06 May 2016 USN-2943-1   PCRE vulnerabilities
06 May 2016 USN-2949-1   Linux kernel (Vivid HWE) vulnerabilities
06 May 2016 USN-2957-1   Libtasn1 vulnerability
06 May 2016 USN-2959-1   OpenSSL vulnerabilities
02 May 2016 CVE-2015-5170-5173   UAA Vulnerabilities
14 Apr 2016 Badlock bug   Samba and Windows Vulnerabilities
24 Mar 2016 USN-2938-1   Git vulnerabilities
24 Mar 2016 NPM Ownership Issue   Warning about NPM modules
24 Mar 2016 USN-2914-1   OpenSSL vulnerabilities
24 Mar 2016 USN-2916-1   Perl vulnerabilities
24 Mar 2016 USN-2918-1   Pixman vulnerabilities
24 Mar 2016 USN-2919-1   JasPer vulnerabilities
24 Mar 2016 USN-2925-1   Bind9 vulnerabilities
24 Mar 2016 USN-2927-1   Graphite2 vulnerabilities
24 Mar 2016 USN-2939-1   LibTIFF vulnerabilities
16 Mar 2016 USN-2932-1   Linux kernel vulnerabilities
02 Mar 2016 CVE-2016-0800   OpenSSL vulnerabilities
26 Feb 2016 CVE-2016-0761   Docker Image Host Files Corruption
26 Feb 2016 USN-2910-1   Linux kernel vulnerability
19 Feb 2016 USN-2900-1   GNU libc vulnerability
02 Feb 2016 CVE-2016-0732   Privilege Escalation
01 Feb 2016 CVE-2016-0713   Gorouter XSS
22 Jan 2016 USN-2871-1   Linux kernel vulnerability
20 Jan 2016 CVE-2016-0715   Remote Information Disclosure
19 Jan 2016 USN-2869-1   OpenSSH vulnerability
19 Jan 2016 USN-2868-1   DHCP vulnerability
19 Jan 2016 USN-2861-1   libpng vulnerability
19 Jan 2016 USN-2865-1   GnuTLS vulnerability
18 Jan 2016 CVE-2016-0708   Remote Information Disclosure
07 Jan 2016 USN-2829-1   Linux kernel vulnerability
07 Jan 2016 USN-2830-1   OpenSSL vulnerability
07 Jan 2016 USN-2834-1   libxml2 vulnerability
07 Jan 2016 USN-2835-1   git vulnerability
07 Jan 2016 USN-2836-1   grub2 vulnerability
07 Jan 2016 USN-2837-1   bind9 vulnerability
07 Jan 2016 USN-2842-1/USN-2842-2   Linux kernel vulnerability
07 Jan 2016 USN-2857-1   Linux kernel vulnerability
15 Dec 2015 CVE-2015-5350   Garden Nstar vulnerability
04 Dec 2015 USN-2820-1   dpkg vulnerability
04 Dec 2015 USN-2821-1   GnuTLS vulnerability
02 Dec 2015 USN-2787-1   audiofile vulnerability
02 Dec 2015 USN-2810-1   Kerberos vulnerability
02 Dec 2015 USN-2812-1   libxml2 vulnerability
02 Dec 2015 USN-2815-1   PNG vulnerability
24 Nov 2015 USN-2788-1/2788-2   unzip vulnerability
12 Nov 2015 USN-2806-1   Linux kernel vulnerability
12 Nov 2015 USN-2798-1   Linux kernel vulnerability
03 Nov 2015 USN-2767-1   GDK-Pixbuf library vulnerability
03 Nov 2015 USN-2778-1   Linux kernel vulnerabilities
07 Oct 2015 USN-2765-1   Linux Kernel (Vivid HWE) Vulnerability
07 Oct 2015 USN-2756-1   rpcbind Vulnerability
07 Oct 2015 USN-2751-1   Linux Kernel (Vivid HWE) Vulnerability
07 Oct 2015 USN-2740-1   ICU Vulnerabilities
07 Oct 2015 USN-2739-1   FreeType Vulnerabilities
07 Oct 2015 USN-2711-1   Net-SNMP Vulnerabilities
07 Oct 2015 USN-2722-1   GDK-PixBuf Vulnerabilities
07 Oct 2015 Golang   Golang 1.4.3 CVE Fixes
08 Sep 2015 USN-2718-1   Address Configuration Change Vulnerabilities
08 Sep 2015 USN-2694-1   PCRE Vulnerabilities
08 Sep 2015 USN-2698-1   SQLite Vulnerabilities
08 Sep 2015 USN-2710-1   OpenSSH Vulnerabilities
06 Aug 2015 USN-2696-1   OpenJDK 7 Vulnerabilities
29 Jul 2015 CVE-2015-3290   Linux Kernel NMI Vulnerability
10 Jul 2015 CVE-2015-1420   file_handle size verification
06 Jul 2015 CVE-2015-1330   Unattended-Upgrades Vulnerability
25 Jun 2015 CVE-2015-3191   CSRF attack on change email
25 Jun 2015 CVE-2015-3190   Open redirect on Login
25 Jun 2015 CVE-2015-3189   Expire old reset password links
17 Jun 2015 CVE-2015-1328   overlayfs privilege escalation
12 Jun 2015 CVE-2015-3636   ipv4 use-after-free
12 Jun 2015 USN-2639-1   OpenSSL vulnerabilities
09 Jun 2015 Redis LUA Sandbox   Redis LUA Exploit
22 May 2015 USN-2617-1   FUSE Vulnerability
22 May 2015 CVE-2015-1834   Path Traversal Vulnerability
30 Apr 2015 CVE-2015-1855   Ruby OpenSSL Hostname Verification
23 Mar 2015 CVE-2015-0282   Multiple GnuTLS Vulnerabilities
21 Mar 2015 USN-2537-1   OpenSSL vulnerabilities
13 Mar 2015 CVE-2014-8159   Linux Kernel Infiniband Vulnerability
09 Feb 2015 CVE-2014-0227   Apache Tomcat Request Smuggling
28 Jan 2015 CVE-2015-0235   GHOST
16 Oct 2014 CVE-2014-3566   SSLV3 POODLE
29 Sep 2014 CVE-2014-7186   Bash Out-of Bonds
25 Sep 2014 CVE-2014-6271   Bash - ShellShock
19 Sep 2014 CVE-2014-5119   glib_gconv_translit_find() exploit
10 Sep 2014 CVE-2013-4444   Remote Code Execution in Apache Tomcat
18 Aug 2014 CVE-2014-3153   Futex requeue exploit
05 Jun 2014 CVE-2014-0224   SSL/TLS MITM Vulnerability
10 Apr 2014 CVE-2014-0160   Heartbleed
View all


Legacy Tanzu vulnerability reports

Date   CVE Reference   Description
10 May 2021 CVE-2021-22116   Denial-of-Service Vulnerability due to improper input validation in RabbitMQ server
10 May 2021 CVE-2021-22117   RabbitMQ Server vulnerable to arbitrary code execution attack
01 Dec 2020 CVE-2020-5423   Cloud Controller is vulnerable to denial of service via YAML parsing
16 Nov 2020 CVE-2020-5417   Cloud Controller may allow developers to claim sensitive routes
12 Nov 2020 CVE-2020-5422   UAA password may appear in Operations Manager process arguments
03 Nov 2020 CVE-2020-5426   Scheduler for TAS can transmit privileged UAA token in plaintext
29 Oct 2020 CVE-2020-5425   User Impersonation possible in Tanzu SSO
13 Oct 2020 MYSQL-SECURITY-UPDATES-JAN2020   Various MySQL Security Updates from January 2020
13 Oct 2020 MYSQL-SECURITY-UPDATES-APR2020   Various MySQL Security Updates from April 2020
10 Sep 2020 CVE-2020-5420   Gorouter is vulnerable to DoS attack via invalid HTTP responses
01 Sep 2020 CVE-2020-5416   TAS clusters with NGINX in front of them may be vulnerable to DoS
27 Aug 2020 CVE-2020-5419   RabbitMQ arbitrary code execution using local binary planting
11 Aug 2020 CVE-2020-5415   Concourse's GitLab auth allows impersonation
30 Jul 2020 CVE-2019-11286   JMX Credential Deserialization in GemFire
30 Jul 2020 MYSQL-SECURITY-UPDATES-JUL2019   Various MySQL Security Updates from July 2019
30 Jul 2020 MYSQL-SECURITY-UPDATES-OCT2019   Various MySQL Security Updates from October 2019
30 Jul 2020 CVE-2020-5396   JMX Insecure Default Configuration in GemFire
30 Jul 2020 CVE-2020-5414   App Autoscaler logs credentials
16 Jul 2020 CVE-2020-15586   Gorouter is vulnerable to DoS Attack via Expect 100-continue requests
26 May 2020 CVE-2019-15605   Node.js is vulnerable to request smuggling
13 May 2020 CVE-2020-5409   Concourse Open Redirect in the /sky/login endpoint
14 Apr 2020 CVE-2020-5402   UAA fails to check the state parameter when authenticating with external IDPs
09 Apr 2020 CVE-2020-5406   PCF Autoscaling logs its database credentials
06 Apr 2020 CVE-2020-5400   Cloud Controller logs environment variables from app manifests
06 Apr 2020 CVE-2019-11282   UAA is vulnerable to a Blind SCIM injection leading to information disclosure
04 Mar 2020 CVE-2019-11290   UAA logs query parameters in tomcat access file
04 Mar 2020 VARIOUS-JACKSON-CVES-UAA   Various CVEs UAA consumes vulnerable versions of FasterXML jackson-databind
03 Mar 2020 CVE-2019-11253   PKS is vulnerable to a YAML/JSON parsing "Billion Laughs" Attack
24 Feb 2020 CVE-2020-5401   GoRouter is vulnerable to a cache poisoning DoS
12 Feb 2020 CVE-2020-5399   CredHub does not properly enable TLS for MySQL database connections
11 Feb 2020 CVE-2019-19604   Git submodule loading vulnerability
15 Jan 2020 CVE-2019-11288   tc Server JMX Socket Listener Registry Rebinding Local Privilege Escalation
10 Jan 2020 CVE-2019-18802   CVE-2019-18801, CVE-2019-18838, MySQL for Pivotal Platform consumes a vulnerable version of Envoy
08 Jan 2020 CVE-2019-11292   Ops Manager logs query parameters in tomcat access file
04 Dec 2019 CVE-2019-9517   CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9518, CVE-2019-9511, CVE-2019-9516, Some Pivotal products are impacted by HTTP/2 denial of service attacks
04 Dec 2019 CVE-2019-19025   Cross-Site Request Forgery Vulnerability in VMware Harbor Container Registry for Pivotal Platform
04 Dec 2019 CVE-2019-3990   User Enumeration Flaw in VMware Harbor Container Registry for Pivotal Platform
04 Dec 2019 CVE-2019-19026   SQL Injection via project quotas in VMware Harbor Container Registry for Pivotal Platform
04 Dec 2019 CVE-2019-19023   Privilege Escalation Vulnerability in VMware Harbor Container Registry for Pivotal Platform
04 Dec 2019 CVE-2019-19029   SQL Injection via user-groups in VMware Harbor Container Registry for Pivotal Platform
03 Dec 2019 CVE-2019-11293   UAA logs all query parameters with debug logging level
22 Nov 2019 CVE-2019-11287   RabbitMQ Web Management Plugin DoS via heap overflow
22 Nov 2019 CVE-2019-11291   RabbitMQ XSS attack via federation and shovel endpoints
18 Nov 2019 CVE-2019-11289   A forged route service request using an invalid nonce can cause the gorouter to panic and crash
06 Nov 2019 CVE-2019-9893   libseccomp incorrectly generate 64-bit syscall argument comparisons
24 Oct 2019 CVE-2019-11249   PKS consumes a vulnerable version of kubectl
23 Oct 2019 CVE-2019-11283   Password leak in smbdriver logs
17 Oct 2019 CVE-2019-16919   Broken access control vulnerability in Harbor API
15 Oct 2019 CVE-2019-13139   Docker build code execution
15 Oct 2019 CVE-2018-15664   Docker Symlink Directory Traversal Vulnerability
15 Oct 2019 CVE-2019-11247   Kubernetes API Server Vulnerability
15 Oct 2019 CVE-2019-11279   Privilege Escalation via Scope Manipulation in UAA
15 Oct 2019 CVE-2019-11278   Privilege Escalation via Blind SCIM Injection in UAA
14 Oct 2019 CVE-2019-11281   RabbitMQ XSS attack
25 Sep 2019 CVE-2019-11275   CSV Injection in usage report downloaded from Pivotal Application Manager
23 Sep 2019 CVE-2019-11277   Volume Services is vulnerable to an LDAP injection attack
19 Sep 2019 CVE-2019-11280   Privilege escalation through the invitations service
20 Aug 2019 CVE-2019-10164   Critical Security Issue in PostgreSQL
20 Aug 2019 CVE-2019-3788   UAA redirect-uri allows wildcards in the subdomain
20 Aug 2019 CVE-2019-3775   UAA allows users to modify their own email address
19 Aug 2019 CVE-2019-11276   Apps Manager sends tokens to Spring apps via HTTP
15 Aug 2019 CVE-2017-15694   Pivotal GemFire and Cloud Cache consume vulnerable versions of Apache Geode
14 Aug 2019 CVE-2019-13232   ClamAV Add-on for PCF consumes a vulnerable version of ClamAV
01 Aug 2019 CVE-2019-11270   UAA clients.write vulnerability
25 Jul 2019 CVE-2019-3781   CF CLI does not sanitize user's password in verbose/trace/debug
25 Jul 2019 CVE-2019-3800   CF CLI writes the client id and secret to config file
23 Jul 2019 CVE-2019-11273   PKS Telemetry logs credentials
22 Jul 2019 USN-4017-1   Linux kernel vulnerabilities
22 Jul 2019 VARIOUS-SQL   Various MySQL Security Updates from July 2018 through January 2019
18 Jul 2019 CVE-2019-3786   BBR could run arbitrary scripts on deployment VMs
28 Jun 2019 CVE-2019-11271   Bosh Deployment logs leak sensitive information
30 May 2019 CVE-2019-5021   Tile generator affected by insecure default password
24 May 2019 CVE-2019-3790   Ops Manager uaa client issues tokens after refresh token expiration
25 Apr 2019 CVE-2019-3801   Java Projects using HTTP to fetch dependencies
24 Apr 2019 CVE-2019-3789   Gorouter allows space developer to hijack route services hosted outside the platform
24 Apr 2019 CVE-2019-3798   Escalation of Privileges in Cloud Controller
12 Apr 2019 CVE-2019-3793   Invitations Service supports HTTP connections
01 Apr 2019 CVE-2019-1002101   Kubernetes kubectl - potential directory traversal
01 Apr 2019 CVE-2019-1002100   Kubernetes API Server Patch Request Consumes Excess Resource Cause Denial of Service
01 Apr 2019 CVE-2019-9946   Kubernetes affecting certain network configurations with CNI
25 Mar 2019 CVE-2019-3792   Concourse 5.0.0 SQL Injection vulnerability
07 Mar 2019 CVE-2019-8331   Bootstrap XSS
28 Feb 2019 CVE-2018-15754   UAA issues tokens across identity providers if users with matching usernames exist
26 Feb 2019 CVE-2019-3777   Apps Manager unverified SSL certs in Cloud Controller proxy
19 Feb 2019 CVE-2019-3776   Reflected XSS in Pivotal Operations Manager
14 Feb 2019 CVE-2019-3779   Pivotal Container Service allows a user to bypass security policy when talking to ETCD
14 Feb 2019 CVE-2019-3780   Cloud Foundry Container Runtime Leaks IAAS Credentials
08 Jan 2019 CVE-2019-3803   Concourse includes token in CLI authentication callback
08 Jan 2019 KUBERNETES-API-SERVER   Kubernetes API Server acts as proxy for internal and external IPs
04 Jan 2019 CVE-2018-18264   Kubernetes Dashboard TLS Certificate Leak
13 Dec 2018 CVE-2018-15798   Pivotal Concourse allows malicious redirect urls on login
05 Dec 2018 CVE-2018-1279   RabbitMQ cluster compromise due to deterministically generated cookie
15 Nov 2018 CVE-2018-15759   On Demand Services SDK Timing Attack Vulnerability
09 Nov 2018 CVE-2018-15795   CredHub Service Broker uses guessable client secret
29 Oct 2018 CVE-2018-15762   Pivotal Operations Manager gives all users heightened privileges
10 Oct 2018 CVE-2018-15755   CF networking internal policy server SQL injection
10 Oct 2018 CVE-2018-11084   Garden-runC prevents deletion of some app environments
03 Oct 2018 CVE-2018-11083   BOSH accepts refresh token as access token
02 Oct 2018 CVE-2018-15763   PKS leaks IaaS credentials to application logs
27 Sep 2018 CVE-2018-11081   Ops Manager writes UAA credentials to disk
13 Sep 2018 CVE-2018-11086   CF admin credentials accessible to developers through usage service
13 Sep 2018 CVE-2018-11088   CF admin credentials accessible to developers through Applications Manager
13 Sep 2018 CVE-2018-1198   PCC bosh deployment logs print a superuser password in plain text
20 Aug 2018 CVE-2019-3787   UAA defaults email address to an insecure domain
23 Jul 2018 CVE-2018-11044   Apps Manager allows unescaped content in invitation emails
10 Jul 2018 CVE-2018-11045   Operations Manager image contains static LRNG seed file
20 Jun 2018 CVE-2018-11046   Operations Manager includes outdated NGINX packages
10 May 2018 CVE-2018-1278   Apps Manager allows unauthorized org invitations
07 May 2018 CVE-2018-1280   Blind SQL injection in Pivotal Greenplum Command Center
13 Feb 2018 CVE-2018-1200   Apps Manager File Access Vulnerability
31 Aug 2017 CVE-2017-8040   XXE Vulnerability in Single Sign-On for PCF
31 Aug 2017 CVE-2017-8041   XSS vulnerability in org name in Single Sign-On for PCF
31 Aug 2017 CVE-2017-8044   XSS vulnerability in Single Sign-On for PCF via DOM-based query parameters
15 May 2017 CVE-2017-4975   Tile generator sets open security groups
04 May 2017 CVE-2017-4965   XSS vulnerabilities in RabbitMQ management UI
04 May 2017 CVE-2017-4966   RabbitMQ local storage of credentials
27 Mar 2017 CVE-2017-2773   Unauthenticated JWT signing algorithm in multiple components
24 Mar 2017 CVE-2017-4955   Credentials in Elastic Runtime Notifications errand log
14 Feb 2017 CVE-2017-4959   Pivotal Cloud Foundry account authorization vulnerability
09 Feb 2017 CVE-2016-9880   Unauthenticated access to GemFire for PCF broker endpoints
04 Jan 2017 CVE-2016-9885   gfsh exposed over go router for GemFire for PCF
28 Dec 2016 CVE-2016-0898   Service backups log AWS key
19 Dec 2016 CVE-2016-9877   RabbitMQ authentication vulnerability
31 Oct 2016 CVE-2016-6656   Code injection vulnerability via GPHDFS in Greenplum database
31 Oct 2016 CVE-2016-6657   PCF Open Redirects
12 Sep 2016 CVE-2016-0930   Ops Manager Compilation VMs Vulnerability on vSphere and vCloud
27 Jul 2016 CVE-2016-0896   IaaS Metadata Endpoint Accessible from Application Containers
15 Jul 2016 CVE-2016-0929   RabbitMQ for PCF vulnerability
07 Jul 2016 CVE-2016-0926   Apps Manager XSS vulnerability
29 Jun 2016 CVE-2016-0928   PCF Open Redirects
24 Jun 2016 CVE-2016-0897   Ops Manager vSphere and vCloud vulnerability
23 Jun 2016 CVE-2016-0927   Ops Manager XSS vulnerability
23 Mar 2016 CVE-2016-0781   UAA Persistent XSS Vulnerability
23 Mar 2016 CVE-2016-2165   Loggregator Request URL Paths
23 Mar 2016 CVE-2016-0780   Cloud Controller Disk Quota Enforcement
03 Feb 2016 CVE-2016-0883   Pivotal Ops Manager Weak Authentication Scheme
13 Jan 2015 CVE-2014-3626   Directory Traversal in Grails Resources Plugin
19 Feb 2014 CVE-2014-0053   Information Disclosure when using Grails
View all



Thanks

Reports of vulnerabilities in Tanzu products are listed in the credit section of the associated security announcement.