tanzu.vmware.com
Open in
urlscan Pro
2a02:26f0:6c00:2a3::2ef
Public Scan
Submitted URL: https://tanzu.vmware.com/security/cve-2022-22947'
Effective URL: https://tanzu.vmware.com/security
Submission: On May 18 via api from US — Scanned from DE
Effective URL: https://tanzu.vmware.com/security
Submission: On May 18 via api from US — Scanned from DE
Form analysis 2 forms found in the DOM
GET /search
<form id="searchheaderform" action="/search" accept-charset="UTF-8" method="get"><input name="utf8" type="hidden" value="✓">
<input type="text" name="q" id="searchheaderinput" autocomplete="off" placeholder="Search for documentation, articles, and posts..." aria-label="Search">
<input type="submit" value="" id="searchheadersubmit" aria-label="Search Submit" data-disable-with="">
</form>POST /feedback-post
<form id="feedback-footer" action="/feedback-post" accept-charset="UTF-8" method="post"><input name="utf8" type="hidden" value="✓"><input type="hidden" name="authenticity_token"
value="LUuel+gWebHgeQe3qaxxDn4SH6wC2dVBA9cvOvpBxU+aAC9cyEog92bG4DfXJVrSTsAibtcGtOyPYT8vxQG+mA==">
<input type="number" name="fax_number" id="fax_number" value="" autocomplete="off" placeholder="" tabindex="-1">
<input type="hidden" name="url" id="feedback-url" value="https://tanzu.vmware.com/security" autocomplete="off" placeholder="">
<textarea name="feedbacktext" id="feedbacktext" autocomplete="off" placeholder="" value=""></textarea>
<input type="submit" name="submit" value="Send" id="submit" data-disable-with="">
</form>Text Content
* Why Tanzu
* Products
* Consulting
* Get Started
* Resources
* * Support
* Developer Center
* Documentation
* Downloads
WHY TANZU
Transform your business, not just your IT Why Tanzu
--------------------------------------------------------------------------------
Intro to Tanzu
Paving the Road to Modern Apps
By Role For developers For IT operators For business leaders
By Industry Automotive Financial Services Healthcare Insurance
Manufacturing Public Sector Retail Telecommunications
VMware Tanzu
Build, run, and manage modern apps on any cloud
Get started
View all products
By use case
Cloud native platform ops Cloud native app development Secure software supply
chain Open source VMware Tanzu
For dev Tanzu Application Platform Tanzu Application Service Tanzu Build Service
Tanzu Data Services VMware Application Catalog
For ops Tanzu for Kubernetes Operations Tanzu Kubernetes Grid Tanzu Mission
Control Tanzu Observability Tanzu Service Mesh
VMware Tanzu Labs
Build apps
Deliver new apps users love
Modernize apps
Rearchitect valuable legacy apps
Build your platform
Evolve your Kubernetes strategy
App Navigator Build a modernization plan
Data Transformation
Services for nonprofits
Featured webinar Spring Boot x RabbitMQ: Streaming with Tanzu Data Services
View webinars
Latest news Contour Joins Forces with Community Leaders to Build New Envoy
Gateway Project
View all blog posts
Tech Insights
* DevSecOps
* Microservices
* Containers
* Cloud Native
View all
Customer stories Content Library Events Partners Careers Tanzu Vanguard Contact
Us
Get started with VMware Tanzu Downloads, trials, docs, and hands-on labs
--------------------------------------------------------------------------------
Tanzu Community Edition Tanzu Observability Tanzu Application Platform
Developer Center Build better. Deploy faster.
--------------------------------------------------------------------------------
Guides Free workshops Tanzu.TV
KubeAcademy Free Kubernetes courses
--------------------------------------------------------------------------------
Getting Started with Kubernetes Containers 101 Kubernetes 101
Other resources Documentation Open source projects
* Why Tanzu
* Products
* Consulting
* Get started
* Resources
Search
Contact Us
Support
Developer Center
Documentation
Downloads
* WHY TANZU
Why Tanzu Overview
By Role
* For developers
* For IT operators
* For business leaders
By Industry
* Automotive
* Financial Services
* Healthcare
* Insurance
* Manufacturing
* Public Sector
* Retail
* Telecommunications
* PRODUCTS
VMware Tanzu Overview
* Tanzu Application Platform
* Tanzu Application Service
* Tanzu Build Service
* Tanzu Community Edition
* Tanzu Data Services
* Tanzu Kubernetes Grid
* Tanzu for Kubernetes Operations
* Tanzu Mission Control
* Tanzu Observability
* Tanzu Service Mesh
* VMware Application Catalog
* View All Products
* CONSULTING
VMware Tanzu Labs
* Build apps
* Modernize apps
* Build a platform
* Transform data
* App Navigator
* Services for nonprofits
* GET STARTED
* Get started with VMware Tanzu
* Tanzu Community Edition
* Tanzu Observability
* Tanzu Application Platform
* Tanzu Developer Center
* Guides
* Free workshops
* Tanzu.TV
* KubeAcademy
* Getting Started with Kubernetes
* Containers 101
* Kubernetes 101
Other resources
* Documentation
* Open source projects
* RESOURCES
* Webinars
* Blog
* Customer stories
* Content Library
* Tech Insights
* Events
* Partners
* Careers
* Tanzu Vanguard
NOTABLE VULNERABILITIES IN DEPENDENCIES (USNS) AND LEGACY VMWARE TANZU
ADVISORIES
This page lists the legacy VMware Tanzu Vulnerability Reports. Starting in 2021,
advisories documenting security vulnerabilities in VMware Tanzu products are
continued on the VMware Security Advisories page. Information regarding open
source vulnerabilities that are addressed in Tanzu products is present in the
release notes of Tanzu products.
This page continues to list Spring advisories and USNs. Advisories pertaining to
open source projects sponsored by VMware—apart from Spring—may be found in their
GitHub repositories.
REPORTING A VULNERABILITY
The VMware Security Response team provides a single point of contact for the
reporting of security vulnerabilities in VMware Tanzu products and coordinates
the process of investigating any reported vulnerabilities.
To report a security vulnerability in a VMware service or product please refer
to the VMware Security Response Policy.
VMWARE TANZU VULNERABILITY REPORTS
Date CVE Reference Description 17 May 2022 CVE-2022-22976 BCrypt skips
salt rounds for work factor of 31 16 May 2022 CVE-2022-22978 Authorization
Bypass in RegexRequestMatcher 11 May 2022 CVE-2022-22971 Spring Framework DoS
with STOMP over WebSocket 11 May 2022 CVE-2022-22970 Spring Framework DoS via
Data Binding to MultipartFile or Servlet Part 21 Apr 2022 CVE-2022-22969
Denial-of-Service (DoS) in spring-security-oauth2 13 Apr 2022 CVE-2022-22968
Spring Framework Data Binding Rules Vulnerability 31 Mar 2022 CVE-2022-22965
Spring Framework RCE via Data Binding on JDK 9+ 29 Mar 2022 CVE-2022-22963
Remote code execution in Spring Cloud Function by malicious Spring Expression 28
Mar 2022 CVE-2022-22950 Spring Expression DoS Vulnerability 01 Mar 2022
CVE-2022-22947 Spring Cloud Gateway Code Injection Vulnerability 01 Mar 2022
CVE-2022-22946 Spring Cloud Gateway HTTP2 Insecure TrustManager 05 Jan 2022
CVE-2021-22060 Additional Log Injection in Spring Framework (follow-up to
CVE-2021-22096) 29 Nov 2021 CVE-2021-22095 Spring-AMQP Remote Denial of
Service - Out of Memory Error with a Large Message Body 17 Nov 2021
CVE-2021-22053 Spring Cloud Netflix Hystrix Dashboard template resolution
vulnerability 04 Nov 2021 CVE-2021-22051 Spring Cloud Gateway Request
Vulnerability 26 Oct 2021 CVE-2021-22096 Log Injection in Spring Framework 26
Oct 2021 CVE-2021-22097 Spring-AMQP Remote Denial of Service - Deserialization
of a Maliciously Constructed java.util.Dictionary Object 26 Oct 2021
CVE-2021-22047 Potential Security Bypass for customized Spring Data REST
Resource 26 Oct 2021 CVE-2021-22044 Spring Cloud OpenFeign Client Endpoint
Exposure 28 Jun 2021 CVE-2021-22119 Denial-of-Service (DoS) attack via
initiation of Authorization Request in Spring Security OAuth 2.0 Client Web and
WebFlux Application 25 May 2021 CVE-2021-22118 Local Privilege Escalation
within Spring Webflux Multipart Request Handling 10 May 2021 CVE-2021-22117
RabbitMQ Sever vulnerable to arbitrary code execution attack 10 May 2021
CVE-2021-22116 Denial-of-Service Vulnerability due to improper input
validation in RabbitMQ server 26 Feb 2021 CVE-2021-22114 Zip-slip mitigation
bypass in Spring Integration Zip extension 19 Feb 2021 CVE-2021-22112 Changing
SecurityContext More Than Once in Single Request Can Fail to Save 11 Feb 2021
CVE-2021-22113 Spring Cloud Netflix Zuul “Sensitive Headers” Bypass
Vulnerability 25 Jan 2021 CVE-2020-5428 Possibility of SQL Injection in Spring
Cloud Task Execution Sorting Query 25 Jan 2021 CVE-2020-5427 Possibility of
SQL Injection in Spring Cloud Data Flow Task Execution Sorting Query 01 Dec 2020
CVE-2020-5423 Cloud Controller is vulnerable to denial of service via YAML
parsing 16 Nov 2020 CVE-2020-5417 Cloud Controller may allow developers to
claim sensitive routes 12 Nov 2020 CVE-2020-5422 UAA password may appear in
Operations Manager process arguments 03 Nov 2020 CVE-2020-5426 Scheduler for
TAS can transmit privileged UAA token in plaintext 29 Oct 2020 CVE-2020-5425
User Impersonation possible in Tanzu SSO 13 Oct 2020
MYSQL-SECURITY-UPDATES-APR2020 Various MySQL Security Updates from April 2020
13 Oct 2020 MYSQL-SECURITY-UPDATES-JAN2020 Various MySQL Security Updates from
January 2020 17 Sep 2020 CVE-2020-5421 RFD Protection Bypass via jsessionid 10
Sep 2020 CVE-2020-5420 Gorouter is vulnerable to DoS attack via invalid HTTP
responses 01 Sep 2020 CVE-2020-5416 TAS clusters with NGINX in front of them
may be vulnerable to DoS 27 Aug 2020 CVE-2020-5419 RabbitMQ arbitrary code
execution using local binary planting 11 Aug 2020 CVE-2020-5415 Concourse's
GitLab auth allows impersonation 04 Aug 2020 CVE-2020-5412 Hystrix Dashboard
Proxy In spring-cloud-netflix-hystrix-dashboard 30 Jul 2020 CVE-2020-5414 App
Autoscaler logs credentials 30 Jul 2020 CVE-2020-5396 JMX Insecure Default
Configuration in GemFire 30 Jul 2020 MYSQL-SECURITY-UPDATES-OCT2019 Various
MySQL Security Updates from October 2019 30 Jul 2020
MYSQL-SECURITY-UPDATES-JUL2019 Various MySQL Security Updates from July 2019
30 Jul 2020 CVE-2019-11286 JMX Credential Deserialization in GemFire 23 Jul
2020 CVE-2020-5413 Kryo Configuration Allows Code Execution with Unknown
“Serialization Gadgets” 16 Jul 2020 CVE-2020-15586 Gorouter is vulnerable to
DoS Attack via Expect 100-continue requests 10 Jun 2020 CVE-2020-5411 Jackson
Configuration Allows Code Execution with Unknown “Serialization Gadgets” 01 Jun
2020 CVE-2020-5410 Directory Traversal with spring-cloud-config-server 26 May
2020 CVE-2019-15605 Node.js is vulnerable to request smuggling 13 May 2020
CVE-2020-5409 Concourse Open Redirect in the /sky/login endpoint 07 May 2020
CVE-2020-5408 Dictionary attack with Spring Security queryable text encryptor
07 May 2020 CVE-2020-5407 Signature Wrapping Vulnerability with
spring-security-saml2-service-provider 14 Apr 2020 CVE-2020-5402 UAA fails to
check the state parameter when authenticating with external IDPs 09 Apr 2020
CVE-2020-5406 PCF Autoscaling logs its database credentials 06 Apr 2020
CVE-2019-11282 UAA is vulnerable to a Blind SCIM injection leading to
information disclosure 06 Apr 2020 CVE-2020-5400 Cloud Controller logs
environment variables from app manifests 04 Mar 2020 VARIOUS-JACKSON-CVES-UAA
Various CVEs UAA consumes vulnerable versions of FasterXML jackson-databind 04
Mar 2020 CVE-2019-11290 UAA logs query parameters in tomcat access file 03 Mar
2020 CVE-2019-11253 PKS is vulnerable to a YAML/JSON parsing "Billion Laughs"
Attack 27 Feb 2020 CVE-2020-5403 DoS Via Malformed URL with Reactor Netty HTTP
Server 27 Feb 2020 CVE-2020-5404 Authentication Leak On Redirect With Reactor
Netty HttpClient 26 Feb 2020 CVE-2020-5405 Directory Traversal with
spring-cloud-config-server 24 Feb 2020 CVE-2020-5401 GoRouter is vulnerable to
a cache poisoning DoS 12 Feb 2020 CVE-2020-5399 CredHub does not properly
enable TLS for MySQL database connections 11 Feb 2020 CVE-2019-19604 Git
submodule loading vulnerability 16 Jan 2020 CVE-2020-5397 CSRF Attack via CORS
Preflight Requests with Spring MVC or Spring WebFlux 16 Jan 2020 CVE-2020-5398
RFD Attack via “Content-Disposition” Header Sourced from Request Input by Spring
MVC or Spring WebFlux Application 15 Jan 2020 CVE-2019-11288 tc Server JMX
Socket Listener Registry Rebinding Local Privilege Escalation 10 Jan 2020
CVE-2019-18802 CVE-2019-18801, CVE-2019-18838, MySQL for Pivotal Platform
consumes a vulnerable version of Envoy 08 Jan 2020 CVE-2019-11292 Ops Manager
logs query parameters in tomcat access file 04 Dec 2019 CVE-2019-19029 SQL
Injection via user-groups in VMware Harbor Container Registry for Pivotal
Platform 04 Dec 2019 CVE-2019-19023 Privilege Escalation Vulnerability in
VMware Harbor Container Registry for Pivotal Platform 04 Dec 2019 CVE-2019-19026
SQL Injection via project quotas in VMware Harbor Container Registry for
Pivotal Platform 04 Dec 2019 CVE-2019-3990 User Enumeration Flaw in VMware
Harbor Container Registry for Pivotal Platform 04 Dec 2019 CVE-2019-19025
Cross-Site Request Forgery Vulnerability in VMware Harbor Container Registry for
Pivotal Platform 04 Dec 2019 CVE-2019-9517 CVE-2019-9512, CVE-2019-9513,
CVE-2019-9514, CVE-2019-9515, CVE-2019-9518, CVE-2019-9511, CVE-2019-9516, Some
Pivotal products are impacted by HTTP/2 denial of service attacks 03 Dec 2019
CVE-2019-11293 UAA logs all query parameters with debug logging level 22 Nov
2019 CVE-2019-11291 RabbitMQ XSS attack via federation and shovel endpoints 22
Nov 2019 CVE-2019-11287 RabbitMQ Web Management Plugin DoS via heap overflow
18 Nov 2019 CVE-2019-11289 A forged route service request using an invalid
nonce can cause the gorouter to panic and crash 06 Nov 2019 CVE-2019-9893
libseccomp incorrectly generate 64-bit syscall argument comparisons 28 Oct 2019
CVE-2019-16869 Reactor Netty Consumes a Vulnerable Version of Netty 24 Oct
2019 CVE-2019-11249 PKS consumes a vulnerable version of kubectl 23 Oct 2019
CVE-2019-11283 Password leak in smbdriver logs 17 Oct 2019 CVE-2019-16919
Broken access control vulnerability in Harbor API 15 Oct 2019 CVE-2019-11278
Privilege Escalation via Blind SCIM Injection in UAA 15 Oct 2019 CVE-2019-11279
Privilege Escalation via Scope Manipulation in UAA 15 Oct 2019 CVE-2019-11247
Kubernetes API Server Vulnerability 15 Oct 2019 CVE-2018-15664 Docker
Symlink Directory Traversal Vulnerability 15 Oct 2019 CVE-2019-13139 Docker
build code execution 14 Oct 2019 CVE-2019-11281 RabbitMQ XSS attack 11 Oct
2019 CVE-2019-11284 Reactor Netty authentication leak in redirects 25 Sep 2019
CVE-2019-11275 CSV Injection in usage report downloaded from Pivotal
Application Manager 23 Sep 2019 CVE-2019-11277 Volume Services is vulnerable
to an LDAP injection attack 19 Sep 2019 CVE-2019-11280 Privilege escalation
through the invitations service 20 Aug 2019 CVE-2019-3775 UAA allows users to
modify their own email address 20 Aug 2019 CVE-2019-3788 UAA redirect-uri
allows wildcards in the subdomain 20 Aug 2018 CVE-2019-3787 UAA defaults email
address to an insecure domain 20 Aug 2019 CVE-2019-10164 Critical Security
Issue in PostgreSQL 19 Aug 2019 CVE-2019-11276 Apps Manager sends tokens to
Spring apps via HTTP 15 Aug 2019 CVE-2017-15694 Pivotal GemFire and Cloud
Cache consume vulnerable versions of Apache Geode 14 Aug 2019 CVE-2019-13232
ClamAV Add-on for PCF consumes a vulnerable version of ClamAV 01 Aug 2019
CVE-2019-11270 UAA clients.write vulnerability 25 Jul 2019 CVE-2019-3800 CF
CLI writes the client id and secret to config file 25 Jul 2019 CVE-2019-3781
CF CLI does not sanitize user's password in verbose/trace/debug 23 Jul 2019
CVE-2019-11273 PKS Telemetry logs credentials 22 Jul 2019 VARIOUS-SQL
Various MySQL Security Updates from July 2018 through January 2019 22 Jul 2019
USN-4017-1 Linux kernel vulnerabilities 18 Jul 2019 CVE-2019-3786 BBR could
run arbitrary scripts on deployment VMs 28 Jun 2019 CVE-2019-11271 Bosh
Deployment logs leak sensitive information 19 Jun 2019 CVE-2019-11272
PlaintextPasswordEncoder authenticates encoded passwords that are null 30 May
2019 CVE-2019-5021 Tile generator affected by insecure default password 30 May
2019 CVE-2019-11269 Open Redirector in spring-security-oauth2 24 May 2019
CVE-2019-3790 Ops Manager uaa client issues tokens after refresh token
expiration 13 May 2019 CVE-2019-3802 Additional information exposure with
Spring Data JPA example matcher 25 Apr 2019 CVE-2019-3801 Java Projects using
HTTP to fetch dependencies 24 Apr 2019 CVE-2019-3798 Escalation of Privileges
in Cloud Controller 24 Apr 2019 CVE-2019-3789 Gorouter allows space developer
to hijack route services hosted outside the platform 16 Apr 2019 CVE-2019-3799
Directory Traversal with spring-cloud-config-server 12 Apr 2019 CVE-2019-3793
Invitations Service supports HTTP connections 08 Apr 2019 CVE-2019-3797
Additional information exposure with Spring Data JPA derived queries 04 Apr 2019
CVE-2019-3795 Insecure Randomness When Using a SecureRandom Instance
Constructed by Spring Security 01 Apr 2019 CVE-2019-9946 Kubernetes affecting
certain network configurations with CNI 01 Apr 2019 CVE-2019-1002100
Kubernetes API Server Patch Request Consumes Excess Resource Cause Denial of
Service 01 Apr 2019 CVE-2019-1002101 Kubernetes kubectl - potential directory
traversal 25 Mar 2019 CVE-2019-3792 Concourse 5.0.0 SQL Injection
vulnerability 07 Mar 2019 CVE-2019-8331 Bootstrap XSS 28 Feb 2019
CVE-2018-15754 UAA issues tokens across identity providers if users with
matching usernames exist 26 Feb 2019 CVE-2019-3777 Apps Manager unverified SSL
certs in Cloud Controller proxy 21 Feb 2019 CVE-2019-3778 Open Redirector in
spring-security-oauth2 19 Feb 2019 CVE-2019-3776 Reflected XSS in Pivotal
Operations Manager 14 Feb 2019 CVE-2019-3780 Cloud Foundry Container Runtime
Leaks IAAS Credentials 14 Feb 2019 CVE-2019-3779 Pivotal Container Service
allows a user to bypass security policy when talking to ETCD 14 Jan 2019
CVE-2019-3772 XML External Entity Injection (XXE) 14 Jan 2019 CVE-2019-3773
XML External Entity Injection (XXE) 14 Jan 2019 CVE-2019-3774 XML External
Entity Injection (XXE) 08 Jan 2019 KUBERNETES-API-SERVER Kubernetes API Server
acts as proxy for internal and external IPs 08 Jan 2019 CVE-2019-3803
Concourse includes token in CLI authentication callback 04 Jan 2019
CVE-2018-18264 Kubernetes Dashboard TLS Certificate Leak 18 Dec 2018
CVE-2018-15801 Authorization Bypass During JWT Issuer Validation with
spring-security 13 Dec 2018 CVE-2018-15798 Pivotal Concourse allows malicious
redirect urls on login 05 Dec 2018 CVE-2018-1279 RabbitMQ cluster compromise
due to deterministically generated cookie 15 Nov 2018 CVE-2018-15759 On Demand
Services SDK Timing Attack Vulnerability 09 Nov 2018 CVE-2018-15795 CredHub
Service Broker uses guessable client secret 29 Oct 2018 CVE-2018-15762 Pivotal
Operations Manager gives all users heightened privileges 16 Oct 2018
CVE-2018-15758 Privilege Escalation in spring-security-oauth2 16 Oct 2018
CVE-2018-15756 DoS Attack via Range Requests 10 Oct 2018 CVE-2018-11084
Garden-runC prevents deletion of some app environments 10 Oct 2018
CVE-2018-15755 CF networking internal policy server SQL injection 03 Oct 2018
CVE-2018-11083 BOSH accepts refresh token as access token 02 Oct 2018
CVE-2018-15763 PKS leaks IaaS credentials to application logs 27 Sep 2018
CVE-2018-11081 Ops Manager writes UAA credentials to disk 13 Sep 2018
CVE-2018-1198 PCC bosh deployment logs print a superuser password in plain
text 13 Sep 2018 CVE-2018-11088 CF admin credentials accessible to developers
through Applications Manager 13 Sep 2018 CVE-2018-11086 CF admin credentials
accessible to developers through usage service 11 Sep 2018 CVE-2018-11087
RabbitMQ (Spring-AMQP) Host name verification 23 Jul 2018 CVE-2018-11044 Apps
Manager allows unescaped content in invitation emails 10 Jul 2018 CVE-2018-11045
Operations Manager image contains static LRNG seed file 20 Jun 2018
CVE-2018-11046 Operations Manager includes outdated NGINX packages 14 Jun 2018
CVE-2018-11040 JSONP enabled by default in MappingJackson2JsonView 14 Jun 2018
CVE-2018-11039 Cross Site Tracing (XST) with Spring Framework 11 May 2018
CVE-2018-1263 Unsafe Unzip with spring-integration-zip 10 May 2018
CVE-2018-1278 Apps Manager allows unauthorized org invitations 09 May 2018
CVE-2018-1261 Unsafe Unzip with spring-integration-zip 09 May 2018
CVE-2018-1260 Remote Code Execution with spring-security-oauth2 09 May 2018
CVE-2018-1259 XXE with Spring Data’s XMLBeam integration 09 May 2018
CVE-2018-1258 Unauthorized Access with Spring Security Method Security 09 May
2018 CVE-2018-1257 ReDoS Attack with spring-messaging 07 May 2018
CVE-2018-1280 Blind SQL injection in Pivotal Greenplum Command Center 30 Apr
2018 CVE-2018-1256 Issuer validation regression in Spring Cloud SSO Connector
10 Apr 2018 CVE-2018-1274 Denial of Service with Spring Data 10 Apr 2018
CVE-2018-1273 RCE with Spring Data Commons 09 Apr 2018 CVE-2018-1275 Address
partial fix for CVE-2018-1270 05 Apr 2018 CVE-2018-1272 Multipart Content
Pollution with Spring Framework 05 Apr 2018 CVE-2018-1271 Directory Traversal
with Spring MVC on Windows 05 Apr 2018 CVE-2018-1270 Remote Code Execution
with spring-messaging 16 Mar 2018 CVE-2018-1230 Spring Batch Admin vulnerable
to Cross Site Request Forgery 16 Mar 2018 CVE-2018-1229 Stored XSS in file
upload of Spring Batch Admin 13 Feb 2018 CVE-2018-1200 Apps Manager File
Access Vulnerability 30 Jan 2018 CVE-2018-1196 Symlink privilege escalation
attack via Spring Boot launch script 29 Jan 2018 CVE-2018-1199 Security bypass
with static resources 16 Oct 2017 CVE-2017-8028 Spring-LDAP authentication
with userSearch and STARTTLS allows authentication with arbitrary password 21
Sep 2017 CVE-2017-8046 RCE in PATCH requests in Spring Data REST 19 Sep 2017
CVE-2017-8045 Remote code execution in spring-amqp 15 Sep 2017 CVE-2017-8039
Data Binding Expression Vulnerability in Spring Web Flow 31 Aug 2017
CVE-2017-8044 XSS vulnerability in Single Sign-On for PCF via DOM-based query
parameters 31 Aug 2017 CVE-2017-8041 XSS vulnerability in org name in Single
Sign-On for PCF 31 Aug 2017 CVE-2017-8040 XXE Vulnerability in Single Sign-On
for PCF 08 Jun 2017 CVE-2017-4995 Jackson Configuration Allows Code Execution
with Unknown “Serialization Gadgets” 31 May 2017 CVE-2017-4971 Data Binding
Expression Vulnerability in Spring Web Flow 15 May 2017 CVE-2017-4975 Tile
generator sets open security groups 04 May 2017 CVE-2017-4966 RabbitMQ local
storage of credentials 04 May 2017 CVE-2017-4965 XSS vulnerabilities in
RabbitMQ management UI 27 Mar 2017 CVE-2017-2773 Unauthenticated JWT signing
algorithm in multiple components 24 Mar 2017 CVE-2017-4955 Credentials in
Elastic Runtime Notifications errand log 14 Feb 2017 CVE-2017-4959 Pivotal
Cloud Foundry account authorization vulnerability 09 Feb 2017 CVE-2016-9880
Unauthenticated access to GemFire for PCF broker endpoints 04 Jan 2017
CVE-2016-9885 gfsh exposed over go router for GemFire for PCF 28 Dec 2016
CVE-2016-9879 Encoded "/" in path variables 28 Dec 2016 CVE-2016-0898
Service backups log AWS key 21 Dec 2016 CVE-2016-9878 Directory Traversal in
the Spring Framework ResourceServlet 19 Dec 2016 CVE-2016-9877 RabbitMQ
authentication vulnerability 31 Oct 2016 CVE-2016-6657 PCF Open Redirects 31
Oct 2016 CVE-2016-6656 Code injection vulnerability via GPHDFS in Greenplum
database 30 Sep 2016 CVE-2016-6652 Spring Data JPA Blind SQL Injection
Vulnerability 12 Sep 2016 CVE-2016-0930 Ops Manager Compilation VMs
Vulnerability on vSphere and vCloud 27 Jul 2016 CVE-2016-0896 IaaS Metadata
Endpoint Accessible from Application Containers 15 Jul 2016 CVE-2016-0929
RabbitMQ for PCF vulnerability 07 Jul 2016 CVE-2016-5007 Spring Security / MVC
Path Matching Inconsistency 07 Jul 2016 CVE-2016-0926 Apps Manager XSS
vulnerability 05 Jul 2016 CVE-2016-4977 Remote Code Execution (RCE) in Spring
Security OAuth 29 Jun 2016 CVE-2016-0928 PCF Open Redirects 24 Jun 2016
CVE-2016-0897 Ops Manager vSphere and vCloud vulnerability 23 Jun 2016
CVE-2016-0927 Ops Manager XSS vulnerability 11 Apr 2016 CVE-2016-2173 Remote
Code Execution in Spring AMQP 23 Mar 2016 CVE-2016-0780 Cloud Controller Disk
Quota Enforcement 23 Mar 2016 CVE-2016-2165 Loggregator Request URL Paths 23
Mar 2016 CVE-2016-0781 UAA Persistent XSS Vulnerability 03 Feb 2016
CVE-2016-0883 Pivotal Ops Manager Weak Authentication Scheme 12 Nov 2015
CVE-2015-5258 Spring Social CSRF 15 Oct 2015 CVE-2015-5211 RFD Attack in
Spring Framework 30 Jun 2015 CVE-2015-3192 DoS Attack with XML Input 06 Mar
2015 CVE-2015-0201 Insufficiently random session id in Java SockJS client 13
Jan 2015 CVE-2014-3626 Directory Traversal in Grails Resources Plugin 11 Nov
2014 CVE-2014-3625 Directory Traversal in Spring Framework 05 Sep 2014
CVE-2014-3578 Directory Traversal in Spring Framework 15 Aug 2014
CVE-2014-3527 Access Control Bypass in Spring Security 28 May 2014
CVE-2014-0225 Information Disclosure when using Spring MVC 11 Mar 2014
CVE-2014-1904 XSS when using Spring MVC 11 Mar 2014 CVE-2014-0097 Blank
password may bypass user authentication 11 Mar 2014 CVE-2014-0054 Incomplete
fix for CVE-2013-7315 / CVE-2013-6429 (XXE) 19 Feb 2014 CVE-2014-0053
Information Disclosure when using Grails 14 Jan 2014 CVE-2013-6430 Possible
XSS when using Spring MVC 14 Jan 2014 CVE-2013-6429 Incomplete fix for
CVE-2013-7315 (XXE) 22 Aug 2013 CVE-2013-7315 XML External Entity (XXE)
injection in Spring Framework 22 Aug 2013 CVE-2013-4152 XML eXternal Entity
(XXE) injection in Spring Framework
View all
NOTABLE VULNERABILITIES IN DEPENDENCIES
Date CVE Reference Description 12 May 2022 USN-5343-1 Linux kernel
vulnerabilities 12 May 2022 USN-5341-1 GNU binutils vulnerabilities 12 May
2022 USN-5339-1 Linux kernel vulnerabilities 12 May 2022 USN-5334-1 man-db
vulnerability 12 May 2022 USN-5332-1 Bind vulnerabilities 12 May 2022
USN-5331-1 tcpdump vulnerabilities 12 May 2022 USN-5329-1 tar vulnerability
12 May 2022 USN-5328-2 OpenSSL vulnerability 12 May 2022 USN-5328-1 OpenSSL
vulnerability 12 May 2022 USN-5324-1 libxml2 vulnerability 12 May 2022
USN-5320-1 Expat vulnerabilities and regression 12 May 2022 USN-5319-1 Linux
kernel vulnerabilities 12 May 2022 USN-5301-1 Cyrus SASL vulnerability 12 May
2022 USN-5299-1 Linux kernel vulnerabilities 12 May 2022 USN-5298-1 Linux
kernel vulnerabilities 12 May 2022 USN-5288-1 Expat vulnerabilities 12 May
2022 USN-5254-1 shadow vulnerabilities 17 Mar 2022 USN-5280-1 Speex
vulnerability 17 Mar 2022 USN-5270-2 MySQL vulnerabilities 17 Mar 2022
USN-5270-1 MySQL vulnerabilities 17 Mar 2022 USN-5268-1 Linux kernel
vulnerabilities 17 Mar 2022 USN-5262-1 GPT fdisk vulnerabilities 17 Mar 2022
USN-5260-2 Samba vulnerability 17 Mar 2022 USN-5259-1 Cron vulnerabilities
17 Mar 2022 USN-5247-1 Vim vulnerabilities 17 Mar 2022 USN-5244-1 DBus
vulnerability 17 Mar 2022 USN-5235-1 Ruby vulnerabilities 17 Mar 2022
USN-5209-1 Linux kernel vulnerabilities 17 Mar 2022 USN-5199-1 Python
vulnerabilities 17 Mar 2022 USN-5189-1 GLib vulnerability 17 Mar 2022
USN-5179-1 BusyBox vulnerabilities 17 Mar 2022 USN-5174-2 Samba regression
17 Mar 2022 USN-5174-1 Samba vulnerabilities 17 Mar 2022 USN-5164-1 Linux
kernel vulnerabilities 17 Mar 2022 USN-5158-1 ImageMagick vulnerabilities 17
Mar 2022 USN-5064-2 GNU cpio vulnerability 17 Mar 2022 USN-5030-2 Perl DBI
module vulnerabilities 17 Mar 2022 USN-5021-2 curl vulnerability 25 Jan 2022
USN-5168-4 NSS regression 25 Jan 2022 USN-5168-3 NSS vulnerability 25 Jan
2022 USN-5150-1 OpenEXR vulnerability 25 Jan 2022 USN-5147-1 Vim
vulnerabilities 25 Jan 2022 USN-5145-1 PostgreSQL vulnerabilities 25 Jan 2022
USN-5144-1 OpenEXR vulnerability 25 Jan 2022 USN-5136-1 Linux kernel
vulnerabilities 25 Jan 2022 USN-5133-1 ICU vulnerability 25 Jan 2022
USN-5126-2 Bind vulnerability 25 Jan 2022 USN-5126-1 Bind vulnerability 25
Jan 2022 USN-5124-1 GNU binutils vulnerabilities 25 Jan 2022 USN-5123-2
MySQL vulnerabilities 25 Jan 2022 USN-5123-1 MySQL vulnerabilities 25 Jan 2022
USN-5114-1 Linux kernel vulnerabilities 25 Jan 2022 USN-5076-1 Git
vulnerability 25 Jan 2022 USN-5022-3 MySQL vulnerabilities 09 Dec 2021
USN-5018-1 Linux kernel vulnerabilities 09 Dec 2021 USN-5013-2 systemd
vulnerabilities 08 Dec 2021 USN-5044-1 Linux kernel vulnerabilities 08 Dec
2021 USN-5003-1 Linux kernel vulnerabilities 08 Dec 2021 USN-4991-1 libxml2
vulnerabilities 08 Dec 2021 USN-4985-1 Intel Microcode vulnerabilities 08 Dec
2021 USN-4979-1 Linux kernel vulnerabilities 08 Dec 2021 USN-4336-2 GNU
binutils vulnerabilities 08 Dec 2021 USN-3809-2 OpenSSH regression 07 Dec 2021
USN-5109-1 nginx vulnerability 07 Dec 2021 USN-5102-1 Mercurial
vulnerabilities 07 Dec 2021 USN-5094-1 Linux kernel vulnerabilities 07 Dec
2021 USN-5093-1 Vim vulnerabilities 07 Dec 2021 USN-5089-1 ca-certificates
update 07 Dec 2021 USN-5086-1 Linux kernel vulnerability 07 Dec 2021
USN-5083-1 Python vulnerabilities 07 Dec 2021 USN-5080-2 Libgcrypt
vulnerabilities 07 Dec 2021 USN-5080-1 Libgcrypt vulnerabilities 07 Dec 2021
USN-5079-4 curl regression 07 Dec 2021 USN-5079-3 curl vulnerabilities 07
Dec 2021 USN-5079-2 curl vulnerabilities 07 Dec 2021 USN-5079-1 curl
vulnerabilities 07 Dec 2021 USN-5073-1 Linux kernel vulnerabilities 07 Dec
2021 USN-5051-3 OpenSSL vulnerability 07 Dec 2021 USN-5051-2 OpenSSL
vulnerability 07 Dec 2021 USN-5051-1 OpenSSL vulnerabilities 07 Dec 2021
USN-4969-2 DHCP vulnerability 07 Dec 2021 USN-4968-2 LZ4 vulnerability 07
Dec 2021 USN-4954-1 GNU C Library vulnerabilities 07 Dec 2021 USN-4946-1
Linux kernel vulnerabilities 07 Dec 2021 USN-4916-1 Linux kernel
vulnerabilities 07 Dec 2021 USN-4906-1 Nettle vulnerability 07 Dec 2021
USN-4898-1 curl vulnerabilities 04 Oct 2021 USN-5068-1 GD library
vulnerabilities 04 Oct 2021 USN-5064-1 GNU cpio vulnerability 13 Sep 2021
USN-5021-1 curl vulnerabilities 13 Sep 2021 USN-5020-1 Ruby vulnerabilities
13 Sep 2021 USN-5013-1 systemd vulnerabilities 13 Sep 2021 USN-5005-1
DjVuLibre vulnerability 13 Sep 2021 USN-4996-1 OpenEXR vulnerabilities 13 Sep
2021 USN-4990-1 Nettle vulnerabilities 13 Sep 2021 USN-4988-1 ImageMagick
vulnerabilities 13 Sep 2021 USN-4971-1 libwebp vulnerabilities 13 Sep 2021
USN-4969-1 DHCP vulnerability 13 Sep 2021 USN-4968-1 LZ4 vulnerability 13
Sep 2021 USN-4966-1 libx11 vulnerability 13 Sep 2021 USN-4900-1 OpenEXR
vulnerabilities 13 Sep 2021 USN-4891-1 OpenSSL vulnerability 13 Sep 2021
USN-4890-1 Linux kernel vulnerabilities 13 Sep 2021 USN-4883-1 Linux kernel
vulnerabilities 13 Sep 2021 USN-4882-1 Ruby vulnerabilities 13 Sep 2021
USN-4877-1 Linux kernel vulnerabilities 13 Sep 2021 USN-4764-1 GLib
vulnerability 13 Sep 2021 USN-4761-1 Git vulnerability 13 Sep 2021 USN-4760-1
libzstd vulnerabilities 13 Sep 2021 USN-4759-1 GLib vulnerabilities 13 Sep
2021 USN-4719-1 ca-certificates update 15 Jun 2021 USN-4922-1 Ruby
vulnerability 15 Jun 2021 USN-4938-1 Unbound vulnerabilities 15 Jun 2021
USN-4957-1 DjVuLibre vulnerabilities 15 Jun 2021 USN-4966-2 libx11
vulnerability 15 Jun 2021 USN-4967-2 nginx vulnerability 16 Apr 2021
USN-4755-1 LibTIFF vulnerabilities 16 Apr 2021 USN-4754-4 Python 2.7
vulnerability 16 Apr 2021 USN-4754-2 Python regression 16 Apr 2021 USN-4754-1
Python vulnerabilities 16 Apr 2021 USN-4749-1 Linux kernel vulnerabilities
16 Apr 2021 USN-4738-1 OpenSSL vulnerabilities 01 Mar 2021 USN-4705-1 Sudo
vulnerabilities 01 Mar 2021 USN-4700-1 PyXDG vulnerability 01 Mar 2021
USN-4694-1 Linux kernel vulnerability 01 Mar 2021 USN-4692-1 tar
vulnerabilities 01 Mar 2021 USN-4680-1 Linux kernel vulnerabilities 01 Mar
2021 USN-4677-1 p11-kit vulnerabilities 01 Mar 2021 USN-4676-1 OpenEXR
vulnerabilities 01 Mar 2021 USN-4673-1 libproxy vulnerability 01 Mar 2021
USN-4668-3 python-apt regression 01 Mar 2021 USN-4489-1 Linux kernel
vulnerability 13 Jan 2021 USN-4662-1 OpenSSL vulnerability 13 Jan 2021
USN-4660-1 Linux kernel vulnerabilities 13 Jan 2021 USN-4635-1 Kerberos
vulnerability 13 Jan 2021 USN-4628-2 Intel Microcode regression 13 Jan 2021
USN-4628-1 Intel Microcode vulnerabilities 11 Dec 2020 USN-4633-1 PostgreSQL
vulnerabilities 11 Dec 2020 USN-4613-1 python-cryptography vulnerability 11
Dec 2020 USN-4428-1 Python vulnerabilities 11 Dec 2020 USN-4416-1 GNU C
Library vulnerabilities 11 Dec 2020 USN-4360-2 json-c regression 11 Dec 2020
USN-4360-1 json-c vulnerability 11 Dec 2020 USN-4359-1 APT vulnerability 11
Dec 2020 USN-4309-1 Vim vulnerabilities 20 Nov 2020 USN-4593-1 FreeType
vulnerability 20 Nov 2020 USN-4591-1 Linux kernel vulnerabilities 20 Nov 2020
USN-4582-1 Vim vulnerabilities 20 Nov 2020 USN-4581-1 Python vulnerability
20 Nov 2020 USN-4578-1 Linux kernel vulnerabilities 20 Nov 2020 USN-4526-1
Linux kernel vulnerabilities 24 Sep 2020 USN-4466-1 curl vulnerability 24 Sep
2020 USN-4457-1 Software Properties vulnerability 28 Aug 2020 USN-4414-1
Linux kernel vulnerabilities 28 Aug 2020 USN-4402-1 curl vulnerabilities 28
Aug 2020 USN-4398-1 DBus vulnerability 30 Jul 2020 USN-4394-1 SQLite
vulnerabilities 30 Jul 2020 USN-4390-1 Linux kernel vulnerabilities 30 Jul
2020 USN-4385-2 Intel Microcode regression 30 Jul 2020 USN-4385-1 Intel
Microcode vulnerabilities 30 Jul 2020 USN-4377-1 ca-certificates update 30 Jul
2020 USN-4376-1 OpenSSL vulnerabilities 30 Jul 2020 USN-4360-4 json-c
vulnerability 30 Jul 2020 USN-3911-2 file regression 14 May 2020 USN-4318-1
Linux kernel vulnerabilities 28 Apr 2020 USN-4345-1 Linux kernel
vulnerabilities 23 Apr 2020 USN-4305-1 ICU vulnerability 23 Apr 2020
USN-4302-1 Linux kernel vulnerabilities 23 Apr 2020 USN-4298-1 SQLite
vulnerabilities 21 Apr 2020 USN-4333-1 Python vulnerabilities 08 Apr 2020
USN-4292-1 rsync vulnerabilities 02 Mar 2020 USN-4293-1 libarchive
vulnerabilities 18 Feb 2020 USN-4287-1 Linux kernel vulnerabilities 10 Feb
2020 USN-4274-1 libxml2 vulnerabilities 05 Feb 2020 USN-4269-1 systemd
vulnerabilities 03 Feb 2020 USN-4263-1 Sudo vulnerability 28 Jan 2020
USN-4255-2 Linux kernel (HWE) vulnerabilities 28 Jan 2020 USN-4256-1 Cyrus
SASL vulnerability 27 Jan 2020 USN-4252-1 tcpdump vulnerabilities 23 Jan 2020
USN-4233-2 GnuTLS update 23 Jan 2020 USN-4249-1 e2fsprogs vulnerability 22
Jan 2020 USN-4247-1 python-apt vulnerabilities 22 Jan 2020 USN-4247-2
python-apt regression 22 Jan 2020 USN-4246-1 zlib vulnerabilities 20 Jan 2020
USN-4242-1 Sysstat vulnerabilities 20 Jan 2020 USN-4243-1 libbsd
vulnerabilities 19 Jan 2020 CVE-2020-0601 Windows Stemcells vulnerable to
Windows CryptoAPI Spoofing Vulnerability 15 Jan 2020 USN-4205-1 SQLite
vulnerabilities 15 Jan 2020 USN-4215-1 NSS vulnerability 15 Jan 2020
USN-4182-3 Intel Microcode regression 15 Jan 2020 USN-4220-1 Git
vulnerabilities 15 Jan 2020 USN-4210-1 Linux kernel vulnerabilities 14 Jan
2020 USN-4236-2 Libgcrypt vulnerability 13 Jan 2020 USN-4235-1 nginx
vulnerability 09 Jan 2020 USN-4233-1 GnuTLS update 08 Jan 2020 USN-4231-1
NSS vulnerability 07 Jan 2020 USN-4227-1 Linux kernel vulnerabilities 18 Dec
2019 USN-4194-1 postgresql-common vulnerability 18 Dec 2019 USN-4185-1 Linux
kernel vulnerabilities 18 Dec 2019 USN-4162-1 Linux kernel vulnerabilities 18
Dec 2019 USN-4191-1 QEMU vulnerabilities 18 Dec 2019 USN-4164-1 Libxslt
vulnerabilities 18 Dec 2019 USN-4190-1 libjpeg-turbo vulnerabilities 18 Dec
2019 USN-4176-1 GNU cpio vulnerability 18 Dec 2019 USN-4172-1 file
vulnerability 18 Dec 2019 USN-4203-1 NSS vulnerability 18 Dec 2019 USN-4169-1
libarchive vulnerability 18 Dec 2019 USN-4182-1 Intel Microcode update 18
Dec 2019 USN-4185-3 Linux kernel vulnerability and regression 18 Dec 2019
USN-4199-1 libvpx vulnerabilities 11 Dec 2019 USN-4221-1 libpcap
vulnerability 25 Nov 2019 CVE-2019-15587 Ops Manager contains a vulnerable
Loofah gem 14 Nov 2019 USN-4004-1 Berkeley DB vulnerability 14 Nov 2019
USN-4038-1 bzip2 vulnerabilities 14 Nov 2019 USN-3911-1 file vulnerabilities
14 Nov 2019 USN-4015-1 DBus vulnerability 14 Nov 2019 USN-4011-1 Jinja2
vulnerabilities 14 Nov 2019 USN-4008-2 AppArmor update 14 Nov 2019 USN-3999-1
GnuTLS vulnerabilities 14 Nov 2019 USN-3967-1 FFmpeg vulnerabilities 14 Nov
2019 USN-3990-1 urllib3 vulnerabilities 14 Nov 2019 USN-4040-1 Expat
vulnerability 14 Nov 2019 USN-3885-2 OpenSSH vulnerability 14 Nov 2019
USN-3993-1 curl vulnerabilities 14 Nov 2019 USN-4012-1 elfutils
vulnerabilities 14 Nov 2019 USN-3968-1 Sudo vulnerabilities 14 Nov 2019
USN-4016-1 Vim vulnerabilities 14 Nov 2019 USN-4019-1 SQLite vulnerabilities
06 Nov 2019 USN-4151-1 Python vulnerabilities 06 Nov 2019 USN-4144-1 Linux
kernel vulnerabilities 06 Nov 2019 USN-4142-1 e2fsprogs vulnerability 06 Nov
2019 USN-4132-1 Expat vulnerability 06 Nov 2019 USN-4129-1 curl
vulnerabilities 06 Nov 2019 USN-4127-1 Python vulnerabilities 06 Nov 2019
USN-4126-1 FreeType vulnerability 30 Sep 2019 USN-4135-1 Linux kernel
vulnerabilities 30 Sep 2019 USN-4115-2 Linux kernel regression 30 Sep 2019
USN-4115-1 Linux kernel vulnerabilities 30 Sep 2019 USN-4094-1 Linux kernel
vulnerabilities 30 Sep 2019 USN-4071-1 Patch vulnerabilities 30 Sep 2019
USN-4049-3 GLib regression 24 Sep 2019 CVE-2019-16097 Harbor Privilege
Escalation 05 Sep 2019 USN-4099-1 nginx vulnerabilities 05 Sep 2019 USN-4090-1
PostgreSQL vulnerabilities 05 Sep 2019 USN-4068-2 Linux kernel (HWE)
vulnerabilities 05 Sep 2019 USN-4060-1 NSS vulnerabilities 05 Sep 2019
USN-4058-1 Bash vulnerability 05 Sep 2019 USN-4049-1 GLib vulnerability 05
Sep 2019 USN-4038-3 bzip2 regression 06 Aug 2019 USN-4041-1 Linux kernel
update 05 Aug 2019 USN-4014-1 GLib vulnerability 05 Aug 2019 USN-4001-1
libseccomp vulnerability 05 Aug 2019 USN-3977-3 Intel Microcode update (AKA
ZombieLoad Attack) 19 Jun 2019 USN-3981-2 Linux kernel (HWE) vulnerabilities
(AKA ZombieLoad Attack) 19 Jun 2019 USN-3977-2 Intel Microcode update (AKA
ZombieLoad Attack) 19 Jun 2019 USN-3977-1 Intel Microcode update (AKA
ZombieLoad Attack) 21 May 2019 USN-3972-1 PostgreSQL vulnerabilities 21 May
2019 USN-3962-1 libpng vulnerability 21 May 2019 USN-3960-1 WavPack
vulnerability 21 May 2019 USN-3947-1 Libxslt vulnerability 21 May 2019
USN-3943-1 Wget vulnerabilities 21 May 2019 USN-3932-2 Linux kernel (Xenial
HWE) vulnerabilities 21 May 2019 USN-3931-2 Linux kernel (HWE) vulnerabilities
08 May 2019 USN-3935-1 BusyBox vulnerabilities 25 Apr 2019 USN-3945-1 Ruby
vulnerabilities 25 Apr 2019 USN-3910-2 Linux kernel (Xenial HWE)
vulnerabilities 25 Apr 2019 USN-3906-1 LibTIFF vulnerabilities 25 Apr 2019
USN-3901-2 Linux kernel (HWE) vulnerabilities 25 Apr 2019 USN-3900-1 GD
vulnerabilities 25 Apr 2019 USN-3899-1 OpenSSL vulnerability 25 Apr 2019
USN-3898-1 NSS vulnerability 25 Apr 2019 USN-3891-1 systemd vulnerability 25
Apr 2019 USN-3885-1 OpenSSH vulnerabilities 25 Apr 2019 USN-3884-1
libarchive vulnerabilities 25 Apr 2019 USN-3882-1 curl vulnerabilities 25 Apr
2019 USN-3879-2 Linux kernel (Xenial HWE) vulnerabilities 25 Apr 2019
USN-3871-4 Linux kernel (HWE) vulnerabilities 25 Apr 2019 USN-3864-1 LibTIFF
vulnerabilities 25 Apr 2019 USN-3859-1 libarchive vulnerabilities 25 Apr 2019
USN-3848-2 Linux kernel (Xenial HWE) vulnerabilities 25 Apr 2019 USN-3847-2
Linux kernel (HWE) vulnerabilities 25 Apr 2019 USN-3840-1 OpenSSL
vulnerabilities 25 Apr 2019 USN-3834-1 Perl vulnerabilities 25 Apr 2019
USN-3816-3 systemd regression 25 Apr 2019 USN-3855-1 systemd vulnerabilities
25 Apr 2019 USN-3863-1 APT vulnerability 13 Feb 2019 CVE-2019-5736 runC
container breakout 06 Feb 2019 USN-3836-2 Linux kernel (HWE) vulnerabilities
06 Feb 2019 USN-3841-1 lxml vulnerability 06 Feb 2019 USN-3850-1 NSS
vulnerabilities 03 Jan 2019 USN-3843-1 pixman vulnerability 03 Jan 2019
USN-3816-2 systemd vulnerability 03 Jan 2019 USN-3839-1 WavPack
vulnerabilities 03 Jan 2019 USN-3829-1 Git vulnerabilities 14 Dec 2018
USN-3805-1 curl vulnerabilities 14 Dec 2018 USN-3809-1 OpenSSH
vulnerabilities 14 Dec 2018 USN-3812-1 nginx vulnerabilities 14 Dec 2018
USN-3815-1 gettext vulnerability 14 Dec 2018 USN-3817-1 Python
vulnerabilities 14 Dec 2018 USN-3821-2 Linux kernel (Xenial HWE)
vulnerabilities 12 Dec 2018 USN-3820-2 Linux kernel (HWE) vulnerabilities 12
Dec 2018 USN-3816-1 systemd vulnerabilities 12 Dec 2018 USN-3806-1 systemd
vulnerability 12 Dec 2018 USN-3808-1 Ruby vulnerabilities 03 Dec 2018
CVE-2018-15797 NFS Volume release errand leaks cf admin credentials in logs 03
Dec 2018 CVE-2018-1002105 Proxy request handling in kube-apiserver can leave
vulnerable TCP connections 28 Nov 2018 USN-3797-2 Linux kernel (Xenial HWE)
vulnerabilities 08 Nov 2018 USN-3800-1 audiofile vulnerabilities 08 Nov 2018
USN-3791-1 Git vulnerability 08 Nov 2018 USN-3786-1 libxkbcommon
vulnerabilities 08 Nov 2018 USN-3785-1 ImageMagick vulnerabilities 06 Nov 2018
CVE-2018-15761 UAA Privilege Escalation 26 Oct 2018 USN-3790-1 Requests
vulnerability 26 Oct 2018 USN-3777-2 Linux kernel (HWE) vulnerabilities 26 Oct
2018 USN-3762-2 Linux kernel (HWE) vulnerabilities 09 Oct 2018 USN-3752-2
Linux kernel (HWE) vulnerabilities 09 Oct 2018 USN-3765-1 curl vulnerability
09 Oct 2018 USN-3767-1 GLib vulnerabilities 09 Oct 2018 USN-3770-1 Little
CMS vulnerabilities 27 Sep 2018 USN-3759-1 libtirpc vulnerabilities 27 Sep
2018 USN-3758-1 libx11 vulnerabilities 27 Sep 2018 USN-3756-1 Intel
Microcode vulnerabilities 27 Sep 2018 USN-3755-1 GD vulnerabilities 27 Sep
2018 USN-3753-2 Linux kernel (Xenial HWE) vulnerabilities 27 Sep 2018
USN-3744-1 PostgreSQL vulnerabilities 27 Sep 2018 USN-3741-2 Linux kernel
(Xenial HWE) vulnerabilities 27 Sep 2018 USN-3739-1 libxml2 vulnerabilities 27
Sep 2018 USN-3736-1 libarchive vulnerabilities 27 Sep 2018 USN-3733-1 GnuPG
vulnerability 27 Sep 2018 USN-3729-1 libxcursor vulnerability 27 Sep 2018
USN-3712-1 libpng vulnerabilities 27 Sep 2018 USN-3696-2 Linux kernel
(Xenial HWE) vulnerabilities 27 Sep 2018 USN-3692-1 OpenSSL vulnerabilities 27
Sep 2018 USN-3690-2 AMD Microcode regression 27 Sep 2018 USN-3690-1 AMD
Microcode update 27 Sep 2018 USN-3689-1 Libgcrypt vulnerability 27 Sep 2018
USN-3605-1 Sharutils vulnerability 27 Sep 2018 USN-3589-1 PostgreSQL
vulnerability 27 Sep 2018 USN-3564-1 PostgreSQL vulnerability 27 Sep 2018
USN-3532-1 GDK-PixBuf vulnerabilities 27 Sep 2018 USN-3509-4 Linux kernel
(Xenial HWE) regression 27 Sep 2018 USN-3352-1 nginx vulnerability 09 Aug 2018
CVE-2018-8037 Apache Tomcat - NIO/NIO2 connectors user sessions can get mixed
up 09 Aug 2018 CVE-2018-1336 Apache Tomcat - UTF-8 decoder can lead to DoS 02
Aug 2018 USN-3711-1 ImageMagick vulnerabilities 02 Aug 2018 USN-3707-1 NTP
vulnerabilities 02 Aug 2018 USN-3706-1 libjpeg-turbo vulnerabilities 23 Jul
2018 CVE-2018-11047 UAA accepts refresh token as access token on admin
endpoints 20 Jul 2018 USN-3693-1 JasPer vulnerabilities 20 Jul 2018 USN-3686-1
file vulnerabilities 20 Jul 2018 USN-3684-1 Perl vulnerability 20 Jul 2018
USN-3681-1 ImageMagick vulnerabilities 20 Jul 2018 USN-3676-2 Linux kernel
(Xenial HWE) vulnerabilities 20 Jul 2018 USN-3675-1 GnuPG vulnerabilities 20
Jul 2018 USN-3658-1 procps-ng vulnerabilities 17 Jul 2018 CVE-2018-11041 UAA
open redirect 16 Jul 2018 CVE-2018-1269 Loggregator does not properly close
some TCP connections 16 Jul 2018 CVE-2018-1268 Loggregator lacks app GUID
validation 19 Jun 2018 CVE-2018-1265 Diego does not properly sanitize file
paths in tar/zip files 21 Jun 2018 USN-3671-1 Git vulnerabilities 21 Jun 2018
USN-3654-2 Linux kernel (Xenial HWE) vulnerabilities 21 Jun 2018 USN-3648-1
curl vulnerabilities 14 Jun 2018 USN-3643-1 Wget vulnerability 14 Jun 2018
USN-3641-1 Linux kernel vulnerabilities 14 Jun 2018 USN-3631-2 Linux kernel
(Xenial HWE) vulnerabilities 14 Jun 2018 USN-3628-1 OpenSSL vulnerability 14
Jun 2018 USN-3625-1 Perl vulnerabilities 14 Jun 2018 USN-3624-1 Patch
vulnerabilities 14 Jun 2018 USN-3622-1 Wayland vulnerability 21 May 2018
CVE-2018-1277 Garden does not correctly enforce Docker image disc quotas 21
May 2018 CVE-2018-1276 Windows2012R2 stemcell exposes IaaS metadata on vSphere
10 May 2018 MS-ISAC-2018-046 MS-ISAC 2018-046 Multiple Vulnerabilities in PHP
08 May 2018 CVE-2018-1191 Garden may log Docker passwords 02 May 2018
USN-3619-2 Linux kernel (Xenial HWE) vulnerabilities 02 May 2018 USN-3611-1
OpenSSL vulnerability 02 May 2018 USN-3610-1 ICU vulnerability 02 May 2018
USN-3606-1 LibTIFF vulnerabilities 02 May 2018 USN-3604-1 libvorbis
vulnerabilities 02 May 2018 USN-3602-1 LibTIFF vulnerabilities 02 May 2018
USN-3598-1 curl vulnerabilities 02 May 2018 USN-3586-1 DHCP vulnerabilities
02 May 2018 USN-3584-1 sensible-utils vulnerability 02 May 2018 USN-3569-1
libvorbis vulnerabilities 02 May 2018 USN-3554-1 curl vulnerabilities 02 May
2018 USN-3547-1 Libtasn1 vulnerabilities 02 May 2018 USN-3543-1 rsync
vulnerabilities 02 May 2018 USN-3534-1 GNU C Library vulnerabilities 02 May
2018 USN-3506-1 rsync vulnerabilities 02 May 2018 USN-3501-1 libxcursor
vulnerability 02 May 2018 USN-3346-2 Bind regression 30 Apr 2018 CVE-2018-1197
GCP Metadata Endpoint Accessible from Application Containers on Windows 05 Apr
2018 CVE-2018-1266 Cloud Controller file modification via malicious
application 05 Apr 2018 CVE-2018-1231 BOSH CLI does not restrict access to
configuration file 03 Apr 2018 USN-3582-2 Linux kernel (Xenial HWE)
vulnerabilities 28 Mar 2018 CVE-2018-1195 Cloud Controller API will accept a
refresh token for authentication 28 Mar 2018 CVE-2018-1192 UAA SessionID
present in Audit Event Logs 28 Mar 2018 CVE-2018-1190 XSS on UAA OpenID
Connect check session iframe endpoint 09 Mar 2018 CVE-2018-1227
Concourse-dot-ci Domain Issue 27 Feb 2018 VU475445 VU#475445 SAML
Authentication Bypass 27 Feb 2018 CVE-2018-1221 Gorouter websocket handling
vulnerability 01 Feb 2018 USN-3540-2 Linux kernel (Xenial HWE) vulnerabilities
01 Feb 2018 USN-3538-1 OpenSSH vulnerabilities 01 Feb 2018 USN-3535-1 Bind
vulnerability 01 Feb 2018 USN-3522-4 Linux (Xenial HWE) vulnerability 01 Feb
2018 USN-3522-2 Linux (Xenial HWE) vulnerability 01 Feb 2018 USN-3513-1
libxml2 vulnerability 01 Feb 2018 USN-3504-1 libxml2 vulnerability 03 Jan 2018
Meltdown and Spectre Attacks Meltdown and Spectre Attacks 19 Dec 2017
CVE-2017-1000353 Jenkins unauthenticated remote code execution 15 Dec 2017
USN-3509-2 Linux kernel (Xenial HWE) vulnerabilities 15 Dec 2017 USN-3505-1
Linux firmware vulnerabilities 15 Dec 2017 USN-3498-1 curl vulnerabilities 15
Dec 2017 USN-3496-3 Python vulnerability 15 Dec 2017 USN-3496-1 Python
vulnerability 15 Dec 2017 USN-3489-1 Berkeley DB vulnerability 15 Dec 2017
USN-3485-2 Linux kernel (Xenial HWE) vulnerabilities 15 Dec 2017 USN-3478-1
Perl vulnerabilities 15 Dec 2017 USN-3475-1 OpenSSL vulnerabilities 15 Dec
2017 USN-3469-2 Linux kernel (Xenial HWE) vulnerabilities 15 Dec 2017
USN-3464-1 Wget vulnerabilities 15 Dec 2017 USN-3458-1 ICU vulnerability 15
Dec 2017 USN-3457-1 curl vulnerability 21 Nov 2017 USN-3454-1 libffi
vulnerability 21 Nov 2017 USN-3444-2 Linux kernel (Xenial HWE) vulnerabilities
21 Nov 2017 USN-3441-1 curl vulnerabilities 21 Nov 2017 USN-3437-1 OCaml
vulnerability 21 Nov 2017 USN-3434-1 Libidn vulnerability 21 Nov 2017
USN-3432-1 ca-certificates update 21 Nov 2017 USN-3424-1 libxml2
vulnerabilities 21 Nov 2017 USN-3387-1 Git vulnerability 16 Nov 2017
CVE-2017-8031 UAA Denial of Service through client token revocation endpoint
15 Nov 2017 CVE-2017-14388 GrootFS doesn’t validate DiffIDs 11 Oct 2017
CVE-2017-8048 Cloud Controller API regression 10 Oct 2017 CVE-2017-8047
Cloud Foundry router open redirect 28 Sep 2017 USN-3420-2 Linux kernel (Xenial
HWE) vulnerabilities 28 Sep 2017 USN-3418-1 GDK-PixBuf vulnerabilities 28 Sep
2017 USN-3415-1 tcpdump vulnerabilities 28 Sep 2017 USN-3411-1 Bazaar
vulnerability 28 Sep 2017 USN-3410-1 GD library vulnerability 28 Sep 2017
USN-3405-2 Linux kernel (Xenial HWE) vulnerabilities 28 Sep 2017 USN-3398-1
graphite2 vulnerabilities 08 Sep 2017 CVE-2017-9805 Apache Struts Remote Code
Execution 28 Aug 2017 USN-3392-2 Linux kernel (Xenial HWE) regression 21 Aug
2017 USN-3385-2 Linux kernel (Xenial HWE) vulnerabilities 14 Aug 2017
USN-3378-2 Linux kernel (Xenial HWE) vulnerabilities 14 Aug 2017 USN-3367-1
gdb vulnerabilities 14 Aug 2017 USN-3364-2 Linux kernel (Xenial HWE)
vulnerabilities 14 Aug 2017 USN-3363-2 ImageMagick regression References 14
Aug 2017 USN-3363-1 ImageMagick vulnerabilities 14 Aug 2017 USN-3356-1 Expat
vulnerability 14 Aug 2017 USN-3353-1 Heimdal vulnerability 14 Aug 2017
USN-3349-1 NTP vulnerabilities 14 Aug 2017 USN-3347-1 Libgcrypt
vulnerabilities 14 Aug 2017 USN-3346-1 bind9 vulnerabilities 14 Aug 2017
USN-3344-2 Linux kernel (Xenial HWE) vulnerabilities 07 Aug 2017 CVE-2017-8037
Incomplete fix for Cloud Controller API access to CC VM contents 02 Aug 2017
CVE-2017-9022/CVE-2017-9023 strongSwan DOS Vulnerabilities 01 Aug 2017
CVE-2017-8038 Credentials readable from CredHub endpoint 25 Jul 2017
CVE-2017-8036 Cloud Controller API regression 25 Jul 2017 CVE-2017-8035
Cloud Controller API access to CC VM contents 25 Jul 2017 CVE-2017-8033 Cloud
Controller API filesystem traversal vulnerability 24 Jul 2017 CVE-2017-8032
UAA Identity Zone Admin Privilege Escalation 05 Jul 2017 CVE-2017-7485
PostgreSQL vulnerabilities 26 Jun 2017 CVE-2017-5946 Directory Traversal in
Rubyzip 26 Jun 2017 USN-3334-1 Linux kernel (Xenial HWE) vulnerabilities 26
Jun 2017 USN-3323-1 GNU C Library vulnerability 26 Jun 2017 USN-3318-1
GnuTLS vulnerabilities 26 Jun 2017 USN-3312-2 Linux kernel (Xenial HWE)
vulnerabilities 26 Jun 2017 USN-3311-1 libnl vulnerability 26 Jun 2017
USN-3309-1 Libtasn1 vulnerability 26 Jun 2017 USN-3302-1 ImageMagick
vulnerabilities 26 Jun 2017 USN-3212-2 LibTIFF regression 22 Jun 2017
USN-3304-1 Sudo vulnerability 08 Jun 2017 CVE-2017-4994 Forwarded Headers in
UAA 08 Jun 2017 USN-3295-1 JasPer vulnerabilities 08 Jun 2017 USN-3294-1
Bash vulnerabilities 08 Jun 2017 USN-3291-3 Linux kernel (Xenial HWE)
vulnerabilities 08 Jun 2017 USN-3287-1 Git vulnerability 08 Jun 2017
USN-3283-1 rtmpdump vulnerabilities 08 Jun 2017 USN-3282-1 FreeType
vulnerabilities 08 Jun 2017 USN-3276-2 shadow regression 08 Jun 2017
USN-3263-1 FreeType vulnerability 08 Jun 2017 USN-3259-1 Bind
vulnerabilities 08 Jun 2017 USN-3246-1 Eject vulnerability 08 Jun 2017
USN-3181-1 OpenSSL vulnerabilities 19 May 2017 CVE-2017-4992 Privilege
escalation with user invitations 19 May 2017 CVE-2017-4991 UAA password reset
vulnerability 02 May 2017 USN-3265-2 Linux kernel (Xenial HWE) vulnerabilities
01 May 2017 CVE-2017-4974 Blind SQL Injection with privileged UAA endpoints 20
Apr 2017 CVE-2015-3281 HAProxy vulnerabilities 20 Apr 2017 CVE-2017-4973
Privilege Escalation in UAA 20 Apr 2017 CVE-2017-4972 Blind SQL Injection in
UAA 13 Apr 2017 CVE-2017-4969 Bug in CC allows users to exceed quotas 12 Apr
2017 USN-3256-2 Linux kernel (HWE) vulnerability 10 Apr 2017 CVE-2017-4970
Staticfile buildpack ignores basic authentication when misconfigured 06 Apr 2017
USN-3243-1 Git vulnerability 06 Apr 2017 USN-3241-1 audiofile
vulnerabilities 06 Apr 2017 USN-3239-2 GNU C Library Regression 06 Apr 2017
USN-3237-1 FreeType vulnerability 06 Apr 2017 USN-3235-1 libxml2
vulnerabilities 06 Apr 2017 USN-3232-1 ImageMagick vulnerabilities 06 Apr 2017
USN-3227-1 ICU vulnerabilities 06 Apr 2017 USN-3225-1 libarchive
vulnerabilities 06 Apr 2017 USN-3183-2 GnuTLS vulnerability 05 Apr 2017
CVE-2017-5649 Apache Geode privilege escalation vulnerability 04 Apr 2017
USN-3201-1 Bind vulnerabilities 04 Apr 2017 USN-3234-2 Linux kernel (Xenial
HWE) vulnerabilities 04 Apr 2017 USN-3228-1 libevent vulnerabilities 04 Apr
2017 USN-3247-1 AppArmor vulnerability 04 Apr 2017 USN-3249-2 Linux kernel
(Xenial HWE) vulnerability 31 Mar 2017 USN-3222-1 ImageMagick vulnerabilities
31 Mar 2017 USN-3213-1 GD library vulnerabilities 31 Mar 2017 USN-3212-1
LibTIFF vulnerabilities 31 Mar 2017 USN-3205-1 tcpdump vulnerabilities 31 Mar
2017 USN-3142-2 ImageMagick vulnerabilities 29 Mar 2017 CVE-2017-4963
Session Fixation for UAA External Authentication 17 Mar 2017 USN-3196-1
Multiple PHP vulnerabilities 17 Mar 2017 USN-3185-1 libXpm vulnerability 17
Mar 2017 USN-3193-1 Nettle vulnerability 17 Mar 2017 USN-3183-1 GnuTLS
vulnerabilities 14 Mar 2017 USN-3189-2 Linux kernel (Xenial HWE)
vulnerabilities 14 Mar 2017 CVE-2017-5638 Apache Struts Remote Code Execution
13 Mar 2017 USN-3220-2 Linux kernel (Xenial HWE) vulnerability 09 Mar 2017
CVE-2017-4960 UAA OAuth DOS via lockout feature 01 Mar 2017 USN-3208-2 Linux
kernel (Xenial HWE) vulnerabilities 31 Jan 2017 USN-3172-1 Bind
vulnerabilities 31 Jan 2017 USN-3169-2 Linux kernel (Xenial HWE)
vulnerabilities 31 Jan 2017 USN-3161-2 Linux kernel (Xenial HWE)
vulnerabilities 23 Jan 2017 CVE-2016-6660 Cloud Controller logs application
environment variables 19 Jan 2017 USN-3024-1 tomcat6, tomcat7 vulnerabilities
12 Jan 2017 RunC Exec RunC Exec Vulnerability 10 Jan 2017 CVE-2016-9882
Cloud Foundry Logs Service Credentials 29 Dec 2016 CVE-2016-3958 and
CVE-2016-3959 Golang vulnerabilities 27 Dec 2016 USN-3146-2 Linux kernel
(Xenial HWE) vulnerabilities 27 Dec 2016 USN-3128-2 Linux kernel (Xenial HWE)
vulnerability 27 Dec 2016 USN-3142-1 ImageMagick vulnerabilities 19 Dec 2016
CVE-2016-8219 Space Auditor can restage apps 21 Dec 2016 Multiple CVEs
httpoxy vulnerabilities 20 Dec 2016 USN-3156-1 APT vulnerability 19 Dec 2016
USN-3131-1 ImageMagick vulnerabilities 19 Dec 2016 USN-3067-1 HarfBuzz
vulnerabilities 19 Dec 2016 USN-3117-1 GD library vulnerabilities 14 Dec 2016
USN-3132-1 tar vulnerability 14 Dec 2016 USN-3134-1 Python vulnerabilities
14 Dec 2016 USN-3139-1 Vim vulnerability 14 Dec 2016 CVE-2016-6659 UAA
Privilege Escalation 14 Dec 2016 USN-3116-1 DBus vulnerabilities 14 Dec 2016
USN-3119-1 Bind vulnerability 13 Dec 2016 USN-3123-1 curl vulnerabilities 13
Dec 2016 USN-3088-1 Bind vulnerability 09 Dec 2016 CVE-2016-8218
Unauthenticated JWT signing algorithm in routing 07 Dec 2016 USN-3151-2 Linux
kernel (Xenial HWE) vulnerability 17 Nov 2016 CVE-2016-6663/CVE-2016-6664
MariaDB Root Privilege Escalation 17 Nov 2016 Several PCRE vulnerabilities
prior to version 8.39 07 Nov 2016 USN-3096-1 NTP vulnerabilities 07 Nov 2016
USN-3095-1 PHP vulnerabilities 02 Nov 2016 CVE-2016-6658 Incomplete fix for
Credential Vulnerability for Custom Buildpacks 21 Oct 2016 CVE-2016-5195 Linux
kernel vulnerability 17 Oct 2016 CVE-2016-6655 Utility Script Command
Injection 17 Oct 2016 USN-3099-2 Linux kernel vulnerabilities 29 Sep 2016
CVE-2016-6653 MySQL Audit logs sent to Syslog 28 Sep 2016 USN-3087-2 OpenSSL
Regression 28 Sep 2016 USN-3083-1 Linux kernel vulnerabilities 28 Sep 2016
USN-3068-1 Libidn vulnerabilities 28 Sep 2016 CVE-2016-6662 Multiple MySQL
Vulnerabilities 28 Sep 2016 USN-3085-1 GDK-PixBuf vulnerabilities 26 Sep 2016
CVE-2016-6651 Privilege Escalation in UAA 26 Sep 2016 CVE-2016-6636 UAA Open
Redirect Vulnerability for Subdomains 26 Sep 2016 CVE-2016-6637 UAA CSRF
Vulnerability for OAuth Approvals 21 Sep 2016 CVE-2014-9130 LibYAML
vulnerability 09 Sep 2016 CVE-2016-6639 PHP Buildpack exposes .profile file 09
Sep 2016 USN-3045-1 PHP vulnerabilities 25 Aug 2016 USN-3065-1 Libgcrypt
vulnerability 25 Aug 2016 USN-3064-1 GnuPG vulnerability 25 Aug 2016
USN-3063-1 Fontconfig vulnerability 25 Aug 2016 USN-3061-1 OpenSSH
vulnerability 25 Aug 2016 USN-3030-1/USN-3060-1 GD library vulnerability 25
Aug 2016 USN-3053-1/USN-3037-1 Linux kernel (Vivid HWE) vulnerability 25 Aug
2016 USN-3048-1 curl vulnerability 25 Aug 2016 USN-3033-1 libarchive
vulnerability 18 Aug 2016 CVE-2016-5016 UAA accepts expired certificates 26
Jul 2016 CVE-2016-5006 Cloud Controller API logs user-provided service
credentials 13 Jul 2016 USN-3010-1 Expat vulnerabilities 13 Jul 2016
CVE-2016-4450 Nginx Vulnerabilities 13 Jul 2016 USN-3012-1 Wget
vulnerability 01 Jul 2016 USN-3020-1 Linux kernel (Vivid HWE) vulnerabilities
30 Jun 2016 CVE-2016-4468 UAA SQL Injection 15 Jun 2016 USN-3001-1 Linux
kernel (Vivid HWE) vulnerabilities 13 Jun 2016 CVE-2016-4435 BOSH Agent
Anonymous Endpoint 13 Jun 2016 USN-2994-1 libxml2 vulnerabilities 13 Jun 2016
USN-2991-1 nginx vulnerability 13 Jun 2016 USN-2990-1 ImageMagick
vulnerability (a.k.a. ImageTragick) 13 Jun 2016 USN-2987-1 GD library
vulnerabilities 13 Jun 2016 USN-2985-2 GNU C Library regression 13 Jun 2016
USN-2983-1 Expat vulnerability 13 Jun 2016 USN-2981-1 libarchive
vulnerabilities 13 Jun 2016 USN-2966-1 OpenSSH vulnerabilities 13 Jun 2016
USN-2961-1 Little CMS vulnerability 08 Jun 2016 CVE-2013-7456 PHP
vulnerabilities 03 Jun 2016 USN-2970-1 Linux kernel (Vivid HWE)
vulnerabilities 23 May 2016 CVE-2016-3084 UAA Password Reset Vulnerability 19
May 2016 USN-2977-1 Linux kernel (Vivid HWE) vulnerabilities 17 May 2016
CVE-2016-3091 Diego log encoding vulnerability 06 May 2016 USN-2959-1
OpenSSL vulnerabilities 06 May 2016 USN-2957-1 Libtasn1 vulnerability 06 May
2016 USN-2949-1 Linux kernel (Vivid HWE) vulnerabilities 06 May 2016
USN-2943-1 PCRE vulnerabilities 06 May 2016 USN-2935-2 PAM regression 02 May
2016 CVE-2015-5170-5173 UAA Vulnerabilities 14 Apr 2016 Badlock bug Samba
and Windows Vulnerabilities 24 Mar 2016 USN-2939-1 LibTIFF vulnerabilities 24
Mar 2016 USN-2927-1 Graphite2 vulnerabilities 24 Mar 2016 USN-2925-1 Bind9
vulnerabilities 24 Mar 2016 USN-2919-1 JasPer vulnerabilities 24 Mar 2016
USN-2918-1 Pixman vulnerabilities 24 Mar 2016 USN-2916-1 Perl
vulnerabilities 24 Mar 2016 USN-2914-1 OpenSSL vulnerabilities 24 Mar 2016 NPM
Ownership Issue Warning about NPM modules 24 Mar 2016 USN-2938-1 Git
vulnerabilities 16 Mar 2016 USN-2932-1 Linux kernel vulnerabilities 02 Mar
2016 CVE-2016-0800 OpenSSL vulnerabilities 26 Feb 2016 USN-2910-1 Linux
kernel vulnerability 26 Feb 2016 CVE-2016-0761 Docker Image Host Files
Corruption 19 Feb 2016 USN-2900-1 GNU libc vulnerability 02 Feb 2016
CVE-2016-0732 Privilege Escalation 01 Feb 2016 CVE-2016-0713 Gorouter XSS 22
Jan 2016 USN-2871-1 Linux kernel vulnerability 20 Jan 2016 CVE-2016-0715
Remote Information Disclosure 19 Jan 2016 USN-2865-1 GnuTLS vulnerability 19
Jan 2016 USN-2861-1 libpng vulnerability 19 Jan 2016 USN-2868-1 DHCP
vulnerability 19 Jan 2016 USN-2869-1 OpenSSH vulnerability 18 Jan 2016
CVE-2016-0708 Remote Information Disclosure 07 Jan 2016 USN-2857-1 Linux
kernel vulnerability 07 Jan 2016 USN-2842-1/USN-2842-2 Linux kernel
vulnerability 07 Jan 2016 USN-2837-1 bind9 vulnerability 07 Jan 2016
USN-2836-1 grub2 vulnerability 07 Jan 2016 USN-2835-1 git vulnerability 07
Jan 2016 USN-2834-1 libxml2 vulnerability 07 Jan 2016 USN-2830-1 OpenSSL
vulnerability 07 Jan 2016 USN-2829-1 Linux kernel vulnerability 15 Dec 2015
CVE-2015-5350 Garden Nstar vulnerability 04 Dec 2015 USN-2821-1 GnuTLS
vulnerability 04 Dec 2015 USN-2820-1 dpkg vulnerability 02 Dec 2015 USN-2815-1
PNG vulnerability 02 Dec 2015 USN-2812-1 libxml2 vulnerability 02 Dec 2015
USN-2810-1 Kerberos vulnerability 02 Dec 2015 USN-2787-1 audiofile
vulnerability 24 Nov 2015 USN-2788-1/2788-2 unzip vulnerability 12 Nov 2015
USN-2798-1 Linux kernel vulnerability 12 Nov 2015 USN-2806-1 Linux kernel
vulnerability 03 Nov 2015 USN-2778-1 Linux kernel vulnerabilities 03 Nov 2015
USN-2767-1 GDK-Pixbuf library vulnerability 07 Oct 2015 Golang Golang 1.4.3
CVE Fixes 07 Oct 2015 USN-2722-1 GDK-PixBuf Vulnerabilities 07 Oct 2015
USN-2711-1 Net-SNMP Vulnerabilities 07 Oct 2015 USN-2739-1 FreeType
Vulnerabilities 07 Oct 2015 USN-2740-1 ICU Vulnerabilities 07 Oct 2015
USN-2751-1 Linux Kernel (Vivid HWE) Vulnerability 07 Oct 2015 USN-2756-1
rpcbind Vulnerability 07 Oct 2015 USN-2765-1 Linux Kernel (Vivid HWE)
Vulnerability 08 Sep 2015 USN-2710-1 OpenSSH Vulnerabilities 08 Sep 2015
USN-2698-1 SQLite Vulnerabilities 08 Sep 2015 USN-2694-1 PCRE
Vulnerabilities 08 Sep 2015 USN-2718-1 Address Configuration Change
Vulnerabilities 06 Aug 2015 USN-2696-1 OpenJDK 7 Vulnerabilities 29 Jul 2015
CVE-2015-3290 Linux Kernel NMI Vulnerability 10 Jul 2015 CVE-2015-1420
file_handle size verification 06 Jul 2015 CVE-2015-1330 Unattended-Upgrades
Vulnerability 25 Jun 2015 CVE-2015-3189 Expire old reset password links 25 Jun
2015 CVE-2015-3190 Open redirect on Login 25 Jun 2015 CVE-2015-3191 CSRF
attack on change email 12 Jun 2015 USN-2639-1 OpenSSL vulnerabilities 12 Jun
2015 CVE-2015-3636 ipv4 use-after-free 17 Jun 2015 CVE-2015-1328 overlayfs
privilege escalation 09 Jun 2015 Redis LUA Sandbox Redis LUA Exploit 22 May
2015 CVE-2015-1834 Path Traversal Vulnerability 22 May 2015 USN-2617-1 FUSE
Vulnerability 30 Apr 2015 CVE-2015-1855 Ruby OpenSSL Hostname Verification 23
Mar 2015 CVE-2015-0282 Multiple GnuTLS Vulnerabilities 21 Mar 2015 USN-2537-1
OpenSSL vulnerabilities 13 Mar 2015 CVE-2014-8159 Linux Kernel Infiniband
Vulnerability 09 Feb 2015 CVE-2014-0227 Apache Tomcat Request Smuggling 28 Jan
2015 CVE-2015-0235 GHOST 10 Sep 2014 CVE-2013-4444 Remote Code Execution in
Apache Tomcat 16 Oct 2014 CVE-2014-3566 SSLV3 POODLE 29 Sep 2014 CVE-2014-7186
Bash Out-of Bonds 25 Sep 2014 CVE-2014-6271 Bash - ShellShock 19 Sep 2014
CVE-2014-5119 glib_gconv_translit_find() exploit 18 Aug 2014 CVE-2014-3153
Futex requeue exploit 05 Jun 2014 CVE-2014-0224 SSL/TLS MITM Vulnerability 10
Apr 2014 CVE-2014-0160 Heartbleed
View all
THANKS
Reports of vulnerabilities in VMware Tanzu products are listed in the credit
section of the associated security announcement.
* VMware Tanzu
* Tanzu Application Platform
* Tanzu Application Service
* Tanzu Build Service
* Tanzu Community Edition
* Tanzu Data Services
* Tanzu Kubernetes Grid
* Tanzu for Kubernetes Operations
* Tanzu Mission Control
* Tanzu Observability
* Tanzu Service Mesh
* VMware Application Catalog
* Tanzu Labs
* Resources
* Support
* Contact
* Events
* Partners
* Careers
* Blog
* Newsletter
* Labs Locations
* Get started
* Developer Center
* Documentation
SpringOne December 6–8, 2022
DevOps Loop June 22, 2022
Intro To Tanzu Paving the Road to Modern Apps
Feedback Tell us what you think
Thank you!
--------------------------------------------------------------------------------
中文 Deutsch Français 日本語 한국어 Italiano English
© 2022 VMware, Inc Terms of Use Privacy Policy Your California Privacy Rights
Cookie Settings
*
*
*
*
We use cookies to provide you with the best experience on our website, to
improve usability and performance and thereby improve what we offer to you. Our
website may also use third-party cookies to display advertising that is more
relevant to you. By clicking on the “Accept All” button you agree to the storing
of cookies on your device. If you want to know more about how we use cookies,
please see our Cookie Policy.
Cookie Settings Accept All Cookies
COOKIE PREFERENCE CENTER
GENERAL INFORMATION ON COOKIES
GENERAL INFORMATION ON COOKIES
When you visit our website, we use cookies to ensure that we give you the best
experience. This information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies by clicking on the
different category headings to find out more and change your settings. However,
blocking some types of cookies may impact your experience on the site and the
services we are able to offer. Further information can be found in our
Cookie Policy.
* STRICTLY NECESSARY
STRICTLY NECESSARY
Always Active
Strictly Necessary
Strictly necessary cookies are always enabled since they are essential for
our website to function. They enable core functionality such as security,
network management, and website accessibility. You can set your browser to
block or alert you about these cookies, but this may affect how the website
functions. For more information please visit www.aboutcookies.org or
www.allaboutcookies.org.
Cookie Details
* PERFORMANCE
PERFORMANCE
Performance
Performance cookies are used to analyze the user experience to improve our
website by collecting and reporting information on how you use it. They allow
us to know which pages are the most and least popular, see how visitors move
around the site, optimize our website and make it easier to navigate.
Cookie Details
* FUNCTIONAL
FUNCTIONAL
Functional
Functional cookies help us keep track of your past browsing choices so we can
improve usability and customize your experience. These cookies enable the
website to remember your preferred settings, language preferences, location
and other customizable elements such as font or text size. If you do not
allow these cookies, then some or all of these services may not function
properly.
Cookie Details
* ADVERTISING
ADVERTISING
Advertising
Advertising cookies are used to send you relevant advertising and promotional
information. They may be set through our site by third parties to build a
profile of your interests and show you relevant advertisements on other
sites. These cookies do not directly store personal information, but their
function is based on uniquely identifying your browser and internet device.
Cookie Details
* SOCIAL MEDIA
SOCIAL MEDIA
Social Media
Social media cookies are intended to facilitate the sharing of content and to
improve the user experience. These cookies can sometimes track your
activities. We do not control social media cookies and they do not allow us
to gain access to your social media accounts. Please refer to the relevant
social media platform’s privacy policies for more information.
Cookie Details
Back Button
ADVERTISING COOKIES
Filter Button
Consent Leg.Interest
Select All Vendors
Select All Vendors
Select All Hosts
Select All
* REPLACE-WITH-DYANMIC-HOST-ID
TITLE
DESCRIPTION
View Third Party Cookies
* Name
cookie name
Clear Filters
Information storage and access
Apply
Confirm My Choices Allow All