Pivotal Application Security Team


Overview

The Pivotal Application Security Team provides a single point of contact for the reporting of security vulnerabilities in Pivotal products and coordinates the process of investigating any reported vulnerabilities.

If you would like to subscribe to updates to this page, the RSS feed for all vulnerability reports is available at https://pivotal.io/security/rss. The RSS feed for just the notable vulnerabilities in dependences is available at https://pivotal.io/security/dependencies/rss and the RSS feed for just Pivotal product vulnerabilities is available at https://pivotal.io/security/pivotal/rss.

Reporting a vulnerability

We strongly encourage people to report security vulnerabilities privately to our security team before disclosing them in a public forum.

Please note that the e-mail address below should only be used for reporting undisclosed security vulnerabilities in Pivotal products and managing the process of fixing such vulnerabilities. We cannot accept regular bug reports or other security related queries at this address.

The e-mail address to use to contact the Pivotal Application Security Team is security@pivotal.io.

The fingerprint is: 2F28 8814 5F37 5811 17D9 FDCF 7CC5 2A57 8296 871B

It can be obtained from a public key server such as pgp.mit.edu.



Pivotal Product Vulnerability Reports
Date   CVE Reference   Description
“16 2019” CVE-2019-3799   Directory Traversal with spring-cloud-config-server
“12 2019” CVE-2019-3793   Invitations Service supports HTTP connections
“08 2019” CVE-2019-3797   Additional information exposure with Spring Data JPA derived queries
“04 2019” CVE-2019-3795   Insecure Randomness When Using a SecureRandom Instance Constructed by Spring Security
“01 2019” CVE-2019-9946   Kubernetes affecting certain network configurations with CNI
“01 2019” CVE-2019-1002100   Kubernetes API Server Patch Request Consumes Excess Resource Cause Denial of Service
“01 2019” CVE-2019-1002101   Kubernetes kubectl - potential directory traversal
“25 2019” CVE-2019-3792   Concourse 5.0.0 SQL Injection vulnerability
“07 2019” CVE-2019-8331   Bootstrap XSS
“28 2019” CVE-2018-15754   UAA issues tokens across identity providers if users with matching usernames exist
“26 2019” CVE-2019-3777   Apps Manager unverified SSL certs in Cloud Controller proxy
“21 2019” CVE-2019-3778   Open Redirector in spring-security-oauth2
“19 2019” CVE-2019-3776   Reflected XSS in Pivotal Operations Manager
“14 2019” CVE-2019-3780   Cloud Foundry Container Runtime Leaks IAAS Credentials
“14 2019” CVE-2019-3779   Pivotal Container Service allows a user to bypass security policy when talking to ETCD
“14 2019” CVE-2019-3772   XML External Entity Injection (XXE)
“14 2019” CVE-2019-3773   XML External Entity Injection (XXE)
“14 2019” CVE-2019-3774   XML External Entity Injection (XXE)
“08 2019” KUBERNETES-API-SERVER   Kubernetes API Server acts as proxy for internal and external IPs
“08 2019” CVE-2019-3803   Concourse includes token in CLI authentication callback
“04 2019” CVE-2018-18264   Kubernetes Dashboard TLS Certificate Leak
“18 2018” CVE-2018-15801   Authorization Bypass During JWT Issuer Validation with spring-security
“13 2018” CVE-2018-15798   Pivotal Concourse allows malicious redirect urls on login
“05 2018” CVE-2018-1279   RabbitMQ cluster compromise due to deterministically generated cookie
“15 2018” CVE-2018-15759   On Demand Services SDK Timing Attack Vulnerability
“09 2018” CVE-2018-15795   CredHub Service Broker uses guessable client secret
“29 2018” CVE-2018-15762   Pivotal Operations Manager gives all users heightened privileges
“16 2018” CVE-2018-15758   Privilege Escalation in spring-security-oauth2
“16 2018” CVE-2018-15756   DoS Attack via Range Requests
“10 2018” CVE-2018-11084   Garden-runC prevents deletion of some app environments
“10 2018” CVE-2018-15755   CF networking internal policy server SQL injection
“03 2018” CVE-2018-11083   BOSH accepts refresh token as access token
“02 2018” CVE-2018-15763   PKS leaks IaaS credentials to application logs
“27 2018” CVE-2018-11081   Ops Manager writes UAA credentials to disk
“13 2018” CVE-2018-1198   PCC bosh deployment logs print a superuser password in plain text
“13 2018” CVE-2018-11088   CF admin credentials accessible to developers through Applications Manager
“13 2018” CVE-2018-11086   CF admin credentials accessible to developers through usage service
“11 2018” CVE-2018-11087   RabbitMQ (Spring-AMQP) Host name verification
“23 2018” CVE-2018-11044   Apps Manager allows unescaped content in invitation emails
“10 2018” CVE-2018-11045   Operations Manager image contains static LRNG seed file
“20 2018” CVE-2018-11046   Operations Manager includes outdated NGINX packages
“14 2018” CVE-2018-11040   JSONP enabled by default in MappingJackson2JsonView
“14 2018” CVE-2018-11039   Cross Site Tracing (XST) with Spring Framework
“11 2018” CVE-2018-1263   Unsafe Unzip with spring-integration-zip
“10 2018” CVE-2018-1278   Apps Manager allows unauthorized org invitations
“09 2018” CVE-2018-1261   Unsafe Unzip with spring-integration-zip
“09 2018” CVE-2018-1260   Remote Code Execution with spring-security-oauth2
“09 2018” CVE-2018-1259   XXE with Spring Data’s XMLBeam integration
“09 2018” CVE-2018-1258   Unauthorized Access with Spring Security Method Security
“09 2018” CVE-2018-1257   ReDoS Attack with spring-messaging
“07 2018” CVE-2018-1280   Blind SQL injection in Pivotal Greenplum Command Center
“30 2018” CVE-2018-1256   Issuer validation regression in Spring Cloud SSO Connector
“10 2018” CVE-2018-1274   Denial of Service with Spring Data
“10 2018” CVE-2018-1273   RCE with Spring Data Commons
“09 2018” CVE-2018-1275   Address partial fix for CVE-2018-1270
“05 2018” CVE-2018-1272   Multipart Content Pollution with Spring Framework
“05 2018” CVE-2018-1271   Directory Traversal with Spring MVC on Windows
“05 2018” CVE-2018-1270   Remote Code Execution with spring-messaging
“16 2018” CVE-2018-1230   Spring Batch Admin vulnerable to Cross Site Request Forgery
“16 2018” CVE-2018-1229   Stored XSS in file upload of Spring Batch Admin
“13 2018” CVE-2018-1200   Apps Manager File Access Vulnerability
“30 2018” CVE-2018-1196   Symlink privilege escalation attack via Spring Boot launch script
“29 2018” CVE-2018-1199   Security bypass with static resources
“16 2017” CVE-2017-8028   Spring-LDAP authentication with userSearch and STARTTLS allows authentication with arbitrary password
“21 2017” CVE-2017-8046   RCE in PATCH requests in Spring Data REST
“19 2017” CVE-2017-8045   Remote code execution in spring-amqp
“15 2017” CVE-2017-8039   Data Binding Expression Vulnerability in Spring Web Flow
“31 2017” CVE-2017-8044   XSS vulnerability in Single Sign-On for PCF via DOM-based query parameters
“31 2017” CVE-2017-8041   XSS vulnerability in org name in Single Sign-On for PCF
“31 2017” CVE-2017-8040   XXE Vulnerability in Single Sign-On for PCF
“08 2017” CVE-2017-4995   Jackson Configuration Allows Code Execution with Unknown “Serialization Gadgets”
“31 2017” CVE-2017-4971   Data Binding Expression Vulnerability in Spring Web Flow
“15 2017” CVE-2017-4975   Tile generator sets open security groups
“04 2017” CVE-2017-4966   RabbitMQ local storage of credentials
“04 2017” CVE-2017-4965   XSS vulnerabilities in RabbitMQ management UI
“27 2017” CVE-2017-2773   Unauthenticated JWT signing algorithm in multiple components
“24 2017” CVE-2017-4955   Credentials in Elastic Runtime Notifications errand log
“14 2017” CVE-2017-4959   Pivotal Cloud Foundry account authorization vulnerability
“09 2017” CVE-2016-9880   Unauthenticated access to GemFire for PCF broker endpoints
“04 2017” CVE-2016-9885   gfsh exposed over go router for GemFire for PCF
“28 2016” CVE-2016-9879   Encoded "/" in path variables
“28 2016” CVE-2016-0898   Service backups log AWS key
“21 2016” CVE-2016-9878   Directory Traversal in the Spring Framework ResourceServlet
“19 2016” CVE-2016-9877   RabbitMQ authentication vulnerability
“31 2016” CVE-2016-6657   PCF Open Redirects
“31 2016” CVE-2016-6656   Code injection vulnerability via GPHDFS in Greenplum database
“30 2016” CVE-2016-6652   Spring Data JPA Blind SQL Injection Vulnerability
“12 2016” CVE-2016-0930   Ops Manager Compilation VMs Vulnerability on vSphere and vCloud
“27 2016” CVE-2016-0896   IaaS Metadata Endpoint Accessible from Application Containers
“15 2016” CVE-2016-0929   RabbitMQ for PCF vulnerability
“07 2016” CVE-2016-5007   Spring Security / MVC Path Matching Inconsistency
“07 2016” CVE-2016-0926   Apps Manager XSS vulnerability
“05 2016” CVE-2016-4977   Remote Code Execution (RCE) in Spring Security OAuth
“29 2016” CVE-2016-0928   PCF Open Redirects
“24 2016” CVE-2016-0897   Ops Manager vSphere and vCloud vulnerability
“23 2016” CVE-2016-0927   Ops Manager XSS vulnerability
“11 2016” CVE-2016-2173   Remote Code Execution in Spring AMQP
“23 2016” CVE-2016-0780   Cloud Controller Disk Quota Enforcement
“23 2016” CVE-2016-2165   Loggregator Request URL Paths
“23 2016” CVE-2016-0781   UAA Persistent XSS Vulnerability
“03 2016” CVE-2016-0883   Pivotal Ops Manager Weak Authentication Scheme
“12 2015” CVE-2015-5258   Spring Social CSRF
“15 2015” CVE-2015-5211   RFD Attack in Spring Framework
“30 2015” CVE-2015-3192   DoS Attack with XML Input
“06 2015” CVE-2015-0201   Insufficiently random session id in Java SockJS client
“13 2015” CVE-2014-3626   Directory Traversal in Grails Resources Plugin
“11 2014” CVE-2014-3625   Directory Traversal in Spring Framework
“05 2014” CVE-2014-3578   Directory Traversal in Spring Framework
“15 2014” CVE-2014-3527   Access Control Bypass in Spring Security
“28 2014” CVE-2014-0225   Information Disclosure when using Spring MVC
“11 2014” CVE-2014-1904   XSS when using Spring MVC
“11 2014” CVE-2014-0097   Blank password may bypass user authentication
“11 2014” CVE-2014-0054   Incomplete fix for CVE-2013-7315 / CVE-2013-6429 (XXE)
“19 2014” CVE-2014-0053   Information Disclosure when using Grails
“14 2014” CVE-2013-6430   Possible XSS when using Spring MVC
“14 2014” CVE-2013-6429   Incomplete fix for CVE-2013-7315 (XXE)
“22 2013” CVE-2013-7315   XML External Entity (XXE) injection in Spring Framework
“22 2013” CVE-2013-4152   XML eXternal Entity (XXE) injection in Spring Framework


Notable Vulnerabilities in Dependencies[1]
Date   CVE Reference   Description Affected Pivotal Product(s)
“13 2019” CVE-2019-5736   runC container breakout Pivotal Cloud Foundry
“06 2019” USN-3836-2   Linux kernel (HWE) vulnerabilities Pivotal Cloud Foundry
“06 2019” USN-3841-1   lxml vulnerability Pivotal Cloud Foundry
“06 2019” USN-3850-1   NSS vulnerabilities Pivotal Cloud Foundry
“03 2019” USN-3843-1   pixman vulnerability Pivotal Cloud Foundry
“03 2019” USN-3816-2   systemd vulnerability Pivotal Cloud Foundry
“03 2019” USN-3839-1   WavPack vulnerabilities Pivotal Cloud Foundry
“03 2019” USN-3829-1   Git vulnerabilities Pivotal Cloud Foundry
“14 2018” USN-3805-1   curl vulnerabilities Pivotal Cloud Foundry
“14 2018” USN-3809-1   OpenSSH vulnerabilities Pivotal Cloud Foundry
“14 2018” USN-3812-1   nginx vulnerabilities Pivotal Cloud Foundry
“14 2018” USN-3815-1   gettext vulnerability Pivotal Cloud Foundry
“14 2018” USN-3817-1   Python vulnerabilities Pivotal Cloud Foundry
“14 2018” USN-3821-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
“12 2018” USN-3820-2   Linux kernel (HWE) vulnerabilities Pivotal Cloud Foundry
“12 2018” USN-3816-1   systemd vulnerabilities Pivotal Cloud Foundry
“12 2018” USN-3806-1   systemd vulnerability Pivotal Cloud Foundry
“12 2018” USN-3808-1   Ruby vulnerabilities Pivotal Cloud Foundry
“03 2018” CVE-2018-15797   NFS Volume release errand leaks cf admin credentials in logs Pivotal Cloud Foundry
“03 2018” CVE-2018-1002105   Proxy request handling in kube-apiserver can leave vulnerable TCP connections Pivotal Cloud Foundry
“28 2018” USN-3797-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
“08 2018” USN-3800-1   audiofile vulnerabilities Pivotal Cloud Foundry
“08 2018” USN-3791-1   Git vulnerability Pivotal Cloud Foundry
“08 2018” USN-3786-1   libxkbcommon vulnerabilities Pivotal Cloud Foundry
“08 2018” USN-3785-1   ImageMagick vulnerabilities Pivotal Cloud Foundry
“06 2018” CVE-2018-15761   UAA Privilege Escalation Pivotal Cloud Foundry
“26 2018” USN-3790-1   Requests vulnerability Pivotal Cloud Foundry
“26 2018” USN-3777-2   Linux kernel (HWE) vulnerabilities Pivotal Cloud Foundry
“26 2018” USN-3762-2   Linux kernel (HWE) vulnerabilities Pivotal Cloud Foundry
“09 2018” USN-3752-2   Linux kernel (HWE) vulnerabilities Pivotal Cloud Foundry
“09 2018” USN-3765-1   curl vulnerability Pivotal Cloud Foundry
“09 2018” USN-3767-1   GLib vulnerabilities Pivotal Cloud Foundry
“09 2018” USN-3770-1   Little CMS vulnerabilities Pivotal Cloud Foundry
“27 2018” USN-3759-1   libtirpc vulnerabilities Pivotal Cloud Foundry
“27 2018” USN-3758-1   libx11 vulnerabilities Pivotal Cloud Foundry
“27 2018” USN-3756-1   Intel Microcode vulnerabilities Pivotal Cloud Foundry
“27 2018” USN-3755-1   GD vulnerabilities Pivotal Cloud Foundry
“27 2018” USN-3753-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
“27 2018” USN-3744-1   PostgreSQL vulnerabilities Pivotal Cloud Foundry
“27 2018” USN-3741-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
“27 2018” USN-3739-1   libxml2 vulnerabilities Pivotal Cloud Foundry
“27 2018” USN-3736-1   libarchive vulnerabilities Pivotal Cloud Foundry
“27 2018” USN-3733-1   GnuPG vulnerability Pivotal Cloud Foundry
“27 2018” USN-3729-1   libxcursor vulnerability Pivotal Cloud Foundry
“27 2018” USN-3712-1   libpng vulnerabilities Pivotal Cloud Foundry
“27 2018” USN-3696-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
“27 2018” USN-3692-1   OpenSSL vulnerabilities Pivotal Cloud Foundry
“27 2018” USN-3690-2   AMD Microcode regression Pivotal Cloud Foundry
“27 2018” USN-3690-1   AMD Microcode update Pivotal Cloud Foundry
“27 2018” USN-3689-1   Libgcrypt vulnerability Pivotal Cloud Foundry
“27 2018” USN-3605-1   Sharutils vulnerability Pivotal Cloud Foundry
“27 2018” USN-3589-1   PostgreSQL vulnerability Pivotal Cloud Foundry
“27 2018” USN-3564-1   PostgreSQL vulnerability Pivotal Cloud Foundry
“27 2018” USN-3532-1   GDK-PixBuf vulnerabilities Pivotal Cloud Foundry
“27 2018” USN-3509-4   Linux kernel (Xenial HWE) regression Pivotal Cloud Foundry
“27 2018” USN-3352-1   nginx vulnerability Pivotal Cloud Foundry
“09 2018” CVE-2018-8037   Apache Tomcat - NIO/NIO2 connectors user sessions can get mixed up Pivotal Cloud Foundry
“09 2018” CVE-2018-1336   Apache Tomcat - UTF-8 decoder can lead to DoS Pivotal Cloud Foundry
“02 2018” USN-3711-1   ImageMagick vulnerabilities Pivotal Cloud Foundry
“02 2018” USN-3707-1   NTP vulnerabilities Pivotal Cloud Foundry
“02 2018” USN-3706-1   libjpeg-turbo vulnerabilities Pivotal Cloud Foundry
“23 2018” CVE-2018-11047   UAA accepts refresh token as access token on admin endpoints Pivotal Cloud Foundry
“20 2018” USN-3693-1   JasPer vulnerabilities Pivotal Cloud Foundry
“20 2018” USN-3686-1   file vulnerabilities Pivotal Cloud Foundry
“20 2018” USN-3684-1   Perl vulnerability Pivotal Cloud Foundry
“20 2018” USN-3681-1   ImageMagick vulnerabilities Pivotal Cloud Foundry
“20 2018” USN-3676-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
“20 2018” USN-3675-1   GnuPG vulnerabilities Pivotal Cloud Foundry
“20 2018” USN-3658-1   procps-ng vulnerabilities Pivotal Cloud Foundry
“17 2018” CVE-2018-11041   UAA open redirect Pivotal Cloud Foundry
“16 2018” CVE-2018-1269   Loggregator does not properly close some TCP connections Pivotal Cloud Foundry
“16 2018” CVE-2018-1268   Loggregator lacks app GUID validation Pivotal Cloud Foundry
“19 2018” CVE-2018-1265   Diego does not properly sanitize file paths in tar/zip files Pivotal Cloud Foundry
“21 2018” USN-3671-1   Git vulnerabilities Pivotal Cloud Foundry
“21 2018” USN-3654-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
“21 2018” USN-3648-1   curl vulnerabilities Pivotal Cloud Foundry
“14 2018” USN-3643-1   Wget vulnerability Pivotal Cloud Foundry
“14 2018” USN-3641-1   Linux kernel vulnerabilities Pivotal Cloud Foundry
“14 2018” USN-3631-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
“14 2018” USN-3628-1   OpenSSL vulnerability Pivotal Cloud Foundry
“14 2018” USN-3625-1   Perl vulnerabilities Pivotal Cloud Foundry
“14 2018” USN-3624-1   Patch vulnerabilities Pivotal Cloud Foundry
“14 2018” USN-3622-1   Wayland vulnerability Pivotal Cloud Foundry
“21 2018” CVE-2018-1277   Garden does not correctly enforce Docker image disc quotas Pivotal Cloud Foundry
“21 2018” CVE-2018-1276   Windows2012R2 stemcell exposes IaaS metadata on vSphere Pivotal Cloud Foundry
“10 2018” MS-ISAC-2018-046   MS-ISAC 2018-046 Multiple Vulnerabilities in PHP Pivotal Cloud Foundry
“08 2018” CVE-2018-1191   Garden may log Docker passwords Pivotal Cloud Foundry
“02 2018” USN-3619-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
“02 2018” USN-3611-1   OpenSSL vulnerability Pivotal Cloud Foundry
“02 2018” USN-3610-1   ICU vulnerability Pivotal Cloud Foundry
“02 2018” USN-3606-1   LibTIFF vulnerabilities Pivotal Cloud Foundry
“02 2018” USN-3604-1   libvorbis vulnerabilities Pivotal Cloud Foundry
“02 2018” USN-3602-1   LibTIFF vulnerabilities Pivotal Cloud Foundry
“02 2018” USN-3598-1   curl vulnerabilities Pivotal Cloud Foundry
“02 2018” USN-3586-1   DHCP vulnerabilities Pivotal Cloud Foundry
“02 2018” USN-3584-1   sensible-utils vulnerability Pivotal Cloud Foundry
“02 2018” USN-3569-1   libvorbis vulnerabilities Pivotal Cloud Foundry
“02 2018” USN-3554-1   curl vulnerabilities Pivotal Cloud Foundry
“02 2018” USN-3547-1   Libtasn1 vulnerabilities Pivotal Cloud Foundry
“02 2018” USN-3543-1   rsync vulnerabilities Pivotal Cloud Foundry
“02 2018” USN-3534-1   GNU C Library vulnerabilities Pivotal Cloud Foundry
“02 2018” USN-3506-1   rsync vulnerabilities Pivotal Cloud Foundry
“02 2018” USN-3501-1   libxcursor vulnerability Pivotal Cloud Foundry
“02 2018” USN-3346-2   Bind regression Pivotal Cloud Foundry
“30 2018” CVE-2018-1197   GCP Metadata Endpoint Accessible from Application Containers on Windows Pivotal Cloud Foundry
“05 2018” CVE-2018-1266   Cloud Controller file modification via malicious application Pivotal Cloud Foundry
“05 2018” CVE-2018-1231   BOSH CLI does not restrict access to configuration file Pivotal Cloud Foundry
“03 2018” USN-3582-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
“28 2018” CVE-2018-1195   Cloud Controller API will accept a refresh token for authentication Pivotal Cloud Foundry
“28 2018” CVE-2018-1192   UAA SessionID present in Audit Event Logs Pivotal Cloud Foundry
“28 2018” CVE-2018-1190   XSS on UAA OpenID Connect check session iframe endpoint Pivotal Cloud Foundry
“09 2018” CVE-2018-1227   Concourse-dot-ci Domain Issue Pivotal Cloud Foundry
“27 2018” VU475445   VU#475445 SAML Authentication Bypass Pivotal Cloud Foundry
“27 2018” CVE-2018-1221   Gorouter websocket handling vulnerability Pivotal Cloud Foundry
“01 2018” USN-3540-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
“01 2018” USN-3538-1   OpenSSH vulnerabilities Pivotal Cloud Foundry
“01 2018” USN-3535-1   Bind vulnerability Pivotal Cloud Foundry
“01 2018” USN-3522-4   Linux (Xenial HWE) vulnerability Pivotal Cloud Foundry
“01 2018” USN-3522-2   Linux (Xenial HWE) vulnerability Pivotal Cloud Foundry
“01 2018” USN-3513-1   libxml2 vulnerability Pivotal Cloud Foundry
“01 2018” USN-3504-1   libxml2 vulnerability Pivotal Cloud Foundry
“03 2018” Meltdown and Spectre Attacks   Meltdown and Spectre Attacks All (potentially)
“19 2017” CVE-2017-1000353   Jenkins unauthenticated remote code execution Pivotal Cloud Foundry
“15 2017” USN-3509-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
“15 2017” USN-3505-1   Linux firmware vulnerabilities Pivotal Cloud Foundry
“15 2017” USN-3498-1   curl vulnerabilities Pivotal Cloud Foundry
“15 2017” USN-3496-3   Python vulnerability Pivotal Cloud Foundry
“15 2017” USN-3496-1   Python vulnerability Pivotal Cloud Foundry
“15 2017” USN-3489-1   Berkeley DB vulnerability Pivotal Cloud Foundry
“15 2017” USN-3485-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
“15 2017” USN-3478-1   Perl vulnerabilities Pivotal Cloud Foundry
“15 2017” USN-3475-1   OpenSSL vulnerabilities Pivotal Cloud Foundry
“15 2017” USN-3469-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
“15 2017” USN-3464-1   Wget vulnerabilities Pivotal Cloud Foundry
“15 2017” USN-3458-1   ICU vulnerability Pivotal Cloud Foundry
“15 2017” USN-3457-1   curl vulnerability Pivotal Cloud Foundry
“21 2017” USN-3454-1   libffi vulnerability Pivotal Cloud Foundry
“21 2017” USN-3444-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
“21 2017” USN-3441-1   curl vulnerabilities Pivotal Cloud Foundry
“21 2017” USN-3437-1   OCaml vulnerability Pivotal Cloud Foundry
“21 2017” USN-3434-1   Libidn vulnerability Pivotal Cloud Foundry
“21 2017” USN-3432-1   ca-certificates update Pivotal Cloud Foundry
“21 2017” USN-3424-1   libxml2 vulnerabilities Pivotal Cloud Foundry
“21 2017” USN-3387-1   Git vulnerability Pivotal Cloud Foundry
“16 2017” CVE-2017-8031   UAA Denial of Service through client token revocation endpoint Pivotal Cloud Foundry
“15 2017” CVE-2017-14388   GrootFS doesn’t validate DiffIDs Pivotal Cloud Foundry
“11 2017” CVE-2017-8048   Cloud Controller API regression Pivotal Cloud Foundry
“10 2017” CVE-2017-8047   Cloud Foundry router open redirect Pivotal Cloud Foundry
“28 2017” USN-3420-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
“28 2017” USN-3418-1   GDK-PixBuf vulnerabilities Pivotal Cloud Foundry
“28 2017” USN-3415-1   tcpdump vulnerabilities Pivotal Cloud Foundry
“28 2017” USN-3411-1   Bazaar vulnerability Pivotal Cloud Foundry
“28 2017” USN-3410-1   GD library vulnerability Pivotal Cloud Foundry
“28 2017” USN-3405-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
“28 2017” USN-3398-1   graphite2 vulnerabilities Pivotal Cloud Foundry
“08 2017” CVE-2017-9805   Apache Struts Remote Code Execution Spring, Pivotal Cloud Foundry
“28 2017” USN-3392-2   Linux kernel (Xenial HWE) regression Pivotal Cloud Foundry
“21 2017” USN-3385-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
“14 2017” USN-3378-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
“14 2017” USN-3367-1   gdb vulnerabilities Pivotal Cloud Foundry
“14 2017” USN-3364-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
“14 2017” USN-3363-2   ImageMagick regression References Pivotal Cloud Foundry
“14 2017” USN-3363-1   ImageMagick vulnerabilities Pivotal Cloud Foundry
“14 2017” USN-3356-1   Expat vulnerability Pivotal Cloud Foundry
“14 2017” USN-3353-1   Heimdal vulnerability Pivotal Cloud Foundry
“14 2017” USN-3349-1   NTP vulnerabilities Pivotal Cloud Foundry
“14 2017” USN-3347-1   Libgcrypt vulnerabilities Pivotal Cloud Foundry
“14 2017” USN-3346-1   bind9 vulnerabilities Pivotal Cloud Foundry
“14 2017” USN-3344-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
“07 2017” CVE-2017-8037   Incomplete fix for Cloud Controller API access to CC VM contents Pivotal Cloud Foundry
“02 2017” CVE-2017-9022/CVE-2017-9023   strongSwan DOS Vulnerabilities Pivotal Cloud Foundry
“01 2017” CVE-2017-8038   Credentials readable from CredHub endpoint Pivotal Cloud Foundry
“25 2017” CVE-2017-8036   Cloud Controller API regression Pivotal Cloud Foundry
“25 2017” CVE-2017-8035   Cloud Controller API access to CC VM contents Pivotal Cloud Foundry
“25 2017” CVE-2017-8033   Cloud Controller API filesystem traversal vulnerability Pivotal Cloud Foundry
“24 2017” CVE-2017-8032   UAA Identity Zone Admin Privilege Escalation Pivotal Cloud Foundry
“05 2017” CVE-2017-7485   PostgreSQL vulnerabilities Pivotal Cloud Foundry
“26 2017” CVE-2017-5946   Directory Traversal in Rubyzip Pivotal Cloud Foundry
“26 2017” USN-3334-1   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
“26 2017” USN-3323-1   GNU C Library vulnerability Pivotal Cloud Foundry
“26 2017” USN-3318-1   GnuTLS vulnerabilities Pivotal Cloud Foundry
“26 2017” USN-3312-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
“26 2017” USN-3311-1   libnl vulnerability Pivotal Cloud Foundry
“26 2017” USN-3309-1   Libtasn1 vulnerability Pivotal Cloud Foundry
“26 2017” USN-3302-1   ImageMagick vulnerabilities Pivotal Cloud Foundry
“26 2017” USN-3212-2   LibTIFF regression Pivotal Cloud Foundry
“22 2017” USN-3304-1   Sudo vulnerability Pivotal Cloud Foundry
“08 2017” CVE-2017-4994   Forwarded Headers in UAA Pivotal Cloud Foundry
“08 2017” USN-3295-1   JasPer vulnerabilities Pivotal Cloud Foundry
“08 2017” USN-3294-1   Bash vulnerabilities Pivotal Cloud Foundry
“08 2017” USN-3291-3   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
“08 2017” USN-3287-1   Git vulnerability Pivotal Cloud Foundry
“08 2017” USN-3283-1   rtmpdump vulnerabilities Pivotal Cloud Foundry
“08 2017” USN-3282-1   FreeType vulnerabilities Pivotal Cloud Foundry
“08 2017” USN-3276-2   shadow regression Pivotal Cloud Foundry
“08 2017” USN-3263-1   FreeType vulnerability Pivotal Cloud Foundry
“08 2017” USN-3259-1   Bind vulnerabilities Pivotal Cloud Foundry
“08 2017” USN-3246-1   Eject vulnerability Pivotal Cloud Foundry
“08 2017” USN-3181-1   OpenSSL vulnerabilities Pivotal Cloud Foundry
“19 2017” CVE-2017-4992   Privilege escalation with user invitations Pivotal Cloud Foundry
“19 2017” CVE-2017-4991   UAA password reset vulnerability Pivotal Cloud Foundry
“02 2017” USN-3265-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
“01 2017” CVE-2017-4974   Blind SQL Injection with privileged UAA endpoints Pivotal Cloud Foundry
“20 2017” CVE-2015-3281   HAProxy vulnerabilities Pivotal Cloud Foundry
“20 2017” CVE-2017-4973   Privilege Escalation in UAA Pivotal Cloud Foundry
“20 2017” CVE-2017-4972   Blind SQL Injection in UAA Pivotal Cloud Foundry
“13 2017” CVE-2017-4969   Bug in CC allows users to exceed quotas Pivotal Cloud Foundry
“12 2017” USN-3256-2   Linux kernel (HWE) vulnerability Pivotal Cloud Foundry
“10 2017” CVE-2017-4970   Staticfile buildpack ignores basic authentication when misconfigured Pivotal Cloud Foundry
“06 2017” USN-3243-1   Git vulnerability Pivotal Cloud Foundry
“06 2017” USN-3241-1   audiofile vulnerabilities Pivotal Cloud Foundry
“06 2017” USN-3239-2   GNU C Library Regression Pivotal Cloud Foundry
“06 2017” USN-3237-1   FreeType vulnerability Pivotal Cloud Foundry
“06 2017” USN-3235-1   libxml2 vulnerabilities Pivotal Cloud Foundry
“06 2017” USN-3232-1   ImageMagick vulnerabilities Pivotal Cloud Foundry
“06 2017” USN-3227-1   ICU vulnerabilities Pivotal Cloud Foundry
“06 2017” USN-3225-1   libarchive vulnerabilities Pivotal Cloud Foundry
“06 2017” USN-3183-2   GnuTLS vulnerability Pivotal Cloud Foundry
“05 2017” CVE-2017-5649   Apache Geode privilege escalation vulnerability Pivotal GemFire
“04 2017” USN-3201-1   Bind vulnerabilities Pivotal Cloud Foundry
“04 2017” USN-3234-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
“04 2017” USN-3228-1   libevent vulnerabilities Pivotal Cloud Foundry
“04 2017” USN-3247-1   AppArmor vulnerability Pivotal Cloud Foundry
“04 2017” USN-3249-2   Linux kernel (Xenial HWE) vulnerability Pivotal Cloud Foundry
“31 2017” USN-3222-1   ImageMagick vulnerabilities Pivotal Cloud Foundry
“31 2017” USN-3213-1   GD library vulnerabilities Pivotal Cloud Foundry
“31 2017” USN-3212-1   LibTIFF vulnerabilities Pivotal Cloud Foundry
“31 2017” USN-3205-1   tcpdump vulnerabilities Pivotal Cloud Foundry
“31 2017” USN-3142-2   ImageMagick vulnerabilities Pivotal Cloud Foundry
“29 2017” CVE-2017-4963   Session Fixation for UAA External Authentication Pivotal Cloud Foundry
“17 2017” USN-3196-1   Multiple PHP vulnerabilities Pivotal Cloud Foundry
“17 2017” USN-3185-1   libXpm vulnerability Pivotal Cloud Foundry
“17 2017” USN-3193-1   Nettle vulnerability Pivotal Cloud Foundry
“17 2017” USN-3183-1   GnuTLS vulnerabilities Pivotal Cloud Foundry
“14 2017” USN-3189-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
“14 2017” CVE-2017-5638   Apache Struts Remote Code Execution Pivotal Cloud Foundry
“13 2017” USN-3220-2   Linux kernel (Xenial HWE) vulnerability Pivotal Cloud Foundry
“09 2017” CVE-2017-4960   UAA OAuth DOS via lockout feature Pivotal Cloud Foundry
“01 2017” USN-3208-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
“31 2017” USN-3172-1   Bind vulnerabilities Pivotal Cloud Foundry
“31 2017” USN-3169-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
“31 2017” USN-3161-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
“23 2017” CVE-2016-6660   Cloud Controller logs application environment variables Pivotal Cloud Foundry
“19 2017” USN-3024-1   tomcat6, tomcat7 vulnerabilities Pivotal Cloud Foundry
“12 2017” RunC Exec   RunC Exec Vulnerability Pivotal Cloud Foundry
“10 2017” CVE-2016-9882   Cloud Foundry Logs Service Credentials Pivotal Cloud Foundry
“29 2016” CVE-2016-3958 and CVE-2016-3959   Golang vulnerabilities Pivotal Cloud Foundry
“27 2016” USN-3146-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
“27 2016” USN-3128-2   Linux kernel (Xenial HWE) vulnerability Pivotal Cloud Foundry
“27 2016” USN-3142-1   ImageMagick vulnerabilities Pivotal Cloud Foundry
“19 2016” CVE-2016-8219   Space Auditor can restage apps Pivotal Cloud Foundry
“21 2016” Multiple CVEs   httpoxy vulnerabilities Pivotal Cloud Foundry
“20 2016” USN-3156-1   APT vulnerability Pivotal Cloud Foundry
“19 2016” USN-3131-1   ImageMagick vulnerabilities Pivotal Cloud Foundry
“19 2016” USN-3067-1   HarfBuzz vulnerabilities Pivotal Cloud Foundry
“19 2016” USN-3117-1   GD library vulnerabilities Pivotal Cloud Foundry
“14 2016” USN-3132-1   tar vulnerability Pivotal Cloud Foundry
“14 2016” USN-3134-1   Python vulnerabilities Pivotal Cloud Foundry
“14 2016” USN-3139-1   Vim vulnerability Pivotal Cloud Foundry
“14 2016” CVE-2016-6659   UAA Privilege Escalation Pivotal Cloud Foundry
“14 2016” USN-3116-1   DBus vulnerabilities Pivotal Cloud Foundry
“14 2016” USN-3119-1   Bind vulnerability Pivotal Cloud Foundry
“13 2016” USN-3123-1   curl vulnerabilities Pivotal Cloud Foundry
“13 2016” USN-3088-1   Bind vulnerability Pivotal Cloud Foundry
“09 2016” CVE-2016-8218   Unauthenticated JWT signing algorithm in routing Pivotal Cloud Foundry
“07 2016” USN-3151-2   Linux kernel (Xenial HWE) vulnerability Pivotal Cloud Foundry
“17 2016” CVE-2016-6663/CVE-2016-6664   MariaDB Root Privilege Escalation Pivotal Cloud Foundry
“17 2016” Several   PCRE vulnerabilities prior to version 8.39 Pivotal Cloud Foundry
“07 2016” USN-3096-1   NTP vulnerabilities Pivotal Cloud Foundry
“07 2016” USN-3095-1   PHP vulnerabilities Pivotal Cloud Foundry
“02 2016” CVE-2016-6658   Incomplete fix for Credential Vulnerability for Custom Buildpacks Pivotal Cloud Foundry
“21 2016” CVE-2016-5195   Linux kernel vulnerability Pivotal Cloud Foundry
“17 2016” CVE-2016-6655   Utility Script Command Injection Pivotal Cloud Foundry
“17 2016” USN-3099-2   Linux kernel vulnerabilities Pivotal Cloud Foundry
“29 2016” CVE-2016-6653   MySQL Audit logs sent to Syslog Pivotal Cloud Foundry
“28 2016” USN-3087-2   OpenSSL Regression Pivotal Cloud Foundry
“28 2016” USN-3083-1   Linux kernel vulnerabilities Pivotal Cloud Foundry
“28 2016” USN-3068-1   Libidn vulnerabilities Pivotal Cloud Foundry
“28 2016” CVE-2016-6662   Multiple MySQL Vulnerabilities Pivotal Cloud Foundry
“28 2016” USN-3085-1   GDK-PixBuf vulnerabilities Pivotal Cloud Foundry
“26 2016” CVE-2016-6651   Privilege Escalation in UAA Pivotal Cloud Foundry
“26 2016” CVE-2016-6636   UAA Open Redirect Vulnerability for Subdomains Pivotal Cloud Foundry
“26 2016” CVE-2016-6637   UAA CSRF Vulnerability for OAuth Approvals Pivotal Cloud Foundry
“21 2016” CVE-2014-9130   LibYAML vulnerability Pivotal Cloud Foundry
“09 2016” CVE-2016-6639   PHP Buildpack exposes .profile file Pivotal Cloud Foundry
“09 2016” USN-3045-1   PHP vulnerabilities Pivotal Cloud Foundry
“25 2016” USN-3065-1   Libgcrypt vulnerability Pivotal Cloud Foundry
“25 2016” USN-3064-1   GnuPG vulnerability Pivotal Cloud Foundry
“25 2016” USN-3063-1   Fontconfig vulnerability Pivotal Cloud Foundry
“25 2016” USN-3061-1   OpenSSH vulnerability Pivotal Cloud Foundry
“25 2016” USN-3030-1/USN-3060-1   GD library vulnerability Pivotal Cloud Foundry
“25 2016” USN-3053-1/USN-3037-1   Linux kernel (Vivid HWE) vulnerability Pivotal Cloud Foundry
“25 2016” USN-3048-1   curl vulnerability Pivotal Cloud Foundry
“25 2016” USN-3033-1   libarchive vulnerability Pivotal Cloud Foundry
“18 2016” CVE-2016-5016   UAA accepts expired certificates Pivotal Cloud Foundry
“26 2016” CVE-2016-5006   Cloud Controller API logs user-provided service credentials Pivotal Cloud Foundry
“13 2016” USN-3010-1   Expat vulnerabilities Pivotal Cloud Foundry
“13 2016” CVE-2016-4450   Nginx Vulnerabilities Pivotal Cloud Foundry
“13 2016” USN-3012-1   Wget vulnerability Pivotal Cloud Foundry
“01 2016” USN-3020-1   Linux kernel (Vivid HWE) vulnerabilities Pivotal Cloud Foundry
“30 2016” CVE-2016-4468   UAA SQL Injection Pivotal Cloud Foundry
“15 2016” USN-3001-1   Linux kernel (Vivid HWE) vulnerabilities Pivotal Cloud Foundry
“13 2016” CVE-2016-4435   BOSH Agent Anonymous Endpoint Pivotal Cloud Foundry
“13 2016” USN-2994-1   libxml2 vulnerabilities Pivotal Cloud Foundry
“13 2016” USN-2991-1   nginx vulnerability Pivotal Cloud Foundry
“13 2016” USN-2990-1   ImageMagick vulnerability (a.k.a. ImageTragick) Pivotal Cloud Foundry
“13 2016” USN-2987-1   GD library vulnerabilities Pivotal Cloud Foundry
“13 2016” USN-2985-2   GNU C Library regression Pivotal Cloud Foundry
“13 2016” USN-2983-1   Expat vulnerability Pivotal Cloud Foundry
“13 2016” USN-2981-1   libarchive vulnerabilities Pivotal Cloud Foundry
“13 2016” USN-2966-1   OpenSSH vulnerabilities Pivotal Cloud Foundry
“13 2016” USN-2961-1   Little CMS vulnerability Pivotal Cloud Foundry
“08 2016” CVE-2013-7456   PHP vulnerabilities Pivotal Cloud Foundry
“03 2016” USN-2970-1   Linux kernel (Vivid HWE) vulnerabilities Pivotal Cloud Foundry
“23 2016” CVE-2016-3084   UAA Password Reset Vulnerability Pivotal Cloud Foundry
“19 2016” USN-2977-1   Linux kernel (Vivid HWE) vulnerabilities Pivotal Cloud Foundry
“17 2016” CVE-2016-3091   Diego log encoding vulnerability Pivotal Cloud Foundry
“06 2016” USN-2959-1   OpenSSL vulnerabilities Pivotal Cloud Foundry
“06 2016” USN-2957-1   Libtasn1 vulnerability Pivotal Cloud Foundry
“06 2016” USN-2949-1   Linux kernel (Vivid HWE) vulnerabilities Pivotal Cloud Foundry
“06 2016” USN-2943-1   PCRE vulnerabilities Pivotal Cloud Foundry
“06 2016” USN-2935-2   PAM regression Pivotal Cloud Foundry
“02 2016” CVE-2015-5170-5173   UAA Vulnerabilities Pivotal Cloud Foundry
“14 2016” Badlock bug   Samba and Windows Vulnerabilities n/a
“24 2016” USN-2939-1   LibTIFF vulnerabilities Pivotal Cloud Foundry
“24 2016” USN-2927-1   Graphite2 vulnerabilities Pivotal Cloud Foundry
“24 2016” USN-2925-1   Bind9 vulnerabilities Pivotal Cloud Foundry
“24 2016” USN-2919-1   JasPer vulnerabilities Pivotal Cloud Foundry
“24 2016” USN-2918-1   Pixman vulnerabilities Pivotal Cloud Foundry
“24 2016” USN-2916-1   Perl vulnerabilities Pivotal Cloud Foundry
“24 2016” USN-2914-1   OpenSSL vulnerabilities Pivotal Cloud Foundry
“24 2016” NPM Ownership Issue   Warning about NPM modules Pivotal Cloud Foundry
“24 2016” USN-2938-1   Git vulnerabilities Pivotal Cloud Foundry
“16 2016” USN-2932-1   Linux kernel vulnerabilities Pivotal Cloud Foundry
“02 2016” CVE-2016-0800   OpenSSL vulnerabilities Pivotal Cloud Foundry
“26 2016” USN-2910-1   Linux kernel vulnerability Pivotal Cloud Foundry
“26 2016” CVE-2016-0761   Docker Image Host Files Corruption Pivotal Cloud Foundry
“19 2016” USN-2900-1   GNU libc vulnerability Pivotal Cloud Foundry
“02 2016” CVE-2016-0732   Privilege Escalation Pivotal Cloud Foundry
“01 2016” CVE-2016-0713   Gorouter XSS Pivotal Cloud Foundry
“22 2016” USN-2871-1   Linux kernel vulnerability Pivotal Cloud Foundry
“20 2016” CVE-2016-0715   Remote Information Disclosure Pivotal Cloud Foundry
“19 2016” USN-2865-1   GnuTLS vulnerability Pivotal Cloud Foundry
“19 2016” USN-2861-1   libpng vulnerability Pivotal Cloud Foundry
“19 2016” USN-2868-1   DHCP vulnerability Pivotal Cloud Foundry
“19 2016” USN-2869-1   OpenSSH vulnerability Pivotal Cloud Foundry
“18 2016” CVE-2016-0708   Remote Information Disclosure Pivotal Cloud Foundry
“07 2016” USN-2857-1   Linux kernel vulnerability Pivotal Cloud Foundry
“07 2016” USN-2842-1/USN-2842-2   Linux kernel vulnerability Pivotal Cloud Foundry
“07 2016” USN-2837-1   bind9 vulnerability Pivotal Cloud Foundry
“07 2016” USN-2836-1   grub2 vulnerability Pivotal Cloud Foundry
“07 2016” USN-2835-1   git vulnerability Pivotal Cloud Foundry
“07 2016” USN-2834-1   libxml2 vulnerability Pivotal Cloud Foundry
“07 2016” USN-2830-1   OpenSSL vulnerability Pivotal Cloud Foundry
“07 2016” USN-2829-1   Linux kernel vulnerability Pivotal Cloud Foundry
“15 2015” CVE-2015-5350   Garden Nstar vulnerability Pivotal Cloud Foundry
“04 2015” USN-2821-1   GnuTLS vulnerability Pivotal Cloud Foundry
“04 2015” USN-2820-1   dpkg vulnerability Pivotal Cloud Foundry
“02 2015” USN-2815-1   PNG vulnerability Pivotal Cloud Foundry
“02 2015” USN-2812-1   libxml2 vulnerability Pivotal Cloud Foundry
“02 2015” USN-2810-1   Kerberos vulnerability Pivotal Cloud Foundry
“02 2015” USN-2787-1   audiofile vulnerability Pivotal Cloud Foundry
“24 2015” USN-2788-1/2788-2   unzip vulnerability Pivotal Cloud Foundry
“12 2015” USN-2798-1   Linux kernel vulnerability Pivotal Cloud Foundry
“12 2015” USN-2806-1   Linux kernel vulnerability Pivotal Cloud Foundry
“03 2015” USN-2778-1   Linux kernel vulnerabilities Pivotal Cloud Foundry
“03 2015” USN-2767-1   GDK-Pixbuf library vulnerability Pivotal Cloud Foundry
“07 2015” Golang   Golang 1.4.3 CVE Fixes Pivotal Cloud Foundry
“07 2015” USN-2722-1   GDK-PixBuf Vulnerabilities Pivotal Cloud Foundry
“07 2015” USN-2711-1   Net-SNMP Vulnerabilities Pivotal Cloud Foundry
“07 2015” USN-2739-1   FreeType Vulnerabilities Pivotal Cloud Foundry
“07 2015” USN-2740-1   ICU Vulnerabilities Pivotal Cloud Foundry
“07 2015” USN-2751-1   Linux Kernel (Vivid HWE) Vulnerability Pivotal Cloud Foundry
“07 2015” USN-2756-1   rpcbind Vulnerability Pivotal Cloud Foundry
“07 2015” USN-2765-1   Linux Kernel (Vivid HWE) Vulnerability Pivotal Cloud Foundry
“08 2015” USN-2710-1   OpenSSH Vulnerabilities Pivotal Cloud Foundry
“08 2015” USN-2698-1   SQLite Vulnerabilities Pivotal Cloud Foundry
“08 2015” USN-2694-1   PCRE Vulnerabilities Pivotal Cloud Foundry
“08 2015” USN-2718-1   Address Configuration Change Vulnerabilities Pivotal Cloud Foundry
“06 2015” USN-2696-1   OpenJDK 7 Vulnerabilities Pivotal Cloud Foundry
“29 2015” CVE-2015-3290   Linux Kernel NMI Vulnerability Pivotal Cloud Foundry
“10 2015” CVE-2015-1420   file_handle size verification Pivotal Cloud Foundry
“06 2015” CVE-2015-1330   Unattended-Upgrades Vulnerability Pivotal Cloud Foundry
“25 2015” CVE-2015-3189   Expire old reset password links UAA, Pivotal Cloud Foundry
“25 2015” CVE-2015-3190   Open redirect on Login UAA, Pivotal Cloud Foundry
“25 2015” CVE-2015-3191   CSRF attack on change email UAA, Pivotal Cloud Foundry
“12 2015” USN-2639-1   OpenSSL vulnerabilities Pivotal Cloud Foundry
“12 2015” CVE-2015-3636   ipv4 use-after-free Pivotal Cloud Foundry
“17 2015” CVE-2015-1328   overlayfs privilege escalation Pivotal Cloud Foundry
“09 2015” Redis LUA Sandbox   Redis LUA Exploit Pivotal Cloud Foundry
“22 2015” CVE-2015-1834   Path Traversal Vulnerability Pivotal Cloud Foundry
“22 2015” USN-2617-1   FUSE Vulnerability Pivotal Cloud Foundry
“30 2015” CVE-2015-1855   Ruby OpenSSL Hostname Verification Pivotal Cloud Foundry
“23 2015” CVE-2015-0282   Multiple GnuTLS Vulnerabilities Pivotal Cloud Foundry
“21 2015” USN-2537-1   OpenSSL vulnerabilities Pivotal Cloud Foundry
“13 2015” CVE-2014-8159   Linux Kernel Infiniband Vulnerability
“09 2015” CVE-2014-0227   Apache Tomcat Request Smuggling Pivotal tc Server
“28 2015” CVE-2015-0235   GHOST Pivotal Cloud Foundry
“10 2014” CVE-2013-4444   Remote Code Execution in Apache Tomcat Pivotal Cloud Foundry
“16 2014” CVE-2014-3566   SSLV3 POODLE Pivotal Cloud Foundry
“29 2014” CVE-2014-7186   Bash Out-of Bonds Pivotal Cloud Foundry
“25 2014” CVE-2014-6271   Bash - ShellShock Pivotal Cloud Foundry
“19 2014” CVE-2014-5119   glib_gconv_translit_find() exploit Pivotal Cloud Foundry
“18 2014” CVE-2014-3153   Futex requeue exploit Pivotal Cloud Foundry
“05 2014” CVE-2014-0224   SSL/TLS MITM Vulnerability vFabric Web Server
Pivotal Web Server
Enterprise Ready Server (ERS)
Greenplum Command Center (GPCC)
Greenplum Database (GPDB)
HAWQ
Pivotal Command Center (PCC)
Pivotal App Suite Virtual Appliance
GemFire Native Client
“10 2014” CVE-2014-0160   Heartbleed vFabric Web Server
vFabric GemFire Native Client
Pivotal GemFire Native Client
Pivotal Command Center
Pivotal App Suite Virtual Appliance

[1] This table is not yet a complete list of vulnerabilities in dependencies. Formulating such a list is an extensive undertaking which Pivotal is addressing systematically. When this table becomes a complete and comprehensive list, we will remove this footnote.



Thanks

The Pivotal Security Team would like to thank the following individuals and companies for responsibly reporting a security issue. Names appear in the order vulnerability reports were received, most recent first.

  • Rohit Patil
  • Jimmy Bruneel
  • Taha Smily
  • Lacroute Serge
  • Md. Nur A Alam Dipu
  • GE Digital Security Team
  • SaifAllah benMassaoud
  • Pradeep Kumar
  • Muhammad Abdullah
  • Koutrouss Naddara

Note: Reports of vulnerabilities in Pivotal products are listed in the credit section of the associated security announcement.

Questions?