Pivotal Application Security Team


Overview

The Pivotal Application Security Team provides a single point of contact for the reporting of security vulnerabilities in Pivotal products and coordinates the process of investigating any reported vulnerabilities.

Reporting a vulnerability

We strongly encourage people to report security vulnerabilities privately to our security team before disclosing them in a public forum.

Please note that the e-mail address below should only be used for reporting undisclosed security vulnerabilities in Pivotal products and managing the process of fixing such vulnerabilities. We cannot accept regular bug reports or other security related queries at this address.

The e-mail address to use to contact the Pivotal Application Security Team is security@pivotal.io.

The fingerprint is: 16F6 51BF 4637 F486 C5E2 4635 19BB 5184 0191 92ED

It can be obtained from a public key server such as pgp.mit.edu.



Pivotal Product Vulnerability Reports
Date   CVE Reference   Description
08 Juni 2017 CVE-2017-4995   Jackson Configuration Allows Code Execution with Unknown “Serialization Gadgets”
31 Mai 2017 CVE-2017-4971   Data Binding Expression Vulnerability in Spring Web Flow
15 Mai 2017 CVE-2017-4975   Tile generator sets open security groups
04 Mai 2017 CVE-2017-4966   RabbitMQ local storage of credentials
04 Mai 2017 CVE-2017-4965   XSS vulnerabilities in RabbitMQ management UI
27 März 2017 CVE-2017-2773   Unauthenticated JWT signing algorithm in multiple components
24 März 2017 CVE-2017-4955   Credentials in Elastic Runtime Notifications errand log
14 Feb 2017 CVE-2017-4959   Pivotal Cloud Foundry account authorization vulnerability
09 Feb 2017 CVE-2016-9880   Unauthenticated access to GemFire for PCF broker endpoints
04 Jan 2017 CVE-2016-9885   gfsh exposed over go router for GemFire for PCF
28 Dez 2016 CVE-2016-9879   Encoded "/" in path variables
28 Dez 2016 CVE-2016-0898   Service backups log AWS key
21 Dez 2016 CVE-2016-9878   Directory Traversal in the Spring Framework ResourceServlet
19 Dez 2016 CVE-2016-9877   RabbitMQ authentication vulnerability
31 Okt 2016 CVE-2016-6657   PCF Open Redirects
31 Okt 2016 CVE-2016-6656   Code injection vulnerability via GPHDFS in Greenplum database
30 Sept 2016 CVE-2016-6652   Spring Data JPA Blind SQL Injection Vulnerability
12 Sept 2016 CVE-2016-0930   Ops Manager Compilation VMs Vulnerability on vSphere and vCloud
27 Juli 2016 CVE-2016-0896   IaaS Metadata Endpoint Accessible from Application Containers
15 Juli 2016 CVE-2016-0929   RabbitMQ for PCF vulnerability
07 Juli 2016 CVE-2016-5007   Spring Security / MVC Path Matching Inconsistency
07 Juli 2016 CVE-2016-0926   Apps Manager XSS vulnerability
05 Juli 2016 CVE-2016-4977   Remote Code Execution (RCE) in Spring Security OAuth
29 Juni 2016 CVE-2016-0928   PCF Open Redirects
24 Juni 2016 CVE-2016-0897   Ops Manager vSphere and vCloud vulnerability
23 Juni 2016 CVE-2016-0927   Ops Manager XSS vulnerability
11 Apr 2016 CVE-2016-2173   Remote Code Execution in Spring AMQP
23 März 2016 CVE-2016-0780   Cloud Controller Disk Quota Enforcement
23 März 2016 CVE-2016-2165   Loggregator Request URL Paths
23 März 2016 CVE-2016-0781   UAA Persistent XSS Vulnerability
03 Feb 2016 CVE-2016-0883   Pivotal Ops Manager Weak Authentication Scheme
12 Nov 2015 CVE-2015-5258   Spring Social CSRF
15 Okt 2015 CVE-2015-5211   RFD Attack in Spring Framework
30 Juni 2015 CVE-2015-3192   DoS Attack with XML Input
06 März 2015 CVE-2015-0201   Insufficiently random session id in Java SockJS client
13 Jan 2015 CVE-2014-3626   Directory Traversal in Grails Resources Plugin
11 Nov 2014 CVE-2014-3625   Directory Traversal in Spring Framework
05 Sept 2014 CVE-2014-3578   Directory Traversal in Spring Framework
15 Aug 2014 CVE-2014-3527   Access Control Bypass in Spring Security
28 Mai 2014 CVE-2014-0225   Information Disclosure when using Spring MVC
11 März 2014 CVE-2014-1904   XSS when using Spring MVC
11 März 2014 CVE-2014-0097   Blank password may bypass user authentication
11 März 2014 CVE-2014-0054   Incomplete fix for CVE-2013-7315 / CVE-2013-6429 (XXE)
19 Feb 2014 CVE-2014-0053   Information Disclosure when using Grails
14 Jan 2014 CVE-2013-6430   Possible XSS when using Spring MVC
14 Jan 2014 CVE-2013-6429   Incomplete fix for CVE-2013-7315 (XXE)
22 Aug 2013 CVE-2013-7315   XML External Entity (XXE) injection in Spring Framework
22 Aug 2013 CVE-2013-4152   XML eXternal Entity (XXE) injection in Spring Framework


Notable Vulnerabilities in Dependencies[1]
Date   CVE Reference   Description Affected Pivotal Product(s)
14 Aug 2017 USN-3378-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
14 Aug 2017 USN-3367-1   gdb vulnerabilities Pivotal Cloud Foundry
14 Aug 2017 USN-3364-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
14 Aug 2017 USN-3363-2   ImageMagick regression References Pivotal Cloud Foundry
14 Aug 2017 USN-3363-1   ImageMagick vulnerabilities Pivotal Cloud Foundry
14 Aug 2017 USN-3356-1   Expat vulnerability Pivotal Cloud Foundry
14 Aug 2017 USN-3353-1   Heimdal vulnerability Pivotal Cloud Foundry
14 Aug 2017 USN-3349-1   NTP vulnerabilities Pivotal Cloud Foundry
14 Aug 2017 USN-3347-1   Libgcrypt vulnerabilities Pivotal Cloud Foundry
14 Aug 2017 USN-3346-1   bind9 vulnerabilities Pivotal Cloud Foundry
14 Aug 2017 USN-3344-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
07 Aug 2017 CVE-2017-8037   Incomplete fix for Cloud Controller API access to CC VM contents Pivotal Cloud Foundry
02 Aug 2017 CVE-2017-9022/CVE-2017-9023   strongSwan DOS Vulnerabilities Pivotal Cloud Foundry
01 Aug 2017 CVE-2017-8038   Credentials readable from CredHub endpoint Pivotal Cloud Foundry
25 Juli 2017 CVE-2017-8036   Cloud Controller API regression Pivotal Cloud Foundry
25 Juli 2017 CVE-2017-8035   Cloud Controller API access to CC VM contents Pivotal Cloud Foundry
25 Juli 2017 CVE-2017-8033   Cloud Controller API filesystem traversal vulnerability Pivotal Cloud Foundry
24 Juli 2017 CVE-2017-8032   UAA Identity Zone Admin Privilege Escalation Pivotal Cloud Foundry
05 Juli 2017 CVE-2017-7485   PostgreSQL vulnerabilities Pivotal Cloud Foundry
26 Juni 2017 CVE-2017-5946   Directory Traversal in Rubyzip Pivotal Cloud Foundry
26 Juni 2017 USN-3334-1   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
26 Juni 2017 USN-3323-1   GNU C Library vulnerability Pivotal Cloud Foundry
26 Juni 2017 USN-3318-1   GnuTLS vulnerabilities Pivotal Cloud Foundry
26 Juni 2017 USN-3312-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
26 Juni 2017 USN-3311-1   libnl vulnerability Pivotal Cloud Foundry
26 Juni 2017 USN-3309-1   Libtasn1 vulnerability Pivotal Cloud Foundry
26 Juni 2017 USN-3302-1   ImageMagick vulnerabilities Pivotal Cloud Foundry
26 Juni 2017 USN-3212-2   LibTIFF regression Pivotal Cloud Foundry
22 Juni 2017 USN-3304-1   Sudo vulnerability Pivotal Cloud Foundry
08 Juni 2017 CVE-2017-4994   Forwarded Headers in UAA Pivotal Cloud Foundry
08 Juni 2017 USN-3295-1   JasPer vulnerabilities Pivotal Cloud Foundry
08 Juni 2017 USN-3294-1   Bash vulnerabilities Pivotal Cloud Foundry
08 Juni 2017 USN-3291-3   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
08 Juni 2017 USN-3287-1   Git vulnerability Pivotal Cloud Foundry
08 Juni 2017 USN-3283-1   rtmpdump vulnerabilities Pivotal Cloud Foundry
08 Juni 2017 USN-3282-1   FreeType vulnerabilities Pivotal Cloud Foundry
08 Juni 2017 USN-3276-2   shadow regression Pivotal Cloud Foundry
08 Juni 2017 USN-3263-1   FreeType vulnerability Pivotal Cloud Foundry
08 Juni 2017 USN-3259-1   Bind vulnerabilities Pivotal Cloud Foundry
08 Juni 2017 USN-3246-1   Eject vulnerability Pivotal Cloud Foundry
08 Juni 2017 USN-3181-1   OpenSSL vulnerabilities Pivotal Cloud Foundry
19 Mai 2017 CVE-2017-4992   Privilege escalation with user invitations Pivotal Cloud Foundry
19 Mai 2017 CVE-2017-4991   UAA password reset vulnerability Pivotal Cloud Foundry
02 Mai 2017 USN-3265-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
01 Mai 2017 CVE-2017-4974   Blind SQL Injection with privileged UAA endpoints Pivotal Cloud Foundry
20 Apr 2017 CVE-2015-3281   HAProxy vulnerabilities Pivotal Cloud Foundry
20 Apr 2017 CVE-2017-4973   Privilege Escalation in UAA Pivotal Cloud Foundry
20 Apr 2017 CVE-2017-4972   Blind SQL Injection in UAA Pivotal Cloud Foundry
13 Apr 2017 CVE-2017-4969   Bug in CC allows users to exceed quotas Pivotal Cloud Foundry
12 Apr 2017 USN-3256-2   Linux kernel (HWE) vulnerability Pivotal Cloud Foundry
10 Apr 2017 CVE-2017-4970   Staticfile buildpack ignores basic authentication when misconfigured Pivotal Cloud Foundry
06 Apr 2017 USN-3243-1   Git vulnerability Pivotal Cloud Foundry
06 Apr 2017 USN-3241-1   audiofile vulnerabilities Pivotal Cloud Foundry
06 Apr 2017 USN-3239-2   GNU C Library Regression Pivotal Cloud Foundry
06 Apr 2017 USN-3237-1   FreeType vulnerability Pivotal Cloud Foundry
06 Apr 2017 USN-3235-1   libxml2 vulnerabilities Pivotal Cloud Foundry
06 Apr 2017 USN-3232-1   ImageMagick vulnerabilities Pivotal Cloud Foundry
06 Apr 2017 USN-3227-1   ICU vulnerabilities Pivotal Cloud Foundry
06 Apr 2017 USN-3225-1   libarchive vulnerabilities Pivotal Cloud Foundry
06 Apr 2017 USN-3183-2   GnuTLS vulnerability Pivotal Cloud Foundry
05 Apr 2017 CVE-2017-5649   Apache Geode privilege escalation vulnerability Pivotal GemFire
04 Apr 2017 USN-3201-1   Bind vulnerabilities Pivotal Cloud Foundry
04 Apr 2017 USN-3234-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
04 Apr 2017 USN-3228-1   libevent vulnerabilities Pivotal Cloud Foundry
04 Apr 2017 USN-3247-1   AppArmor vulnerability Pivotal Cloud Foundry
04 Apr 2017 USN-3249-2   Linux kernel (Xenial HWE) vulnerability Pivotal Cloud Foundry
31 März 2017 USN-3222-1   ImageMagick vulnerabilities Pivotal Cloud Foundry
31 März 2017 USN-3213-1   GD library vulnerabilities Pivotal Cloud Foundry
31 März 2017 USN-3212-1   LibTIFF vulnerabilities Pivotal Cloud Foundry
31 März 2017 USN-3205-1   tcpdump vulnerabilities Pivotal Cloud Foundry
31 März 2017 USN-3142-2   ImageMagick vulnerabilities Pivotal Cloud Foundry
29 März 2017 CVE-2017-4963   Session Fixation for UAA External Authentication Pivotal Cloud Foundry
17 März 2017 USN-3196-1   Multiple PHP vulnerabilities Pivotal Cloud Foundry
17 März 2017 USN-3185-1   libXpm vulnerability Pivotal Cloud Foundry
17 März 2017 USN-3193-1   Nettle vulnerability Pivotal Cloud Foundry
17 März 2017 USN-3183-1   GnuTLS vulnerabilities Pivotal Cloud Foundry
14 März 2017 USN-3189-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
14 März 2017 CVE-2017-5638   Apache Struts Remote Code Execution Pivotal Cloud Foundry
13 März 2017 USN-3220-2   Linux kernel (Xenial HWE) vulnerability Pivotal Cloud Foundry
09 März 2017 CVE-2017-4960   UAA OAuth DOS via lockout feature Pivotal Cloud Foundry
01 März 2017 USN-3208-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
31 Jan 2017 USN-3172-1   Bind vulnerabilities Pivotal Cloud Foundry
31 Jan 2017 USN-3169-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
31 Jan 2017 USN-3161-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
23 Jan 2017 CVE-2016-6660   Cloud Controller logs application environment variables Pivotal Cloud Foundry
19 Jan 2017 USN-3024-1   tomcat6, tomcat7 vulnerabilities Pivotal Cloud Foundry
12 Jan 2017 RunC Exec   RunC Exec Vulnerability Pivotal Cloud Foundry
10 Jan 2017 CVE-2016-9882   Cloud Foundry Logs Service Credentials Pivotal Cloud Foundry
29 Dez 2016 CVE-2016-3958 and CVE-2016-3959   Golang vulnerabilities Pivotal Cloud Foundry
27 Dez 2016 USN-3146-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
27 Dez 2016 USN-3128-2   Linux kernel (Xenial HWE) vulnerability Pivotal Cloud Foundry
27 Dez 2016 USN-3142-1   ImageMagick vulnerabilities Pivotal Cloud Foundry
19 Dez 2016 CVE-2016-8219   Space Auditor can restage apps Pivotal Cloud Foundry
21 Dez 2016 Multiple CVEs   httpoxy vulnerabilities Pivotal Cloud Foundry
20 Dez 2016 USN-3156-1   APT vulnerability Pivotal Cloud Foundry
19 Dez 2016 USN-3131-1   ImageMagick vulnerabilities Pivotal Cloud Foundry
19 Dez 2016 USN-3067-1   HarfBuzz vulnerabilities Pivotal Cloud Foundry
19 Dez 2016 USN-3117-1   GD library vulnerabilities Pivotal Cloud Foundry
14 Dez 2016 USN-3132-1   tar vulnerability Pivotal Cloud Foundry
14 Dez 2016 USN-3134-1   Python vulnerabilities Pivotal Cloud Foundry
14 Dez 2016 USN-3139-1   Vim vulnerability Pivotal Cloud Foundry
14 Dez 2016 CVE-2016-6659   UAA Privilege Escalation Pivotal Cloud Foundry
14 Dez 2016 USN-3116-1   DBus vulnerabilities Pivotal Cloud Foundry
14 Dez 2016 USN-3119-1   Bind vulnerability Pivotal Cloud Foundry
13 Dez 2016 USN-3123-1   curl vulnerabilities Pivotal Cloud Foundry
13 Dez 2016 USN-3088-1   Bind vulnerability Pivotal Cloud Foundry
09 Dez 2016 CVE-2016-8218   Unauthenticated JWT signing algorithm in routing Pivotal Cloud Foundry
07 Dez 2016 USN-3151-2   Linux kernel (Xenial HWE) vulnerability Pivotal Cloud Foundry
17 Nov 2016 CVE-2016-6663/CVE-2016-6664   MariaDB Root Privilege Escalation Pivotal Cloud Foundry
17 Nov 2016 Several   PCRE vulnerabilities prior to version 8.39 Pivotal Cloud Foundry
07 Nov 2016 USN-3096-1   NTP vulnerabilities Pivotal Cloud Foundry
07 Nov 2016 USN-3095-1   PHP vulnerabilities Pivotal Cloud Foundry
02 Nov 2016 CVE-2016-6658   Incomplete fix for Credential Vulnerability for Custom Buildpacks Pivotal Cloud Foundry
21 Okt 2016 CVE-2016-5195   Linux kernel vulnerability Pivotal Cloud Foundry
17 Okt 2016 CVE-2016-6655   Utility Script Command Injection Pivotal Cloud Foundry
17 Okt 2016 USN-3099-2   Linux kernel vulnerabilities Pivotal Cloud Foundry
29 Sept 2016 CVE-2016-6653   MySQL Audit logs sent to Syslog Pivotal Cloud Foundry
28 Sept 2016 USN-3087-2   OpenSSL Regression Pivotal Cloud Foundry
28 Sept 2016 USN-3083-1   Linux kernel vulnerabilities Pivotal Cloud Foundry
28 Sept 2016 USN-3068-1   Libidn vulnerabilities Pivotal Cloud Foundry
28 Sept 2016 CVE-2016-6662   Multiple MySQL Vulnerabilities Pivotal Cloud Foundry
28 Sept 2016 USN-3085-1   GDK-PixBuf vulnerabilities Pivotal Cloud Foundry
26 Sept 2016 CVE-2016-6651   Privilege Escalation in UAA Pivotal Cloud Foundry
26 Sept 2016 CVE-2016-6636   UAA Open Redirect Vulnerability for Subdomains Pivotal Cloud Foundry
26 Sept 2016 CVE-2016-6637   UAA CSRF Vulnerability for OAuth Approvals Pivotal Cloud Foundry
21 Sept 2016 CVE-2014-9130   LibYAML vulnerability Pivotal Cloud Foundry
09 Sept 2016 CVE-2016-6639   PHP Buildpack exposes .profile file Pivotal Cloud Foundry
09 Sept 2016 USN-3045-1   PHP vulnerabilities Pivotal Cloud Foundry
25 Aug 2016 USN-3065-1   Libgcrypt vulnerability Pivotal Cloud Foundry
25 Aug 2016 USN-3064-1   GnuPG vulnerability Pivotal Cloud Foundry
25 Aug 2016 USN-3063-1   Fontconfig vulnerability Pivotal Cloud Foundry
25 Aug 2016 USN-3061-1   OpenSSH vulnerability Pivotal Cloud Foundry
25 Aug 2016 USN-3030-1/USN-3060-1   GD library vulnerability Pivotal Cloud Foundry
25 Aug 2016 USN-3053-1/USN-3037-1   Linux kernel (Vivid HWE) vulnerability Pivotal Cloud Foundry
25 Aug 2016 USN-3048-1   curl vulnerability Pivotal Cloud Foundry
25 Aug 2016 USN-3033-1   libarchive vulnerability Pivotal Cloud Foundry
18 Aug 2016 CVE-2016-5016   UAA accepts expired certificates Pivotal Cloud Foundry
26 Juli 2016 CVE-2016-5006   Cloud Controller API logs user-provided service credentials Pivotal Cloud Foundry
13 Juli 2016 USN-3010-1   Expat vulnerabilities Pivotal Cloud Foundry
13 Juli 2016 CVE-2016-4450   Nginx Vulnerabilities Pivotal Cloud Foundry
13 Juli 2016 USN-3012-1   Wget vulnerability Pivotal Cloud Foundry
01 Juli 2016 USN-3020-1   Linux kernel (Vivid HWE) vulnerabilities Pivotal Cloud Foundry
30 Juni 2016 CVE-2016-4468   UAA SQL Injection Pivotal Cloud Foundry
15 Juni 2016 USN-3001-1   Linux kernel (Vivid HWE) vulnerabilities Pivotal Cloud Foundry
13 Juni 2016 CVE-2016-4435   BOSH Agent Anonymous Endpoint Pivotal Cloud Foundry
13 Juni 2016 USN-2994-1   libxml2 vulnerabilities Pivotal Cloud Foundry
13 Juni 2016 USN-2991-1   nginx vulnerability Pivotal Cloud Foundry
13 Juni 2016 USN-2990-1   ImageMagick vulnerability (a.k.a. ImageTragick) Pivotal Cloud Foundry
13 Juni 2016 USN-2987-1   GD library vulnerabilities Pivotal Cloud Foundry
13 Juni 2016 USN-2985-2   GNU C Library regression Pivotal Cloud Foundry
13 Juni 2016 USN-2983-1   Expat vulnerability Pivotal Cloud Foundry
13 Juni 2016 USN-2981-1   libarchive vulnerabilities Pivotal Cloud Foundry
13 Juni 2016 USN-2966-1   OpenSSH vulnerabilities Pivotal Cloud Foundry
13 Juni 2016 USN-2961-1   Little CMS vulnerability Pivotal Cloud Foundry
08 Juni 2016 CVE-2013-7456   PHP vulnerabilities Pivotal Cloud Foundry
03 Juni 2016 USN-2970-1   Linux kernel (Vivid HWE) vulnerabilities Pivotal Cloud Foundry
23 Mai 2016 CVE-2016-3084   UAA Password Reset Vulnerability Pivotal Cloud Foundry
19 Mai 2016 USN-2977-1   Linux kernel (Vivid HWE) vulnerabilities Pivotal Cloud Foundry
17 Mai 2016 CVE-2016-3091   Diego log encoding vulnerability Pivotal Cloud Foundry
06 Mai 2016 USN-2959-1   OpenSSL vulnerabilities Pivotal Cloud Foundry
06 Mai 2016 USN-2957-1   Libtasn1 vulnerability Pivotal Cloud Foundry
06 Mai 2016 USN-2949-1   Linux kernel (Vivid HWE) vulnerabilities Pivotal Cloud Foundry
06 Mai 2016 USN-2943-1   PCRE vulnerabilities Pivotal Cloud Foundry
06 Mai 2016 USN-2935-2   PAM regression Pivotal Cloud Foundry
02 Mai 2016 CVE-2015-5170-5173   UAA Vulnerabilities Pivotal Cloud Foundry
14 Apr 2016 Badlock bug   Samba and Windows Vulnerabilities n/a
24 März 2016 USN-2939-1   LibTIFF vulnerabilities Pivotal Cloud Foundry
24 März 2016 USN-2927-1   Graphite2 vulnerabilities Pivotal Cloud Foundry
24 März 2016 USN-2925-1   Bind9 vulnerabilities Pivotal Cloud Foundry
24 März 2016 USN-2919-1   JasPer vulnerabilities Pivotal Cloud Foundry
24 März 2016 USN-2918-1   Pixman vulnerabilities Pivotal Cloud Foundry
24 März 2016 USN-2916-1   Perl vulnerabilities Pivotal Cloud Foundry
24 März 2016 USN-2914-1   OpenSSL vulnerabilities Pivotal Cloud Foundry
24 März 2016 NPM Ownership Issue   Warning about NPM modules Pivotal Cloud Foundry
24 März 2016 USN-2938-1   Git vulnerabilities Pivotal Cloud Foundry
16 März 2016 USN-2932-1   Linux kernel vulnerabilities Pivotal Cloud Foundry
02 März 2016 CVE-2016-0800   OpenSSL vulnerabilities Pivotal Cloud Foundry
26 Feb 2016 USN-2910-1   Linux kernel vulnerability Pivotal Cloud Foundry
26 Feb 2016 CVE-2016-0761   Docker Image Host Files Corruption Pivotal Cloud Foundry
19 Feb 2016 USN-2900-1   GNU libc vulnerability Pivotal Cloud Foundry
02 Feb 2016 CVE-2016-0732   Privilege Escalation Pivotal Cloud Foundry
22 Jan 2016 USN-2871-1   Linux kernel vulnerability Pivotal Cloud Foundry
20 Jan 2016 CVE-2016-0715   Remote Information Disclosure Pivotal Cloud Foundry
19 Jan 2016 USN-2865-1   GnuTLS vulnerability Pivotal Cloud Foundry
19 Jan 2016 USN-2861-1   libpng vulnerability Pivotal Cloud Foundry
19 Jan 2016 USN-2868-1   DHCP vulnerability Pivotal Cloud Foundry
19 Jan 2016 USN-2869-1   OpenSSH vulnerability Pivotal Cloud Foundry
18 Jan 2016 CVE-2016-0708   Remote Information Disclosure Pivotal Cloud Foundry
07 Jan 2016 USN-2857-1   Linux kernel vulnerability Pivotal Cloud Foundry
07 Jan 2016 USN-2842-1/USN-2842-2   Linux kernel vulnerability Pivotal Cloud Foundry
07 Jan 2016 USN-2837-1   bind9 vulnerability Pivotal Cloud Foundry
07 Jan 2016 USN-2836-1   grub2 vulnerability Pivotal Cloud Foundry
07 Jan 2016 USN-2835-1   git vulnerability Pivotal Cloud Foundry
07 Jan 2016 USN-2834-1   libxml2 vulnerability Pivotal Cloud Foundry
07 Jan 2016 USN-2830-1   OpenSSL vulnerability Pivotal Cloud Foundry
07 Jan 2016 USN-2829-1   Linux kernel vulnerability Pivotal Cloud Foundry
15 Dez 2015 CVE-2015-5350   Garden Nstar vulnerability Pivotal Cloud Foundry
04 Dez 2015 USN-2821-1   GnuTLS vulnerability Pivotal Cloud Foundry
04 Dez 2015 USN-2820-1   dpkg vulnerability Pivotal Cloud Foundry
02 Dez 2015 USN-2815-1   PNG vulnerability Pivotal Cloud Foundry
02 Dez 2015 USN-2812-1   libxml2 vulnerability Pivotal Cloud Foundry
02 Dez 2015 USN-2810-1   Kerberos vulnerability Pivotal Cloud Foundry
02 Dez 2015 USN-2787-1   audiofile vulnerability Pivotal Cloud Foundry
24 Nov 2015 USN-2788-1/2788-2   unzip vulnerability Pivotal Cloud Foundry
12 Nov 2015 USN-2798-1   Linux kernel vulnerability Pivotal Cloud Foundry
12 Nov 2015 USN-2806-1   Linux kernel vulnerability Pivotal Cloud Foundry
03 Nov 2015 USN-2778-1   Linux kernel vulnerabilities Pivotal Cloud Foundry
03 Nov 2015 USN-2767-1   GDK-Pixbuf library vulnerability Pivotal Cloud Foundry
07 Okt 2015 Golang   Golang 1.4.3 CVE Fixes Pivotal Cloud Foundry
07 Okt 2015 USN-2722-1   GDK-PixBuf Vulnerabilities Pivotal Cloud Foundry
07 Okt 2015 USN-2711-1   Net-SNMP Vulnerabilities Pivotal Cloud Foundry
07 Okt 2015 USN-2739-1   FreeType Vulnerabilities Pivotal Cloud Foundry
07 Okt 2015 USN-2740-1   ICU Vulnerabilities Pivotal Cloud Foundry
07 Okt 2015 USN-2751-1   Linux Kernel (Vivid HWE) Vulnerability Pivotal Cloud Foundry
07 Okt 2015 USN-2756-1   rpcbind Vulnerability Pivotal Cloud Foundry
07 Okt 2015 USN-2765-1   Linux Kernel (Vivid HWE) Vulnerability Pivotal Cloud Foundry
08 Sept 2015 USN-2710-1   OpenSSH Vulnerabilities Pivotal Cloud Foundry
08 Sept 2015 USN-2698-1   SQLite Vulnerabilities Pivotal Cloud Foundry
08 Sept 2015 USN-2694-1   PCRE Vulnerabilities Pivotal Cloud Foundry
08 Sept 2015 USN-2718-1   Address Configuration Change Vulnerabilities Pivotal Cloud Foundry
06 Aug 2015 USN-2696-1   OpenJDK 7 Vulnerabilities Pivotal Cloud Foundry
29 Juli 2015 CVE-2015-3290   Linux Kernel NMI Vulnerability Pivotal Cloud Foundry
10 Juli 2015 CVE-2015-1420   file_handle size verification Pivotal Cloud Foundry
06 Juli 2015 CVE-2015-1330   Unattended-Upgrades Vulnerability Pivotal Cloud Foundry
25 Juni 2015 CVE-2015-3189   Expire old reset password links UAA, Pivotal Cloud Foundry
25 Juni 2015 CVE-2015-3190   Open redirect on Login UAA, Pivotal Cloud Foundry
25 Juni 2015 CVE-2015-3191   CSRF attack on change email UAA, Pivotal Cloud Foundry
12 Juni 2015 USN-2639-1   OpenSSL vulnerabilities Pivotal Cloud Foundry
12 Juni 2015 CVE-2015-3636   ipv4 use-after-free Pivotal Cloud Foundry
17 Juni 2015 CVE-2015-1328   overlayfs privilege escalation Pivotal Cloud Foundry
09 Juni 2015 Redis LUA Sandbox   Redis LUA Exploit Pivotal Cloud Foundry
22 Mai 2015 CVE-2015-1834   Path Traversal Vulnerability Pivotal Cloud Foundry
22 Mai 2015 USN-2617-1   FUSE Vulnerability Pivotal Cloud Foundry
30 Apr 2015 CVE-2015-1855   Ruby OpenSSL Hostname Verification Pivotal Cloud Foundry
23 März 2015 CVE-2015-0282   Multiple GnuTLS Vulnerabilities Pivotal Cloud Foundry
21 März 2015 USN-2537-1   OpenSSL vulnerabilities Pivotal Cloud Foundry
13 März 2015 CVE-2014-8159   Linux Kernel Infiniband Vulnerability
09 Feb 2015 CVE-2014-0227   Apache Tomcat Request Smuggling Pivotal tc Server
28 Jan 2015 CVE-2015-0235   GHOST Pivotal Cloud Foundry
10 Sept 2014 CVE-2013-4444   Remote Code Execution in Apache Tomcat Pivotal Cloud Foundry
16 Okt 2014 CVE-2014-3566   SSLV3 POODLE Pivotal Cloud Foundry
29 Sept 2014 CVE-2014-7186   Bash Out-of Bonds Pivotal Cloud Foundry
25 Sept 2014 CVE-2014-6271   Bash - ShellShock Pivotal Cloud Foundry
19 Sept 2014 CVE-2014-5119   glib_gconv_translit_find() exploit Pivotal Cloud Foundry
18 Aug 2014 CVE-2014-3153   Futex requeue exploit Pivotal Cloud Foundry
05 Juni 2014 CVE-2014-0224   SSL/TLS MITM Vulnerability vFabric Web Server
Pivotal Web Server
Enterprise Ready Server (ERS)
Greenplum Command Center (GPCC)
Greenplum Database (GPDB)
HAWQ
Pivotal Command Center (PCC)
Pivotal App Suite Virtual Appliance
GemFire Native Client
10 Apr 2014 CVE-2014-0160   Heartbleed vFabric Web Server
vFabric GemFire Native Client
Pivotal GemFire Native Client
Pivotal Command Center
Pivotal App Suite Virtual Appliance

[1] This table is not yet a complete list of vulnerabilities in dependencies. Formulating such a list is an extensive undertaking which Pivotal is addressing systematically. When this table becomes a complete and comprehensive list, we will remove this footnote.



Thanks

The Pivotal Security Team would like to thank the following individuals and companies for responsibly reporting a security issue. Names appear in the order vulnerability reports were received, most recent first.

  • SaifAllah benMassaoud
  • Pradeep Kumar
  • Muhammad Abdullah
  • Koutrouss Naddara

Note: Reports of vulnerabilities in Pivotal products are listed in the credit section of the associated security announcement.