Pivotal Application Security Team


Overview

The Pivotal Application Security Team provides a single point of contact for the reporting of security vulnerabilities in Pivotal products and coordinates the process of investigating any reported vulnerabilities.

If you would like to subscribe to updates to this page, the RSS feed for all vulnerability reports is available at https://pivotal.io/security/rss or https://pivotal.io/security/parsed/rss. The RSS feed for just the notable vulnerabilities in dependences is available at https://pivotal.io/security/dependencies/rss and the RSS feed for just Pivotal product vulnerabilities is available at https://pivotal.io/security/pivotal/rss.

Reporting a vulnerability

We strongly encourage people to report security vulnerabilities privately to our security team before disclosing them in a public forum.

Please note that the e-mail address below should only be used for reporting undisclosed security vulnerabilities in Pivotal products and managing the process of fixing such vulnerabilities. We cannot accept regular bug reports or other security related queries at this address.

The e-mail address to use to contact the Pivotal Application Security Team is security@pivotal.io.

The fingerprint is: AA8F D966 7001 70B7 087E B407 04A1 595B 8F19 137B

It can be obtained from a public key server such as pgp.mit.edu.



Pivotal Product Vulnerability Reports
Date   CVE Reference   Description
04 Dec 2019 CVE-2019-9517   CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9518, CVE-2019-9511, CVE-2019-9516, Some Pivotal products are impacted by HTTP/2 denial of service attacks
04 Dec 2019 CVE-2019-19029   SQL Injection via user-groups in VMware Harbor Container Registry for Pivotal Platform
04 Dec 2019 CVE-2019-19026   SQL Injection via project quotas in VMware Harbor Container Registry for Pivotal Platform
04 Dec 2019 CVE-2019-19025   Cross-Site Request Forgery Vulnerability in VMware Harbor Container Registry for Pivotal Platform
04 Dec 2019 CVE-2019-19023   Privilege Escalation Vulnerability in VMware Harbor Container Registry for Pivotal Platform
04 Dec 2019 CVE-2019-3990   User Enumeration Flaw in VMware Harbor Container Registry for Pivotal Platform
03 Dec 2019 CVE-2019-11293   UAA logs all query parameters with debug logging level
25 Nov 2019 CVE-2019-15587   Ops Manager contains a vulnerable Loofah gem
22 Nov 2019 CVE-2019-11287   RabbitMQ Web Management Plugin DoS via heap overflow
22 Nov 2019 CVE-2019-11291   RabbitMQ XSS attack via federation and shovel endpoints
18 Nov 2019 CVE-2019-11289   A forged route service request using an invalid nonce can cause the gorouter to panic and crash
06 Nov 2019 CVE-2019-9893   libseccomp incorrectly generate 64-bit syscall argument comparisons
28 Oct 2019 CVE-2019-16869   Reactor Netty Consumes a Vulnerable Version of Netty
24 Oct 2019 CVE-2019-11249   PKS consumes a vulnerable version of kubectl
23 Oct 2019 CVE-2019-11283   Password leak in smbdriver logs
17 Oct 2019 CVE-2019-16919   Broken access control vulnerability in Harbor API
15 Oct 2019 CVE-2019-11278   Privilege Escalation via Blind SCIM Injection in UAA
15 Oct 2019 CVE-2019-11279   Privilege Escalation via Scope Manipulation in UAA
15 Oct 2019 CVE-2019-11247   Kubernetes API Server Vulnerability
15 Oct 2019 CVE-2018-15664   Docker Symlink Directory Traversal Vulnerability
15 Oct 2019 CVE-2019-13139   Docker build code execution
14 Oct 2019 CVE-2019-11281   RabbitMQ XSS attack
11 Oct 2019 CVE-2019-11284   Reactor Netty authentication leak in redirects
25 Sep 2019 CVE-2019-11275   CSV Injection in usage report downloaded from Pivotal Application Manager
23 Sep 2019 CVE-2019-11277   Volume Services is vulnerable to an LDAP injection attack
19 Sep 2019 CVE-2019-11280   Privilege escalation through the invitations service
20 Aug 2019 CVE-2019-3775   UAA allows users to modify their own email address
20 Aug 2019 CVE-2019-3788   UAA redirect-uri allows wildcards in the subdomain
20 Aug 2018 CVE-2019-3787   UAA defaults email address to an insecure domain
20 Aug 2019 CVE-2019-10164   Critical Security Issue in PostgreSQL
19 Aug 2019 CVE-2019-11276   Apps Manager sends tokens to Spring apps via HTTP
15 Aug 2019 CVE-2017-15694   Pivotal GemFire and Cloud Cache consume vulnerable versions of Apache Geode
14 Aug 2019 CVE-2019-13232   ClamAV Add-on for PCF consumes a vulnerable version of ClamAV
01 Aug 2019 CVE-2019-11270   UAA clients.write vulnerability
25 Jul 2019 CVE-2019-3800   CF CLI writes the client id and secret to config file
25 Jul 2019 CVE-2019-3781   CF CLI does not sanitize user's password in verbose/trace/debug
23 Jul 2019 CVE-2019-11273   PKS Telemetry logs credentials
22 Jul 2019 VARIOUS-SQL   Various MySQL Security Updates from July 2018 through January 2019
22 Jul 2019 USN-4017-1   Linux kernel vulnerabilities
18 Jul 2019 CVE-2019-3786   BBR could run arbitrary scripts on deployment VMs
28 Jun 2019 CVE-2019-11271   Bosh Deployment logs leak sensitive information
19 Jun 2019 CVE-2019-11272   PlaintextPasswordEncoder authenticates encoded passwords that are null
30 May 2019 CVE-2019-5021   Tile generator affected by insecure default password
30 May 2019 CVE-2019-11269   Open Redirector in spring-security-oauth2
24 May 2019 CVE-2019-3790   Ops Manager uaa client issues tokens after refresh token expiration
13 May 2019 CVE-2019-3802   Additional information exposure with Spring Data JPA example matcher
25 Apr 2019 CVE-2019-3801   Java Projects using HTTP to fetch dependencies
24 Apr 2019 CVE-2019-3798   Escalation of Privileges in Cloud Controller
24 Apr 2019 CVE-2019-3789   Gorouter allows space developer to hijack route services hosted outside the platform
16 Apr 2019 CVE-2019-3799   Directory Traversal with spring-cloud-config-server
12 Apr 2019 CVE-2019-3793   Invitations Service supports HTTP connections
08 Apr 2019 CVE-2019-3797   Additional information exposure with Spring Data JPA derived queries
04 Apr 2019 CVE-2019-3795   Insecure Randomness When Using a SecureRandom Instance Constructed by Spring Security
01 Apr 2019 CVE-2019-9946   Kubernetes affecting certain network configurations with CNI
01 Apr 2019 CVE-2019-1002100   Kubernetes API Server Patch Request Consumes Excess Resource Cause Denial of Service
01 Apr 2019 CVE-2019-1002101   Kubernetes kubectl - potential directory traversal
25 Mar 2019 CVE-2019-3792   Concourse 5.0.0 SQL Injection vulnerability
07 Mar 2019 CVE-2019-8331   Bootstrap XSS
28 Feb 2019 CVE-2018-15754   UAA issues tokens across identity providers if users with matching usernames exist
26 Feb 2019 CVE-2019-3777   Apps Manager unverified SSL certs in Cloud Controller proxy
21 Feb 2019 CVE-2019-3778   Open Redirector in spring-security-oauth2
19 Feb 2019 CVE-2019-3776   Reflected XSS in Pivotal Operations Manager
14 Feb 2019 CVE-2019-3780   Cloud Foundry Container Runtime Leaks IAAS Credentials
14 Feb 2019 CVE-2019-3779   Pivotal Container Service allows a user to bypass security policy when talking to ETCD
14 Jan 2019 CVE-2019-3772   XML External Entity Injection (XXE)
14 Jan 2019 CVE-2019-3773   XML External Entity Injection (XXE)
14 Jan 2019 CVE-2019-3774   XML External Entity Injection (XXE)
08 Jan 2019 KUBERNETES-API-SERVER   Kubernetes API Server acts as proxy for internal and external IPs
08 Jan 2019 CVE-2019-3803   Concourse includes token in CLI authentication callback
04 Jan 2019 CVE-2018-18264   Kubernetes Dashboard TLS Certificate Leak
18 Dec 2018 CVE-2018-15801   Authorization Bypass During JWT Issuer Validation with spring-security
13 Dec 2018 CVE-2018-15798   Pivotal Concourse allows malicious redirect urls on login
05 Dec 2018 CVE-2018-1279   RabbitMQ cluster compromise due to deterministically generated cookie
15 Nov 2018 CVE-2018-15759   On Demand Services SDK Timing Attack Vulnerability
09 Nov 2018 CVE-2018-15795   CredHub Service Broker uses guessable client secret
29 Oct 2018 CVE-2018-15762   Pivotal Operations Manager gives all users heightened privileges
16 Oct 2018 CVE-2018-15758   Privilege Escalation in spring-security-oauth2
16 Oct 2018 CVE-2018-15756   DoS Attack via Range Requests
10 Oct 2018 CVE-2018-11084   Garden-runC prevents deletion of some app environments
10 Oct 2018 CVE-2018-15755   CF networking internal policy server SQL injection
03 Oct 2018 CVE-2018-11083   BOSH accepts refresh token as access token
02 Oct 2018 CVE-2018-15763   PKS leaks IaaS credentials to application logs
27 Sep 2018 CVE-2018-11081   Ops Manager writes UAA credentials to disk
13 Sep 2018 CVE-2018-1198   PCC bosh deployment logs print a superuser password in plain text
13 Sep 2018 CVE-2018-11088   CF admin credentials accessible to developers through Applications Manager
13 Sep 2018 CVE-2018-11086   CF admin credentials accessible to developers through usage service
11 Sep 2018 CVE-2018-11087   RabbitMQ (Spring-AMQP) Host name verification
23 Jul 2018 CVE-2018-11044   Apps Manager allows unescaped content in invitation emails
10 Jul 2018 CVE-2018-11045   Operations Manager image contains static LRNG seed file
20 Jun 2018 CVE-2018-11046   Operations Manager includes outdated NGINX packages
14 Jun 2018 CVE-2018-11040   JSONP enabled by default in MappingJackson2JsonView
14 Jun 2018 CVE-2018-11039   Cross Site Tracing (XST) with Spring Framework
11 May 2018 CVE-2018-1263   Unsafe Unzip with spring-integration-zip
10 May 2018 CVE-2018-1278   Apps Manager allows unauthorized org invitations
09 May 2018 CVE-2018-1261   Unsafe Unzip with spring-integration-zip
09 May 2018 CVE-2018-1260   Remote Code Execution with spring-security-oauth2
09 May 2018 CVE-2018-1259   XXE with Spring Data’s XMLBeam integration
09 May 2018 CVE-2018-1258   Unauthorized Access with Spring Security Method Security
09 May 2018 CVE-2018-1257   ReDoS Attack with spring-messaging
07 May 2018 CVE-2018-1280   Blind SQL injection in Pivotal Greenplum Command Center
30 Apr 2018 CVE-2018-1256   Issuer validation regression in Spring Cloud SSO Connector
10 Apr 2018 CVE-2018-1274   Denial of Service with Spring Data
10 Apr 2018 CVE-2018-1273   RCE with Spring Data Commons
09 Apr 2018 CVE-2018-1275   Address partial fix for CVE-2018-1270
05 Apr 2018 CVE-2018-1272   Multipart Content Pollution with Spring Framework
05 Apr 2018 CVE-2018-1271   Directory Traversal with Spring MVC on Windows
05 Apr 2018 CVE-2018-1270   Remote Code Execution with spring-messaging
16 Mar 2018 CVE-2018-1230   Spring Batch Admin vulnerable to Cross Site Request Forgery
16 Mar 2018 CVE-2018-1229   Stored XSS in file upload of Spring Batch Admin
13 Feb 2018 CVE-2018-1200   Apps Manager File Access Vulnerability
30 Jan 2018 CVE-2018-1196   Symlink privilege escalation attack via Spring Boot launch script
29 Jan 2018 CVE-2018-1199   Security bypass with static resources
16 Oct 2017 CVE-2017-8028   Spring-LDAP authentication with userSearch and STARTTLS allows authentication with arbitrary password
21 Sep 2017 CVE-2017-8046   RCE in PATCH requests in Spring Data REST
19 Sep 2017 CVE-2017-8045   Remote code execution in spring-amqp
15 Sep 2017 CVE-2017-8039   Data Binding Expression Vulnerability in Spring Web Flow
31 Aug 2017 CVE-2017-8044   XSS vulnerability in Single Sign-On for PCF via DOM-based query parameters
31 Aug 2017 CVE-2017-8041   XSS vulnerability in org name in Single Sign-On for PCF
31 Aug 2017 CVE-2017-8040   XXE Vulnerability in Single Sign-On for PCF
08 Jun 2017 CVE-2017-4995   Jackson Configuration Allows Code Execution with Unknown “Serialization Gadgets”
31 May 2017 CVE-2017-4971   Data Binding Expression Vulnerability in Spring Web Flow
15 May 2017 CVE-2017-4975   Tile generator sets open security groups
04 May 2017 CVE-2017-4966   RabbitMQ local storage of credentials
04 May 2017 CVE-2017-4965   XSS vulnerabilities in RabbitMQ management UI
27 Mar 2017 CVE-2017-2773   Unauthenticated JWT signing algorithm in multiple components
24 Mar 2017 CVE-2017-4955   Credentials in Elastic Runtime Notifications errand log
14 Feb 2017 CVE-2017-4959   Pivotal Cloud Foundry account authorization vulnerability
09 Feb 2017 CVE-2016-9880   Unauthenticated access to GemFire for PCF broker endpoints
04 Jan 2017 CVE-2016-9885   gfsh exposed over go router for GemFire for PCF
28 Dec 2016 CVE-2016-9879   Encoded "/" in path variables
28 Dec 2016 CVE-2016-0898   Service backups log AWS key
21 Dec 2016 CVE-2016-9878   Directory Traversal in the Spring Framework ResourceServlet
19 Dec 2016 CVE-2016-9877   RabbitMQ authentication vulnerability
31 Oct 2016 CVE-2016-6657   PCF Open Redirects
31 Oct 2016 CVE-2016-6656   Code injection vulnerability via GPHDFS in Greenplum database
30 Sep 2016 CVE-2016-6652   Spring Data JPA Blind SQL Injection Vulnerability
12 Sep 2016 CVE-2016-0930   Ops Manager Compilation VMs Vulnerability on vSphere and vCloud
27 Jul 2016 CVE-2016-0896   IaaS Metadata Endpoint Accessible from Application Containers
15 Jul 2016 CVE-2016-0929   RabbitMQ for PCF vulnerability
07 Jul 2016 CVE-2016-5007   Spring Security / MVC Path Matching Inconsistency
07 Jul 2016 CVE-2016-0926   Apps Manager XSS vulnerability
05 Jul 2016 CVE-2016-4977   Remote Code Execution (RCE) in Spring Security OAuth
29 Jun 2016 CVE-2016-0928   PCF Open Redirects
24 Jun 2016 CVE-2016-0897   Ops Manager vSphere and vCloud vulnerability
23 Jun 2016 CVE-2016-0927   Ops Manager XSS vulnerability
11 Apr 2016 CVE-2016-2173   Remote Code Execution in Spring AMQP
23 Mar 2016 CVE-2016-0780   Cloud Controller Disk Quota Enforcement
23 Mar 2016 CVE-2016-2165   Loggregator Request URL Paths
23 Mar 2016 CVE-2016-0781   UAA Persistent XSS Vulnerability
03 Feb 2016 CVE-2016-0883   Pivotal Ops Manager Weak Authentication Scheme
12 Nov 2015 CVE-2015-5258   Spring Social CSRF
15 Oct 2015 CVE-2015-5211   RFD Attack in Spring Framework
30 Jun 2015 CVE-2015-3192   DoS Attack with XML Input
06 Mar 2015 CVE-2015-0201   Insufficiently random session id in Java SockJS client
13 Jan 2015 CVE-2014-3626   Directory Traversal in Grails Resources Plugin
11 Nov 2014 CVE-2014-3625   Directory Traversal in Spring Framework
05 Sep 2014 CVE-2014-3578   Directory Traversal in Spring Framework
15 Aug 2014 CVE-2014-3527   Access Control Bypass in Spring Security
28 May 2014 CVE-2014-0225   Information Disclosure when using Spring MVC
11 Mar 2014 CVE-2014-1904   XSS when using Spring MVC
11 Mar 2014 CVE-2014-0097   Blank password may bypass user authentication
11 Mar 2014 CVE-2014-0054   Incomplete fix for CVE-2013-7315 / CVE-2013-6429 (XXE)
19 Feb 2014 CVE-2014-0053   Information Disclosure when using Grails
14 Jan 2014 CVE-2013-6430   Possible XSS when using Spring MVC
14 Jan 2014 CVE-2013-6429   Incomplete fix for CVE-2013-7315 (XXE)
22 Aug 2013 CVE-2013-7315   XML External Entity (XXE) injection in Spring Framework
22 Aug 2013 CVE-2013-4152   XML eXternal Entity (XXE) injection in Spring Framework


Notable Vulnerabilities in Dependencies[1]
Date   CVE Reference   Description Affected Pivotal Product(s)
14 Nov 2019 USN-4040-1   Expat vulnerability Pivotal Platform
14 Nov 2019 USN-4038-1   bzip2 vulnerabilities Pivotal Platform
14 Nov 2019 USN-4019-1   SQLite vulnerabilities Pivotal Platform
14 Nov 2019 USN-4016-1   Vim vulnerabilities Pivotal Platform
14 Nov 2019 USN-4015-1   DBus vulnerability Pivotal Platform
14 Nov 2019 USN-4012-1   elfutils vulnerabilities Pivotal Platform
14 Nov 2019 USN-4011-1   Jinja2 vulnerabilities Pivotal Platform
14 Nov 2019 USN-4008-2   AppArmor update Pivotal Platform
14 Nov 2019 USN-4004-1   Berkeley DB vulnerability Pivotal Platform
14 Nov 2019 USN-3999-1   GnuTLS vulnerabilities Pivotal Platform
14 Nov 2019 USN-3993-1   curl vulnerabilities Pivotal Platform
14 Nov 2019 USN-3990-1   urllib3 vulnerabilities Pivotal Platform
14 Nov 2019 USN-3968-1   Sudo vulnerabilities Pivotal Platform
14 Nov 2019 USN-3967-1   FFmpeg vulnerabilities Pivotal Platform
14 Nov 2019 USN-3911-1   file vulnerabilities Pivotal Platform
14 Nov 2019 USN-3885-2   OpenSSH vulnerability Pivotal Platform
06 Nov 2019 USN-4151-1   Python vulnerabilities Pivotal Platform
06 Nov 2019 USN-4144-1   Linux kernel vulnerabilities Pivotal Platform
06 Nov 2019 USN-4142-1   e2fsprogs vulnerability Pivotal Platform
06 Nov 2019 USN-4132-1   Expat vulnerability Pivotal Platform
06 Nov 2019 USN-4129-1   curl vulnerabilities Pivotal Platform
06 Nov 2019 USN-4127-1   Python vulnerabilities Pivotal Platform
06 Nov 2019 USN-4126-1   FreeType vulnerability Pivotal Platform
30 Sep 2019 USN-4135-1   Linux kernel vulnerabilities Pivotal Platform
30 Sep 2019 USN-4115-2   Linux kernel regression Pivotal Platform
30 Sep 2019 USN-4115-1   Linux kernel vulnerabilities Pivotal Platform
30 Sep 2019 USN-4094-1   Linux kernel vulnerabilities Pivotal Platform
30 Sep 2019 USN-4071-1   Patch vulnerabilities Pivotal Platform
30 Sep 2019 USN-4049-3   GLib regression Pivotal Platform
24 Sep 2019 CVE-2019-16097   Harbor Privilege Escalation Pivotal Platform
05 Sep 2019 USN-4099-1   nginx vulnerabilities Pivotal Platform
05 Sep 2019 USN-4090-1   PostgreSQL vulnerabilities Pivotal Platform
05 Sep 2019 USN-4068-2   Linux kernel (HWE) vulnerabilities Pivotal Platform
05 Sep 2019 USN-4060-1   NSS vulnerabilities Pivotal Platform
05 Sep 2019 USN-4058-1   Bash vulnerability Pivotal Platform
05 Sep 2019 USN-4049-1   GLib vulnerability Pivotal Platform
05 Sep 2019 USN-4038-3   bzip2 regression Pivotal Platform
06 Aug 2019 USN-4041-1   Linux kernel update Pivotal Platform
05 Aug 2019 USN-4014-1   GLib vulnerability Pivotal Platform
05 Aug 2019 USN-4001-1   libseccomp vulnerability Pivotal Platform
05 Aug 2019 USN-3977-3   Intel Microcode update (AKA ZombieLoad Attack) Pivotal Platform
19 Jun 2019 USN-3981-2   Linux kernel (HWE) vulnerabilities (AKA ZombieLoad Attack) Pivotal Platform
19 Jun 2019 USN-3977-2   Intel Microcode update (AKA ZombieLoad Attack) Pivotal Platform
19 Jun 2019 USN-3977-1   Intel Microcode update (AKA ZombieLoad Attack) Pivotal Platform
21 May 2019 USN-3972-1   PostgreSQL vulnerabilities Pivotal Platform
21 May 2019 USN-3962-1   libpng vulnerability Pivotal Platform
21 May 2019 USN-3960-1   WavPack vulnerability Pivotal Platform
21 May 2019 USN-3947-1   Libxslt vulnerability Pivotal Platform
21 May 2019 USN-3943-1   Wget vulnerabilities Pivotal Platform
21 May 2019 USN-3932-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Platform
21 May 2019 USN-3931-2   Linux kernel (HWE) vulnerabilities Pivotal Platform
08 May 2019 USN-3935-1   BusyBox vulnerabilities Pivotal Platform
25 Apr 2019 USN-3945-1   Ruby vulnerabilities Pivotal Platform
25 Apr 2019 USN-3910-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Platform
25 Apr 2019 USN-3906-1   LibTIFF vulnerabilities Pivotal Platform
25 Apr 2019 USN-3901-2   Linux kernel (HWE) vulnerabilities Pivotal Platform
25 Apr 2019 USN-3900-1   GD vulnerabilities Pivotal Platform
25 Apr 2019 USN-3899-1   OpenSSL vulnerability Pivotal Platform
25 Apr 2019 USN-3898-1   NSS vulnerability Pivotal Platform
25 Apr 2019 USN-3891-1   systemd vulnerability Pivotal Platform
25 Apr 2019 USN-3885-1   OpenSSH vulnerabilities Pivotal Platform
25 Apr 2019 USN-3884-1   libarchive vulnerabilities Pivotal Platform
25 Apr 2019 USN-3882-1   curl vulnerabilities Pivotal Platform
25 Apr 2019 USN-3879-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Platform
25 Apr 2019 USN-3871-4   Linux kernel (HWE) vulnerabilities Pivotal Platform
25 Apr 2019 USN-3864-1   LibTIFF vulnerabilities Pivotal Platform
25 Apr 2019 USN-3859-1   libarchive vulnerabilities Pivotal Platform
25 Apr 2019 USN-3848-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Platform
25 Apr 2019 USN-3847-2   Linux kernel (HWE) vulnerabilities Pivotal Platform
25 Apr 2019 USN-3840-1   OpenSSL vulnerabilities Pivotal Platform
25 Apr 2019 USN-3834-1   Perl vulnerabilities Pivotal Platform
25 Apr 2019 USN-3816-3   systemd regression Pivotal Platform
25 Apr 2019 USN-3855-1   systemd vulnerabilities Pivotal Platform
25 Apr 2019 USN-3863-1   APT vulnerability Pivotal Platform
13 Feb 2019 CVE-2019-5736   runC container breakout Pivotal Platform
06 Feb 2019 USN-3836-2   Linux kernel (HWE) vulnerabilities Pivotal Platform
06 Feb 2019 USN-3841-1   lxml vulnerability Pivotal Platform
06 Feb 2019 USN-3850-1   NSS vulnerabilities Pivotal Platform
03 Jan 2019 USN-3843-1   pixman vulnerability Pivotal Platform
03 Jan 2019 USN-3816-2   systemd vulnerability Pivotal Platform
03 Jan 2019 USN-3839-1   WavPack vulnerabilities Pivotal Platform
03 Jan 2019 USN-3829-1   Git vulnerabilities Pivotal Platform
14 Dec 2018 USN-3805-1   curl vulnerabilities Pivotal Platform
14 Dec 2018 USN-3809-1   OpenSSH vulnerabilities Pivotal Platform
14 Dec 2018 USN-3812-1   nginx vulnerabilities Pivotal Platform
14 Dec 2018 USN-3815-1   gettext vulnerability Pivotal Platform
14 Dec 2018 USN-3817-1   Python vulnerabilities Pivotal Platform
14 Dec 2018 USN-3821-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Platform
12 Dec 2018 USN-3820-2   Linux kernel (HWE) vulnerabilities Pivotal Platform
12 Dec 2018 USN-3816-1   systemd vulnerabilities Pivotal Platform
12 Dec 2018 USN-3806-1   systemd vulnerability Pivotal Platform
12 Dec 2018 USN-3808-1   Ruby vulnerabilities Pivotal Platform
03 Dec 2018 CVE-2018-15797   NFS Volume release errand leaks cf admin credentials in logs Pivotal Platform
03 Dec 2018 CVE-2018-1002105   Proxy request handling in kube-apiserver can leave vulnerable TCP connections Pivotal Platform
28 Nov 2018 USN-3797-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Platform
08 Nov 2018 USN-3800-1   audiofile vulnerabilities Pivotal Platform
08 Nov 2018 USN-3791-1   Git vulnerability Pivotal Platform
08 Nov 2018 USN-3786-1   libxkbcommon vulnerabilities Pivotal Platform
08 Nov 2018 USN-3785-1   ImageMagick vulnerabilities Pivotal Platform
06 Nov 2018 CVE-2018-15761   UAA Privilege Escalation Pivotal Platform
26 Oct 2018 USN-3790-1   Requests vulnerability Pivotal Platform
26 Oct 2018 USN-3777-2   Linux kernel (HWE) vulnerabilities Pivotal Platform
26 Oct 2018 USN-3762-2   Linux kernel (HWE) vulnerabilities Pivotal Platform
09 Oct 2018 USN-3752-2   Linux kernel (HWE) vulnerabilities Pivotal Platform
09 Oct 2018 USN-3765-1   curl vulnerability Pivotal Platform
09 Oct 2018 USN-3767-1   GLib vulnerabilities Pivotal Platform
09 Oct 2018 USN-3770-1   Little CMS vulnerabilities Pivotal Platform
27 Sep 2018 USN-3759-1   libtirpc vulnerabilities Pivotal Platform
27 Sep 2018 USN-3758-1   libx11 vulnerabilities Pivotal Platform
27 Sep 2018 USN-3756-1   Intel Microcode vulnerabilities Pivotal Platform
27 Sep 2018 USN-3755-1   GD vulnerabilities Pivotal Platform
27 Sep 2018 USN-3753-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Platform
27 Sep 2018 USN-3744-1   PostgreSQL vulnerabilities Pivotal Platform
27 Sep 2018 USN-3741-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Platform
27 Sep 2018 USN-3739-1   libxml2 vulnerabilities Pivotal Platform
27 Sep 2018 USN-3736-1   libarchive vulnerabilities Pivotal Platform
27 Sep 2018 USN-3733-1   GnuPG vulnerability Pivotal Platform
27 Sep 2018 USN-3729-1   libxcursor vulnerability Pivotal Platform
27 Sep 2018 USN-3712-1   libpng vulnerabilities Pivotal Platform
27 Sep 2018 USN-3696-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Platform
27 Sep 2018 USN-3692-1   OpenSSL vulnerabilities Pivotal Platform
27 Sep 2018 USN-3690-2   AMD Microcode regression Pivotal Platform
27 Sep 2018 USN-3690-1   AMD Microcode update Pivotal Platform
27 Sep 2018 USN-3689-1   Libgcrypt vulnerability Pivotal Platform
27 Sep 2018 USN-3605-1   Sharutils vulnerability Pivotal Platform
27 Sep 2018 USN-3589-1   PostgreSQL vulnerability Pivotal Platform
27 Sep 2018 USN-3564-1   PostgreSQL vulnerability Pivotal Platform
27 Sep 2018 USN-3532-1   GDK-PixBuf vulnerabilities Pivotal Platform
27 Sep 2018 USN-3509-4   Linux kernel (Xenial HWE) regression Pivotal Platform
27 Sep 2018 USN-3352-1   nginx vulnerability Pivotal Platform
09 Aug 2018 CVE-2018-8037   Apache Tomcat - NIO/NIO2 connectors user sessions can get mixed up Pivotal Platform
09 Aug 2018 CVE-2018-1336   Apache Tomcat - UTF-8 decoder can lead to DoS Pivotal Platform
02 Aug 2018 USN-3711-1   ImageMagick vulnerabilities Pivotal Platform
02 Aug 2018 USN-3707-1   NTP vulnerabilities Pivotal Platform
02 Aug 2018 USN-3706-1   libjpeg-turbo vulnerabilities Pivotal Platform
23 Jul 2018 CVE-2018-11047   UAA accepts refresh token as access token on admin endpoints Pivotal Platform
20 Jul 2018 USN-3693-1   JasPer vulnerabilities Pivotal Platform
20 Jul 2018 USN-3686-1   file vulnerabilities Pivotal Platform
20 Jul 2018 USN-3684-1   Perl vulnerability Pivotal Platform
20 Jul 2018 USN-3681-1   ImageMagick vulnerabilities Pivotal Platform
20 Jul 2018 USN-3676-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Platform
20 Jul 2018 USN-3675-1   GnuPG vulnerabilities Pivotal Platform
20 Jul 2018 USN-3658-1   procps-ng vulnerabilities Pivotal Platform
17 Jul 2018 CVE-2018-11041   UAA open redirect Pivotal Platform
16 Jul 2018 CVE-2018-1269   Loggregator does not properly close some TCP connections Pivotal Platform
16 Jul 2018 CVE-2018-1268   Loggregator lacks app GUID validation Pivotal Platform
19 Jun 2018 CVE-2018-1265   Diego does not properly sanitize file paths in tar/zip files Pivotal Platform
21 Jun 2018 USN-3671-1   Git vulnerabilities Pivotal Platform
21 Jun 2018 USN-3654-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Platform
21 Jun 2018 USN-3648-1   curl vulnerabilities Pivotal Platform
14 Jun 2018 USN-3643-1   Wget vulnerability Pivotal Platform
14 Jun 2018 USN-3641-1   Linux kernel vulnerabilities Pivotal Platform
14 Jun 2018 USN-3631-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Platform
14 Jun 2018 USN-3628-1   OpenSSL vulnerability Pivotal Platform
14 Jun 2018 USN-3625-1   Perl vulnerabilities Pivotal Platform
14 Jun 2018 USN-3624-1   Patch vulnerabilities Pivotal Platform
14 Jun 2018 USN-3622-1   Wayland vulnerability Pivotal Platform
21 May 2018 CVE-2018-1277   Garden does not correctly enforce Docker image disc quotas Pivotal Platform
21 May 2018 CVE-2018-1276   Windows2012R2 stemcell exposes IaaS metadata on vSphere Pivotal Platform
10 May 2018 MS-ISAC-2018-046   MS-ISAC 2018-046 Multiple Vulnerabilities in PHP Pivotal Platform
08 May 2018 CVE-2018-1191   Garden may log Docker passwords Pivotal Platform
02 May 2018 USN-3619-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Platform
02 May 2018 USN-3611-1   OpenSSL vulnerability Pivotal Platform
02 May 2018 USN-3610-1   ICU vulnerability Pivotal Platform
02 May 2018 USN-3606-1   LibTIFF vulnerabilities Pivotal Platform
02 May 2018 USN-3604-1   libvorbis vulnerabilities Pivotal Platform
02 May 2018 USN-3602-1   LibTIFF vulnerabilities Pivotal Platform
02 May 2018 USN-3598-1   curl vulnerabilities Pivotal Platform
02 May 2018 USN-3586-1   DHCP vulnerabilities Pivotal Platform
02 May 2018 USN-3584-1   sensible-utils vulnerability Pivotal Platform
02 May 2018 USN-3569-1   libvorbis vulnerabilities Pivotal Platform
02 May 2018 USN-3554-1   curl vulnerabilities Pivotal Platform
02 May 2018 USN-3547-1   Libtasn1 vulnerabilities Pivotal Platform
02 May 2018 USN-3543-1   rsync vulnerabilities Pivotal Platform
02 May 2018 USN-3534-1   GNU C Library vulnerabilities Pivotal Platform
02 May 2018 USN-3506-1   rsync vulnerabilities Pivotal Platform
02 May 2018 USN-3501-1   libxcursor vulnerability Pivotal Platform
02 May 2018 USN-3346-2   Bind regression Pivotal Platform
30 Apr 2018 CVE-2018-1197   GCP Metadata Endpoint Accessible from Application Containers on Windows Pivotal Platform
05 Apr 2018 CVE-2018-1266   Cloud Controller file modification via malicious application Pivotal Platform
05 Apr 2018 CVE-2018-1231   BOSH CLI does not restrict access to configuration file Pivotal Platform
03 Apr 2018 USN-3582-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Platform
28 Mar 2018 CVE-2018-1195   Cloud Controller API will accept a refresh token for authentication Pivotal Platform
28 Mar 2018 CVE-2018-1192   UAA SessionID present in Audit Event Logs Pivotal Platform
28 Mar 2018 CVE-2018-1190   XSS on UAA OpenID Connect check session iframe endpoint Pivotal Platform
09 Mar 2018 CVE-2018-1227   Concourse-dot-ci Domain Issue Pivotal Platform
27 Feb 2018 VU475445   VU#475445 SAML Authentication Bypass Pivotal Platform
27 Feb 2018 CVE-2018-1221   Gorouter websocket handling vulnerability Pivotal Platform
01 Feb 2018 USN-3540-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Platform
01 Feb 2018 USN-3538-1   OpenSSH vulnerabilities Pivotal Platform
01 Feb 2018 USN-3535-1   Bind vulnerability Pivotal Platform
01 Feb 2018 USN-3522-4   Linux (Xenial HWE) vulnerability Pivotal Platform
01 Feb 2018 USN-3522-2   Linux (Xenial HWE) vulnerability Pivotal Platform
01 Feb 2018 USN-3513-1   libxml2 vulnerability Pivotal Platform
01 Feb 2018 USN-3504-1   libxml2 vulnerability Pivotal Platform
03 Jan 2018 Meltdown and Spectre Attacks   Meltdown and Spectre Attacks All (potentially)
19 Dec 2017 CVE-2017-1000353   Jenkins unauthenticated remote code execution Pivotal Platform
15 Dec 2017 USN-3509-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Platform
15 Dec 2017 USN-3505-1   Linux firmware vulnerabilities Pivotal Platform
15 Dec 2017 USN-3498-1   curl vulnerabilities Pivotal Platform
15 Dec 2017 USN-3496-3   Python vulnerability Pivotal Platform
15 Dec 2017 USN-3496-1   Python vulnerability Pivotal Platform
15 Dec 2017 USN-3489-1   Berkeley DB vulnerability Pivotal Platform
15 Dec 2017 USN-3485-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Platform
15 Dec 2017 USN-3478-1   Perl vulnerabilities Pivotal Platform
15 Dec 2017 USN-3475-1   OpenSSL vulnerabilities Pivotal Platform
15 Dec 2017 USN-3469-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Platform
15 Dec 2017 USN-3464-1   Wget vulnerabilities Pivotal Platform
15 Dec 2017 USN-3458-1   ICU vulnerability Pivotal Platform
15 Dec 2017 USN-3457-1   curl vulnerability Pivotal Platform
21 Nov 2017 USN-3454-1   libffi vulnerability Pivotal Platform
21 Nov 2017 USN-3444-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Platform
21 Nov 2017 USN-3441-1   curl vulnerabilities Pivotal Platform
21 Nov 2017 USN-3437-1   OCaml vulnerability Pivotal Platform
21 Nov 2017 USN-3434-1   Libidn vulnerability Pivotal Platform
21 Nov 2017 USN-3432-1   ca-certificates update Pivotal Platform
21 Nov 2017 USN-3424-1   libxml2 vulnerabilities Pivotal Platform
21 Nov 2017 USN-3387-1   Git vulnerability Pivotal Platform
16 Nov 2017 CVE-2017-8031   UAA Denial of Service through client token revocation endpoint Pivotal Platform
15 Nov 2017 CVE-2017-14388   GrootFS doesn’t validate DiffIDs Pivotal Platform
11 Oct 2017 CVE-2017-8048   Cloud Controller API regression Pivotal Platform
10 Oct 2017 CVE-2017-8047   Cloud Foundry router open redirect Pivotal Platform
28 Sep 2017 USN-3420-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Platform
28 Sep 2017 USN-3418-1   GDK-PixBuf vulnerabilities Pivotal Platform
28 Sep 2017 USN-3415-1   tcpdump vulnerabilities Pivotal Platform
28 Sep 2017 USN-3411-1   Bazaar vulnerability Pivotal Platform
28 Sep 2017 USN-3410-1   GD library vulnerability Pivotal Platform
28 Sep 2017 USN-3405-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Platform
28 Sep 2017 USN-3398-1   graphite2 vulnerabilities Pivotal Platform
08 Sep 2017 CVE-2017-9805   Apache Struts Remote Code Execution Spring, Pivotal Cloud Foundry
28 Aug 2017 USN-3392-2   Linux kernel (Xenial HWE) regression Pivotal Platform
21 Aug 2017 USN-3385-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Platform
14 Aug 2017 USN-3378-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Platform
14 Aug 2017 USN-3367-1   gdb vulnerabilities Pivotal Platform
14 Aug 2017 USN-3364-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Platform
14 Aug 2017 USN-3363-2   ImageMagick regression References Pivotal Platform
14 Aug 2017 USN-3363-1   ImageMagick vulnerabilities Pivotal Platform
14 Aug 2017 USN-3356-1   Expat vulnerability Pivotal Platform
14 Aug 2017 USN-3353-1   Heimdal vulnerability Pivotal Platform
14 Aug 2017 USN-3349-1   NTP vulnerabilities Pivotal Platform
14 Aug 2017 USN-3347-1   Libgcrypt vulnerabilities Pivotal Platform
14 Aug 2017 USN-3346-1   bind9 vulnerabilities Pivotal Platform
14 Aug 2017 USN-3344-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Platform
07 Aug 2017 CVE-2017-8037   Incomplete fix for Cloud Controller API access to CC VM contents Pivotal Platform
02 Aug 2017 CVE-2017-9022/CVE-2017-9023   strongSwan DOS Vulnerabilities Pivotal Platform
01 Aug 2017 CVE-2017-8038   Credentials readable from CredHub endpoint Pivotal Platform
25 Jul 2017 CVE-2017-8036   Cloud Controller API regression Pivotal Platform
25 Jul 2017 CVE-2017-8035   Cloud Controller API access to CC VM contents Pivotal Platform
25 Jul 2017 CVE-2017-8033   Cloud Controller API filesystem traversal vulnerability Pivotal Platform
24 Jul 2017 CVE-2017-8032   UAA Identity Zone Admin Privilege Escalation Pivotal Platform
05 Jul 2017 CVE-2017-7485   PostgreSQL vulnerabilities Pivotal Platform
26 Jun 2017 CVE-2017-5946   Directory Traversal in Rubyzip Pivotal Platform
26 Jun 2017 USN-3334-1   Linux kernel (Xenial HWE) vulnerabilities Pivotal Platform
26 Jun 2017 USN-3323-1   GNU C Library vulnerability Pivotal Platform
26 Jun 2017 USN-3318-1   GnuTLS vulnerabilities Pivotal Platform
26 Jun 2017 USN-3312-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Platform
26 Jun 2017 USN-3311-1   libnl vulnerability Pivotal Platform
26 Jun 2017 USN-3309-1   Libtasn1 vulnerability Pivotal Platform
26 Jun 2017 USN-3302-1   ImageMagick vulnerabilities Pivotal Platform
26 Jun 2017 USN-3212-2   LibTIFF regression Pivotal Platform
22 Jun 2017 USN-3304-1   Sudo vulnerability Pivotal Platform
08 Jun 2017 CVE-2017-4994   Forwarded Headers in UAA Pivotal Platform
08 Jun 2017 USN-3295-1   JasPer vulnerabilities Pivotal Platform
08 Jun 2017 USN-3294-1   Bash vulnerabilities Pivotal Platform
08 Jun 2017 USN-3291-3   Linux kernel (Xenial HWE) vulnerabilities Pivotal Platform
08 Jun 2017 USN-3287-1   Git vulnerability Pivotal Platform
08 Jun 2017 USN-3283-1   rtmpdump vulnerabilities Pivotal Platform
08 Jun 2017 USN-3282-1   FreeType vulnerabilities Pivotal Platform
08 Jun 2017 USN-3276-2   shadow regression Pivotal Platform
08 Jun 2017 USN-3263-1   FreeType vulnerability Pivotal Platform
08 Jun 2017 USN-3259-1   Bind vulnerabilities Pivotal Platform
08 Jun 2017 USN-3246-1   Eject vulnerability Pivotal Platform
08 Jun 2017 USN-3181-1   OpenSSL vulnerabilities Pivotal Platform
19 May 2017 CVE-2017-4992   Privilege escalation with user invitations Pivotal Platform
19 May 2017 CVE-2017-4991   UAA password reset vulnerability Pivotal Platform
02 May 2017 USN-3265-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Platform
01 May 2017 CVE-2017-4974   Blind SQL Injection with privileged UAA endpoints Pivotal Platform
20 Apr 2017 CVE-2015-3281   HAProxy vulnerabilities Pivotal Platform
20 Apr 2017 CVE-2017-4973   Privilege Escalation in UAA Pivotal Platform
20 Apr 2017 CVE-2017-4972   Blind SQL Injection in UAA Pivotal Platform
13 Apr 2017 CVE-2017-4969   Bug in CC allows users to exceed quotas Pivotal Platform
12 Apr 2017 USN-3256-2   Linux kernel (HWE) vulnerability Pivotal Platform
10 Apr 2017 CVE-2017-4970   Staticfile buildpack ignores basic authentication when misconfigured Pivotal Platform
06 Apr 2017 USN-3243-1   Git vulnerability Pivotal Platform
06 Apr 2017 USN-3241-1   audiofile vulnerabilities Pivotal Platform
06 Apr 2017 USN-3239-2   GNU C Library Regression Pivotal Platform
06 Apr 2017 USN-3237-1   FreeType vulnerability Pivotal Platform
06 Apr 2017 USN-3235-1   libxml2 vulnerabilities Pivotal Platform
06 Apr 2017 USN-3232-1   ImageMagick vulnerabilities Pivotal Platform
06 Apr 2017 USN-3227-1   ICU vulnerabilities Pivotal Platform
06 Apr 2017 USN-3225-1   libarchive vulnerabilities Pivotal Platform
06 Apr 2017 USN-3183-2   GnuTLS vulnerability Pivotal Platform
05 Apr 2017 CVE-2017-5649   Apache Geode privilege escalation vulnerability Pivotal GemFire
04 Apr 2017 USN-3201-1   Bind vulnerabilities Pivotal Platform
04 Apr 2017 USN-3234-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Platform
04 Apr 2017 USN-3228-1   libevent vulnerabilities Pivotal Platform
04 Apr 2017 USN-3247-1   AppArmor vulnerability Pivotal Platform
04 Apr 2017 USN-3249-2   Linux kernel (Xenial HWE) vulnerability Pivotal Platform
31 Mar 2017 USN-3222-1   ImageMagick vulnerabilities Pivotal Platform
31 Mar 2017 USN-3213-1   GD library vulnerabilities Pivotal Platform
31 Mar 2017 USN-3212-1   LibTIFF vulnerabilities Pivotal Platform
31 Mar 2017 USN-3205-1   tcpdump vulnerabilities Pivotal Platform
31 Mar 2017 USN-3142-2   ImageMagick vulnerabilities Pivotal Platform
29 Mar 2017 CVE-2017-4963   Session Fixation for UAA External Authentication Pivotal Platform
17 Mar 2017 USN-3196-1   Multiple PHP vulnerabilities Pivotal Platform
17 Mar 2017 USN-3185-1   libXpm vulnerability Pivotal Platform
17 Mar 2017 USN-3193-1   Nettle vulnerability Pivotal Platform
17 Mar 2017 USN-3183-1   GnuTLS vulnerabilities Pivotal Platform
14 Mar 2017 USN-3189-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Platform
14 Mar 2017 CVE-2017-5638   Apache Struts Remote Code Execution Pivotal Platform
13 Mar 2017 USN-3220-2   Linux kernel (Xenial HWE) vulnerability Pivotal Platform
09 Mar 2017 CVE-2017-4960   UAA OAuth DOS via lockout feature Pivotal Platform
01 Mar 2017 USN-3208-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Platform
31 Jan 2017 USN-3172-1   Bind vulnerabilities Pivotal Platform
31 Jan 2017 USN-3169-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Platform
31 Jan 2017 USN-3161-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Platform
23 Jan 2017 CVE-2016-6660   Cloud Controller logs application environment variables Pivotal Platform
19 Jan 2017 USN-3024-1   tomcat6, tomcat7 vulnerabilities Pivotal Platform
12 Jan 2017 RunC Exec   RunC Exec Vulnerability Pivotal Platform
10 Jan 2017 CVE-2016-9882   Cloud Foundry Logs Service Credentials Pivotal Platform
29 Dec 2016 CVE-2016-3958 and CVE-2016-3959   Golang vulnerabilities Pivotal Platform
27 Dec 2016 USN-3146-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Platform
27 Dec 2016 USN-3128-2   Linux kernel (Xenial HWE) vulnerability Pivotal Platform
27 Dec 2016 USN-3142-1   ImageMagick vulnerabilities Pivotal Platform
19 Dec 2016 CVE-2016-8219   Space Auditor can restage apps Pivotal Platform
21 Dec 2016 Multiple CVEs   httpoxy vulnerabilities Pivotal Platform
20 Dec 2016 USN-3156-1   APT vulnerability Pivotal Platform
19 Dec 2016 USN-3131-1   ImageMagick vulnerabilities Pivotal Platform
19 Dec 2016 USN-3067-1   HarfBuzz vulnerabilities Pivotal Platform
19 Dec 2016 USN-3117-1   GD library vulnerabilities Pivotal Platform
14 Dec 2016 USN-3132-1   tar vulnerability Pivotal Platform
14 Dec 2016 USN-3134-1   Python vulnerabilities Pivotal Platform
14 Dec 2016 USN-3139-1   Vim vulnerability Pivotal Platform
14 Dec 2016 CVE-2016-6659   UAA Privilege Escalation Pivotal Platform
14 Dec 2016 USN-3116-1   DBus vulnerabilities Pivotal Platform
14 Dec 2016 USN-3119-1   Bind vulnerability Pivotal Platform
13 Dec 2016 USN-3123-1   curl vulnerabilities Pivotal Platform
13 Dec 2016 USN-3088-1   Bind vulnerability Pivotal Platform
09 Dec 2016 CVE-2016-8218   Unauthenticated JWT signing algorithm in routing Pivotal Platform
07 Dec 2016 USN-3151-2   Linux kernel (Xenial HWE) vulnerability Pivotal Platform
17 Nov 2016 CVE-2016-6663/CVE-2016-6664   MariaDB Root Privilege Escalation Pivotal Platform
17 Nov 2016 Several   PCRE vulnerabilities prior to version 8.39 Pivotal Platform
07 Nov 2016 USN-3096-1   NTP vulnerabilities Pivotal Platform
07 Nov 2016 USN-3095-1   PHP vulnerabilities Pivotal Platform
02 Nov 2016 CVE-2016-6658   Incomplete fix for Credential Vulnerability for Custom Buildpacks Pivotal Platform
21 Oct 2016 CVE-2016-5195   Linux kernel vulnerability Pivotal Platform
17 Oct 2016 CVE-2016-6655   Utility Script Command Injection Pivotal Platform
17 Oct 2016 USN-3099-2   Linux kernel vulnerabilities Pivotal Platform
29 Sep 2016 CVE-2016-6653   MySQL Audit logs sent to Syslog Pivotal Platform
28 Sep 2016 USN-3087-2   OpenSSL Regression Pivotal Platform
28 Sep 2016 USN-3083-1   Linux kernel vulnerabilities Pivotal Platform
28 Sep 2016 USN-3068-1   Libidn vulnerabilities Pivotal Platform
28 Sep 2016 CVE-2016-6662   Multiple MySQL Vulnerabilities Pivotal Platform
28 Sep 2016 USN-3085-1   GDK-PixBuf vulnerabilities Pivotal Platform
26 Sep 2016 CVE-2016-6651   Privilege Escalation in UAA Pivotal Platform
26 Sep 2016 CVE-2016-6636   UAA Open Redirect Vulnerability for Subdomains Pivotal Platform
26 Sep 2016 CVE-2016-6637   UAA CSRF Vulnerability for OAuth Approvals Pivotal Platform
21 Sep 2016 CVE-2014-9130   LibYAML vulnerability Pivotal Platform
09 Sep 2016 CVE-2016-6639   PHP Buildpack exposes .profile file Pivotal Platform
09 Sep 2016 USN-3045-1   PHP vulnerabilities Pivotal Platform
25 Aug 2016 USN-3065-1   Libgcrypt vulnerability Pivotal Platform
25 Aug 2016 USN-3064-1   GnuPG vulnerability Pivotal Platform
25 Aug 2016 USN-3063-1   Fontconfig vulnerability Pivotal Platform
25 Aug 2016 USN-3061-1   OpenSSH vulnerability Pivotal Platform
25 Aug 2016 USN-3030-1/USN-3060-1   GD library vulnerability Pivotal Platform
25 Aug 2016 USN-3053-1/USN-3037-1   Linux kernel (Vivid HWE) vulnerability Pivotal Platform
25 Aug 2016 USN-3048-1   curl vulnerability Pivotal Platform
25 Aug 2016 USN-3033-1   libarchive vulnerability Pivotal Platform
18 Aug 2016 CVE-2016-5016   UAA accepts expired certificates Pivotal Platform
26 Jul 2016 CVE-2016-5006   Cloud Controller API logs user-provided service credentials Pivotal Platform
13 Jul 2016 USN-3010-1   Expat vulnerabilities Pivotal Platform
13 Jul 2016 CVE-2016-4450   Nginx Vulnerabilities Pivotal Platform
13 Jul 2016 USN-3012-1   Wget vulnerability Pivotal Platform
01 Jul 2016 USN-3020-1   Linux kernel (Vivid HWE) vulnerabilities Pivotal Platform
30 Jun 2016 CVE-2016-4468   UAA SQL Injection Pivotal Platform
15 Jun 2016 USN-3001-1   Linux kernel (Vivid HWE) vulnerabilities Pivotal Platform
13 Jun 2016 CVE-2016-4435   BOSH Agent Anonymous Endpoint Pivotal Platform
13 Jun 2016 USN-2994-1   libxml2 vulnerabilities Pivotal Platform
13 Jun 2016 USN-2991-1   nginx vulnerability Pivotal Platform
13 Jun 2016 USN-2990-1   ImageMagick vulnerability (a.k.a. ImageTragick) Pivotal Platform
13 Jun 2016 USN-2987-1   GD library vulnerabilities Pivotal Platform
13 Jun 2016 USN-2985-2   GNU C Library regression Pivotal Platform
13 Jun 2016 USN-2983-1   Expat vulnerability Pivotal Platform
13 Jun 2016 USN-2981-1   libarchive vulnerabilities Pivotal Platform
13 Jun 2016 USN-2966-1   OpenSSH vulnerabilities Pivotal Platform
13 Jun 2016 USN-2961-1   Little CMS vulnerability Pivotal Platform
08 Jun 2016 CVE-2013-7456   PHP vulnerabilities Pivotal Platform
03 Jun 2016 USN-2970-1   Linux kernel (Vivid HWE) vulnerabilities Pivotal Platform
23 May 2016 CVE-2016-3084   UAA Password Reset Vulnerability Pivotal Platform
19 May 2016 USN-2977-1   Linux kernel (Vivid HWE) vulnerabilities Pivotal Platform
17 May 2016 CVE-2016-3091   Diego log encoding vulnerability Pivotal Platform
06 May 2016 USN-2959-1   OpenSSL vulnerabilities Pivotal Platform
06 May 2016 USN-2957-1   Libtasn1 vulnerability Pivotal Platform
06 May 2016 USN-2949-1   Linux kernel (Vivid HWE) vulnerabilities Pivotal Platform
06 May 2016 USN-2943-1   PCRE vulnerabilities Pivotal Platform
06 May 2016 USN-2935-2   PAM regression Pivotal Platform
02 May 2016 CVE-2015-5170-5173   UAA Vulnerabilities Pivotal Platform
14 Apr 2016 Badlock bug   Samba and Windows Vulnerabilities n/a
24 Mar 2016 USN-2939-1   LibTIFF vulnerabilities Pivotal Platform
24 Mar 2016 USN-2927-1   Graphite2 vulnerabilities Pivotal Platform
24 Mar 2016 USN-2925-1   Bind9 vulnerabilities Pivotal Platform
24 Mar 2016 USN-2919-1   JasPer vulnerabilities Pivotal Platform
24 Mar 2016 USN-2918-1   Pixman vulnerabilities Pivotal Platform
24 Mar 2016 USN-2916-1   Perl vulnerabilities Pivotal Platform
24 Mar 2016 USN-2914-1   OpenSSL vulnerabilities Pivotal Platform
24 Mar 2016 NPM Ownership Issue   Warning about NPM modules Pivotal Platform
24 Mar 2016 USN-2938-1   Git vulnerabilities Pivotal Platform
16 Mar 2016 USN-2932-1   Linux kernel vulnerabilities Pivotal Platform
02 Mar 2016 CVE-2016-0800   OpenSSL vulnerabilities Pivotal Platform
26 Feb 2016 USN-2910-1   Linux kernel vulnerability Pivotal Platform
26 Feb 2016 CVE-2016-0761   Docker Image Host Files Corruption Pivotal Platform
19 Feb 2016 USN-2900-1   GNU libc vulnerability Pivotal Platform
02 Feb 2016 CVE-2016-0732   Privilege Escalation Pivotal Platform
01 Feb 2016 CVE-2016-0713   Gorouter XSS Pivotal Platform
22 Jan 2016 USN-2871-1   Linux kernel vulnerability Pivotal Platform
20 Jan 2016 CVE-2016-0715   Remote Information Disclosure Pivotal Platform
19 Jan 2016 USN-2865-1   GnuTLS vulnerability Pivotal Platform
19 Jan 2016 USN-2861-1   libpng vulnerability Pivotal Platform
19 Jan 2016 USN-2868-1   DHCP vulnerability Pivotal Platform
19 Jan 2016 USN-2869-1   OpenSSH vulnerability Pivotal Platform
18 Jan 2016 CVE-2016-0708   Remote Information Disclosure Pivotal Platform
07 Jan 2016 USN-2857-1   Linux kernel vulnerability Pivotal Platform
07 Jan 2016 USN-2842-1/USN-2842-2   Linux kernel vulnerability Pivotal Platform
07 Jan 2016 USN-2837-1   bind9 vulnerability Pivotal Platform
07 Jan 2016 USN-2836-1   grub2 vulnerability Pivotal Platform
07 Jan 2016 USN-2835-1   git vulnerability Pivotal Platform
07 Jan 2016 USN-2834-1   libxml2 vulnerability Pivotal Platform
07 Jan 2016 USN-2830-1   OpenSSL vulnerability Pivotal Platform
07 Jan 2016 USN-2829-1   Linux kernel vulnerability Pivotal Platform
15 Dec 2015 CVE-2015-5350   Garden Nstar vulnerability Pivotal Platform
04 Dec 2015 USN-2821-1   GnuTLS vulnerability Pivotal Platform
04 Dec 2015 USN-2820-1   dpkg vulnerability Pivotal Platform
02 Dec 2015 USN-2815-1   PNG vulnerability Pivotal Platform
02 Dec 2015 USN-2812-1   libxml2 vulnerability Pivotal Platform
02 Dec 2015 USN-2810-1   Kerberos vulnerability Pivotal Platform
02 Dec 2015 USN-2787-1   audiofile vulnerability Pivotal Platform
24 Nov 2015 USN-2788-1/2788-2   unzip vulnerability Pivotal Platform
12 Nov 2015 USN-2798-1   Linux kernel vulnerability Pivotal Platform
12 Nov 2015 USN-2806-1   Linux kernel vulnerability Pivotal Platform
03 Nov 2015 USN-2778-1   Linux kernel vulnerabilities Pivotal Platform
03 Nov 2015 USN-2767-1   GDK-Pixbuf library vulnerability Pivotal Platform
07 Oct 2015 Golang   Golang 1.4.3 CVE Fixes Pivotal Platform
07 Oct 2015 USN-2722-1   GDK-PixBuf Vulnerabilities Pivotal Platform
07 Oct 2015 USN-2711-1   Net-SNMP Vulnerabilities Pivotal Platform
07 Oct 2015 USN-2739-1   FreeType Vulnerabilities Pivotal Platform
07 Oct 2015 USN-2740-1   ICU Vulnerabilities Pivotal Platform
07 Oct 2015 USN-2751-1   Linux Kernel (Vivid HWE) Vulnerability Pivotal Platform
07 Oct 2015 USN-2756-1   rpcbind Vulnerability Pivotal Platform
07 Oct 2015 USN-2765-1   Linux Kernel (Vivid HWE) Vulnerability Pivotal Platform
08 Sep 2015 USN-2710-1   OpenSSH Vulnerabilities Pivotal Platform
08 Sep 2015 USN-2698-1   SQLite Vulnerabilities Pivotal Platform
08 Sep 2015 USN-2694-1   PCRE Vulnerabilities Pivotal Platform
08 Sep 2015 USN-2718-1   Address Configuration Change Vulnerabilities Pivotal Platform
06 Aug 2015 USN-2696-1   OpenJDK 7 Vulnerabilities Pivotal Platform
29 Jul 2015 CVE-2015-3290   Linux Kernel NMI Vulnerability Pivotal Platform
10 Jul 2015 CVE-2015-1420   file_handle size verification Pivotal Platform
06 Jul 2015 CVE-2015-1330   Unattended-Upgrades Vulnerability Pivotal Platform
25 Jun 2015 CVE-2015-3189   Expire old reset password links UAA, Pivotal Cloud Foundry
25 Jun 2015 CVE-2015-3190   Open redirect on Login UAA, Pivotal Cloud Foundry
25 Jun 2015 CVE-2015-3191   CSRF attack on change email UAA, Pivotal Cloud Foundry
12 Jun 2015 USN-2639-1   OpenSSL vulnerabilities Pivotal Platform
12 Jun 2015 CVE-2015-3636   ipv4 use-after-free Pivotal Platform
17 Jun 2015 CVE-2015-1328   overlayfs privilege escalation Pivotal Platform
09 Jun 2015 Redis LUA Sandbox   Redis LUA Exploit Pivotal Platform
22 May 2015 CVE-2015-1834   Path Traversal Vulnerability Pivotal Platform
22 May 2015 USN-2617-1   FUSE Vulnerability Pivotal Platform
30 Apr 2015 CVE-2015-1855   Ruby OpenSSL Hostname Verification Pivotal Platform
23 Mar 2015 CVE-2015-0282   Multiple GnuTLS Vulnerabilities Pivotal Platform
21 Mar 2015 USN-2537-1   OpenSSL vulnerabilities Pivotal Platform
13 Mar 2015 CVE-2014-8159   Linux Kernel Infiniband Vulnerability
09 Feb 2015 CVE-2014-0227   Apache Tomcat Request Smuggling Pivotal tc Server
28 Jan 2015 CVE-2015-0235   GHOST Pivotal Platform
10 Sep 2014 CVE-2013-4444   Remote Code Execution in Apache Tomcat Pivotal Platform
16 Oct 2014 CVE-2014-3566   SSLV3 POODLE Pivotal Platform
29 Sep 2014 CVE-2014-7186   Bash Out-of Bonds Pivotal Platform
25 Sep 2014 CVE-2014-6271   Bash - ShellShock Pivotal Platform
19 Sep 2014 CVE-2014-5119   glib_gconv_translit_find() exploit Pivotal Platform
18 Aug 2014 CVE-2014-3153   Futex requeue exploit Pivotal Platform
05 Jun 2014 CVE-2014-0224   SSL/TLS MITM Vulnerability vFabric Web Server
Pivotal Web Server
Enterprise Ready Server (ERS)
Greenplum Command Center (GPCC)
Greenplum Database (GPDB)
HAWQ
Pivotal Command Center (PCC)
Pivotal App Suite Virtual Appliance
GemFire Native Client
10 Apr 2014 CVE-2014-0160   Heartbleed vFabric Web Server
vFabric GemFire Native Client
Pivotal GemFire Native Client
Pivotal Command Center
Pivotal App Suite Virtual Appliance

[1] This table is not yet a complete list of vulnerabilities in dependencies. Formulating such a list is an extensive undertaking which Pivotal is addressing systematically. When this table becomes a complete and comprehensive list, we will remove this footnote.



Thanks

The Pivotal Security Team would like to thank the following individuals and companies for responsibly reporting a security issue. Names appear in the order vulnerability reports were received, most recent first.

  • Rohit Patil
  • Jimmy Bruneel
  • Taha Smily
  • Lacroute Serge
  • Md. Nur A Alam Dipu
  • GE Digital Security Team
  • SaifAllah benMassaoud
  • Pradeep Kumar
  • Muhammad Abdullah
  • Koutrouss Naddara

Note: Reports of vulnerabilities in Pivotal products are listed in the credit section of the associated security announcement.