Pivotal Application Security Team

Overview

The Pivotal Application Security Team provides a single point of contact for the reporting of security vulnerabilities in Pivotal products and coordinates the process of investigating any reported vulnerabilities.

If you would like to subscribe to updates to this page, the RSS feed for all vulnerability reports is available at https://pivotal.io/security/rss. The RSS feed for just the notable vulnerabilities in dependences is available at https://pivotal.io/security/dependencies/rss and the RSS feed for just Pivotal product vulnerabilities is available at https://pivotal.io/security/pivotal/rss.

Reporting a vulnerability

We strongly encourage people to report security vulnerabilities privately to our security team before disclosing them in a public forum.

Please note that the e-mail address below should only be used for reporting undisclosed security vulnerabilities in Pivotal products and managing the process of fixing such vulnerabilities. We cannot accept regular bug reports or other security related queries at this address.

The e-mail address to use to contact the Pivotal Application Security Team is security@pivotal.io.

The fingerprint is: 2F28 8814 5F37 5811 17D9 FDCF 7CC5 2A57 8296 871B

It can be obtained from a public key server such as pgp.mit.edu.

Pivotal Product Vulnerability Reports

Date	CVE Reference	Description
29 Oct 2018	CVE-2018-15762	Pivotal Operations Manager gives all users heightened privileges
16 Oct 2018	CVE-2018-15758	Privilege Escalation in spring-security-oauth2
16 Oct 2018	CVE-2018-15756	DoS Attack via Range Requests
10 Oct 2018	CVE-2018-11084	Garden-runC prevents deletion of some app environments
10 Oct 2018	CVE-2018-15755	CF networking internal policy server SQL injection
03 Oct 2018	CVE-2018-11083	BOSH accepts refresh token as access token
02 Oct 2018	CVE-2018-15763	PKS leaks IaaS credentials to application logs
27 Sep 2018	CVE-2018-11081	Ops Manager writes UAA credentials to disk
13 Sep 2018	CVE-2018-1198	PCC bosh deployment logs print a superuser password in plain text
13 Sep 2018	CVE-2018-11088	CF admin credentials accessible to developers through Applications Manager
13 Sep 2018	CVE-2018-11086	CF admin credentials accessible to developers through usage service
11 Sep 2018	CVE-2018-11087	RabbitMQ (Spring-AMQP) Host name verification
23 Jul 2018	CVE-2018-11044	Apps Manager allows unescaped content in invitation emails
10 Jul 2018	CVE-2018-11045	Operations Manager image contains static LRNG seed file
20 Jun 2018	CVE-2018-11046	Operations Manager includes outdated NGINX packages
14 Jun 2018	CVE-2018-11040	JSONP enabled by default in MappingJackson2JsonView
14 Jun 2018	CVE-2018-11039	Cross Site Tracing (XST) with Spring Framework
11 May 2018	CVE-2018-1263	Unsafe Unzip with spring-integration-zip
10 May 2018	CVE-2018-1278	Apps Manager allows unauthorized org invitations
09 May 2018	CVE-2018-1261	Unsafe Unzip with spring-integration-zip
09 May 2018	CVE-2018-1260	Remote Code Execution with spring-security-oauth2
09 May 2018	CVE-2018-1259	XXE with Spring Data’s XMLBeam integration
09 May 2018	CVE-2018-1258	Unauthorized Access with Spring Security Method Security
09 May 2018	CVE-2018-1257	ReDoS Attack with spring-messaging
07 May 2018	CVE-2018-1280	Blind SQL injection in Pivotal Greenplum Command Center
30 Apr 2018	CVE-2018-1256	Issuer validation regression in Spring Cloud SSO Connector
10 Apr 2018	CVE-2018-1274	Denial of Service with Spring Data
10 Apr 2018	CVE-2018-1273	RCE with Spring Data Commons
09 Apr 2018	CVE-2018-1275	Address partial fix for CVE-2018-1270
05 Apr 2018	CVE-2018-1272	Multipart Content Pollution with Spring Framework
05 Apr 2018	CVE-2018-1271	Directory Traversal with Spring MVC on Windows
05 Apr 2018	CVE-2018-1270	Remote Code Execution with spring-messaging
16 Mar 2018	CVE-2018-1230	Spring Batch Admin vulnerable to Cross Site Request Forgery
16 Mar 2018	CVE-2018-1229	Stored XSS in file upload of Spring Batch Admin
13 Feb 2018	CVE-2018-1200	Apps Manager File Access Vulnerability
30 Jan 2018	CVE-2018-1196	Symlink privilege escalation attack via Spring Boot launch script
29 Jan 2018	CVE-2018-1199	Security bypass with static resources
16 Oct 2017	CVE-2017-8028	Spring-LDAP authentication with userSearch and STARTTLS allows authentication with arbitrary password
21 Sep 2017	CVE-2017-8046	RCE in PATCH requests in Spring Data REST
19 Sep 2017	CVE-2017-8045	Remote code execution in spring-amqp
15 Sep 2017	CVE-2017-8039	Data Binding Expression Vulnerability in Spring Web Flow
31 Aug 2017	CVE-2017-8044	XSS vulnerability in Single Sign-On for PCF via DOM-based query parameters
31 Aug 2017	CVE-2017-8041	XSS vulnerability in org name in Single Sign-On for PCF
31 Aug 2017	CVE-2017-8040	XXE Vulnerability in Single Sign-On for PCF
08 Jun 2017	CVE-2017-4995	Jackson Configuration Allows Code Execution with Unknown “Serialization Gadgets”
31 May 2017	CVE-2017-4971	Data Binding Expression Vulnerability in Spring Web Flow
15 May 2017	CVE-2017-4975	Tile generator sets open security groups
04 May 2017	CVE-2017-4966	RabbitMQ local storage of credentials
04 May 2017	CVE-2017-4965	XSS vulnerabilities in RabbitMQ management UI
27 Mar 2017	CVE-2017-2773	Unauthenticated JWT signing algorithm in multiple components
24 Mar 2017	CVE-2017-4955	Credentials in Elastic Runtime Notifications errand log
14 Feb 2017	CVE-2017-4959	Pivotal Cloud Foundry account authorization vulnerability
09 Feb 2017	CVE-2016-9880	Unauthenticated access to GemFire for PCF broker endpoints
04 Jan 2017	CVE-2016-9885	gfsh exposed over go router for GemFire for PCF
28 Dec 2016	CVE-2016-9879	Encoded "/" in path variables
28 Dec 2016	CVE-2016-0898	Service backups log AWS key
21 Dec 2016	CVE-2016-9878	Directory Traversal in the Spring Framework ResourceServlet
19 Dec 2016	CVE-2016-9877	RabbitMQ authentication vulnerability
31 Oct 2016	CVE-2016-6657	PCF Open Redirects
31 Oct 2016	CVE-2016-6656	Code injection vulnerability via GPHDFS in Greenplum database
30 Sep 2016	CVE-2016-6652	Spring Data JPA Blind SQL Injection Vulnerability
12 Sep 2016	CVE-2016-0930	Ops Manager Compilation VMs Vulnerability on vSphere and vCloud
27 Jul 2016	CVE-2016-0896	IaaS Metadata Endpoint Accessible from Application Containers
15 Jul 2016	CVE-2016-0929	RabbitMQ for PCF vulnerability
07 Jul 2016	CVE-2016-5007	Spring Security / MVC Path Matching Inconsistency
07 Jul 2016	CVE-2016-0926	Apps Manager XSS vulnerability
05 Jul 2016	CVE-2016-4977	Remote Code Execution (RCE) in Spring Security OAuth
29 Jun 2016	CVE-2016-0928	PCF Open Redirects
24 Jun 2016	CVE-2016-0897	Ops Manager vSphere and vCloud vulnerability
23 Jun 2016	CVE-2016-0927	Ops Manager XSS vulnerability
11 Apr 2016	CVE-2016-2173	Remote Code Execution in Spring AMQP
23 Mar 2016	CVE-2016-0780	Cloud Controller Disk Quota Enforcement
23 Mar 2016	CVE-2016-2165	Loggregator Request URL Paths
23 Mar 2016	CVE-2016-0781	UAA Persistent XSS Vulnerability
03 Feb 2016	CVE-2016-0883	Pivotal Ops Manager Weak Authentication Scheme
12 Nov 2015	CVE-2015-5258	Spring Social CSRF
15 Oct 2015	CVE-2015-5211	RFD Attack in Spring Framework
30 Jun 2015	CVE-2015-3192	DoS Attack with XML Input
06 Mar 2015	CVE-2015-0201	Insufficiently random session id in Java SockJS client
13 Jan 2015	CVE-2014-3626	Directory Traversal in Grails Resources Plugin
11 Nov 2014	CVE-2014-3625	Directory Traversal in Spring Framework
05 Sep 2014	CVE-2014-3578	Directory Traversal in Spring Framework
15 Aug 2014	CVE-2014-3527	Access Control Bypass in Spring Security
28 May 2014	CVE-2014-0225	Information Disclosure when using Spring MVC
11 Mar 2014	CVE-2014-1904	XSS when using Spring MVC
11 Mar 2014	CVE-2014-0097	Blank password may bypass user authentication
11 Mar 2014	CVE-2014-0054	Incomplete fix for CVE-2013-7315 / CVE-2013-6429 (XXE)
19 Feb 2014	CVE-2014-0053	Information Disclosure when using Grails
14 Jan 2014	CVE-2013-6430	Possible XSS when using Spring MVC
14 Jan 2014	CVE-2013-6429	Incomplete fix for CVE-2013-7315 (XXE)
22 Aug 2013	CVE-2013-7315	XML External Entity (XXE) injection in Spring Framework
22 Aug 2013	CVE-2013-4152	XML eXternal Entity (XXE) injection in Spring Framework

Notable Vulnerabilities in Dependencies[1]

Date	CVE Reference	Description	Affected Pivotal Product(s)
26 Oct 2018	USN-3790-1	Requests vulnerability	Pivotal Cloud Foundry
26 Oct 2018	USN-3777-2	Linux kernel (HWE) vulnerabilities	Pivotal Cloud Foundry
26 Oct 2018	USN-3762-2	Linux kernel (HWE) vulnerabilities	Pivotal Cloud Foundry
09 Oct 2018	USN-3752-2	Linux kernel (HWE) vulnerabilities	Pivotal Cloud Foundry
09 Oct 2018	USN-3765-1	curl vulnerability	Pivotal Cloud Foundry
09 Oct 2018	USN-3767-1	GLib vulnerabilities	Pivotal Cloud Foundry
09 Oct 2018	USN-3770-1	Little CMS vulnerabilities	Pivotal Cloud Foundry
27 Sep 2018	USN-3759-1	libtirpc vulnerabilities	Pivotal Cloud Foundry
27 Sep 2018	USN-3758-1	libx11 vulnerabilities	Pivotal Cloud Foundry
27 Sep 2018	USN-3756-1	Intel Microcode vulnerabilities	Pivotal Cloud Foundry
27 Sep 2018	USN-3755-1	GD vulnerabilities	Pivotal Cloud Foundry
27 Sep 2018	USN-3753-2	Linux kernel (Xenial HWE) vulnerabilities	Pivotal Cloud Foundry
27 Sep 2018	USN-3744-1	PostgreSQL vulnerabilities	Pivotal Cloud Foundry
27 Sep 2018	USN-3741-2	Linux kernel (Xenial HWE) vulnerabilities	Pivotal Cloud Foundry
27 Sep 2018	USN-3739-1	libxml2 vulnerabilities	Pivotal Cloud Foundry
27 Sep 2018	USN-3736-1	libarchive vulnerabilities	Pivotal Cloud Foundry
27 Sep 2018	USN-3733-1	GnuPG vulnerability	Pivotal Cloud Foundry
27 Sep 2018	USN-3729-1	libxcursor vulnerability	Pivotal Cloud Foundry
27 Sep 2018	USN-3712-1	libpng vulnerabilities	Pivotal Cloud Foundry
27 Sep 2018	USN-3696-2	Linux kernel (Xenial HWE) vulnerabilities	Pivotal Cloud Foundry
27 Sep 2018	USN-3692-1	OpenSSL vulnerabilities	Pivotal Cloud Foundry
27 Sep 2018	USN-3690-2	AMD Microcode regression	Pivotal Cloud Foundry
27 Sep 2018	USN-3690-1	AMD Microcode update	Pivotal Cloud Foundry
27 Sep 2018	USN-3689-1	Libgcrypt vulnerability	Pivotal Cloud Foundry
27 Sep 2018	USN-3605-1	Sharutils vulnerability	Pivotal Cloud Foundry
27 Sep 2018	USN-3589-1	PostgreSQL vulnerability	Pivotal Cloud Foundry
27 Sep 2018	USN-3564-1	PostgreSQL vulnerability	Pivotal Cloud Foundry
27 Sep 2018	USN-3532-1	GDK-PixBuf vulnerabilities	Pivotal Cloud Foundry
27 Sep 2018	USN-3509-4	Linux kernel (Xenial HWE) regression	Pivotal Cloud Foundry
27 Sep 2018	USN-3352-1	nginx vulnerability	Pivotal Cloud Foundry
09 Aug 2018	CVE-2018-8037	Apache Tomcat - NIO/NIO2 connectors user sessions can get mixed up	Pivotal Cloud Foundry
09 Aug 2018	CVE-2018-1336	Apache Tomcat - UTF-8 decoder can lead to DoS	Pivotal Cloud Foundry
02 Aug 2018	USN-3711-1	ImageMagick vulnerabilities	Pivotal Cloud Foundry
02 Aug 2018	USN-3707-1	NTP vulnerabilities	Pivotal Cloud Foundry
02 Aug 2018	USN-3706-1	libjpeg-turbo vulnerabilities	Pivotal Cloud Foundry
23 Jul 2018	CVE-2018-11047	UAA accepts refresh token as access token on admin endpoints	Pivotal Cloud Foundry
20 Jul 2018	USN-3693-1	JasPer vulnerabilities	Pivotal Cloud Foundry
20 Jul 2018	USN-3686-1	file vulnerabilities	Pivotal Cloud Foundry
20 Jul 2018	USN-3684-1	Perl vulnerability	Pivotal Cloud Foundry
20 Jul 2018	USN-3681-1	ImageMagick vulnerabilities	Pivotal Cloud Foundry
20 Jul 2018	USN-3676-2	Linux kernel (Xenial HWE) vulnerabilities	Pivotal Cloud Foundry
20 Jul 2018	USN-3675-1	GnuPG vulnerabilities	Pivotal Cloud Foundry
20 Jul 2018	USN-3658-1	procps-ng vulnerabilities	Pivotal Cloud Foundry
17 Jul 2018	CVE-2018-11041	UAA open redirect	Pivotal Cloud Foundry
16 Jul 2018	CVE-2018-1269	Loggregator does not properly close some TCP connections	Pivotal Cloud Foundry
16 Jul 2018	CVE-2018-1268	Loggregator lacks app GUID validation	Pivotal Cloud Foundry
19 Jun 2018	CVE-2018-1265	Diego does not properly sanitize file paths in tar/zip files	Pivotal Cloud Foundry
21 Jun 2018	USN-3671-1	Git vulnerabilities	Pivotal Cloud Foundry
21 Jun 2018	USN-3654-2	Linux kernel (Xenial HWE) vulnerabilities	Pivotal Cloud Foundry
21 Jun 2018	USN-3648-1	curl vulnerabilities	Pivotal Cloud Foundry
14 Jun 2018	USN-3643-1	Wget vulnerability	Pivotal Cloud Foundry
14 Jun 2018	USN-3641-1	Linux kernel vulnerabilities	Pivotal Cloud Foundry
14 Jun 2018	USN-3631-2	Linux kernel (Xenial HWE) vulnerabilities	Pivotal Cloud Foundry
14 Jun 2018	USN-3628-1	OpenSSL vulnerability	Pivotal Cloud Foundry
14 Jun 2018	USN-3625-1	Perl vulnerabilities	Pivotal Cloud Foundry
14 Jun 2018	USN-3624-1	Patch vulnerabilities	Pivotal Cloud Foundry
14 Jun 2018	USN-3622-1	Wayland vulnerability	Pivotal Cloud Foundry
21 May 2018	CVE-2018-1277	Garden does not correctly enforce Docker image disc quotas	Pivotal Cloud Foundry
21 May 2018	CVE-2018-1276	Windows2012R2 stemcell exposes IaaS metadata on vSphere	Pivotal Cloud Foundry
10 May 2018	MS-ISAC-2018-046	MS-ISAC 2018-046 Multiple Vulnerabilities in PHP	Pivotal Cloud Foundry
08 May 2018	CVE-2018-1191	Garden may log Docker passwords	Pivotal Cloud Foundry
02 May 2018	USN-3619-2	Linux kernel (Xenial HWE) vulnerabilities	Pivotal Cloud Foundry
02 May 2018	USN-3611-1	OpenSSL vulnerability	Pivotal Cloud Foundry
02 May 2018	USN-3610-1	ICU vulnerability	Pivotal Cloud Foundry
02 May 2018	USN-3606-1	LibTIFF vulnerabilities	Pivotal Cloud Foundry
02 May 2018	USN-3604-1	libvorbis vulnerabilities	Pivotal Cloud Foundry
02 May 2018	USN-3602-1	LibTIFF vulnerabilities	Pivotal Cloud Foundry
02 May 2018	USN-3598-1	curl vulnerabilities	Pivotal Cloud Foundry
02 May 2018	USN-3586-1	DHCP vulnerabilities	Pivotal Cloud Foundry
02 May 2018	USN-3584-1	sensible-utils vulnerability	Pivotal Cloud Foundry
02 May 2018	USN-3569-1	libvorbis vulnerabilities	Pivotal Cloud Foundry
02 May 2018	USN-3554-1	curl vulnerabilities	Pivotal Cloud Foundry
02 May 2018	USN-3547-1	Libtasn1 vulnerabilities	Pivotal Cloud Foundry
02 May 2018	USN-3543-1	rsync vulnerabilities	Pivotal Cloud Foundry
02 May 2018	USN-3534-1	GNU C Library vulnerabilities	Pivotal Cloud Foundry
02 May 2018	USN-3506-1	rsync vulnerabilities	Pivotal Cloud Foundry
02 May 2018	USN-3501-1	libxcursor vulnerability	Pivotal Cloud Foundry
02 May 2018	USN-3346-2	Bind regression	Pivotal Cloud Foundry
30 Apr 2018	CVE-2018-1197	GCP Metadata Endpoint Accessible from Application Containers on Windows	Pivotal Cloud Foundry
05 Apr 2018	CVE-2018-1266	Cloud Controller file modification via malicious application	Pivotal Cloud Foundry
05 Apr 2018	CVE-2018-1231	BOSH CLI does not restrict access to configuration file	Pivotal Cloud Foundry
03 Apr 2018	USN-3582-2	Linux kernel (Xenial HWE) vulnerabilities	Pivotal Cloud Foundry
28 Mar 2018	CVE-2018-1195	Cloud Controller API will accept a refresh token for authentication	Pivotal Cloud Foundry
28 Mar 2018	CVE-2018-1192	UAA SessionID present in Audit Event Logs	Pivotal Cloud Foundry
28 Mar 2018	CVE-2018-1190	XSS on UAA OpenID Connect check session iframe endpoint	Pivotal Cloud Foundry
09 Mar 2018	CVE-2018-1227	Concourse-dot-ci Domain Issue	Pivotal Cloud Foundry
27 Feb 2018	VU475445	VU#475445 SAML Authentication Bypass	Pivotal Cloud Foundry
27 Feb 2018	CVE-2018-1221	Gorouter websocket handling vulnerability	Pivotal Cloud Foundry
01 Feb 2018	USN-3540-2	Linux kernel (Xenial HWE) vulnerabilities	Pivotal Cloud Foundry
01 Feb 2018	USN-3538-1	OpenSSH vulnerabilities	Pivotal Cloud Foundry
01 Feb 2018	USN-3535-1	Bind vulnerability	Pivotal Cloud Foundry
01 Feb 2018	USN-3522-4	Linux (Xenial HWE) vulnerability	Pivotal Cloud Foundry
01 Feb 2018	USN-3522-2	Linux (Xenial HWE) vulnerability	Pivotal Cloud Foundry
01 Feb 2018	USN-3513-1	libxml2 vulnerability	Pivotal Cloud Foundry
01 Feb 2018	USN-3504-1	libxml2 vulnerability	Pivotal Cloud Foundry
03 Jan 2018	Meltdown and Spectre Attacks	Meltdown and Spectre Attacks	All (potentially)
19 Dec 2017	CVE-2017-1000353	Jenkins unauthenticated remote code execution	Pivotal Cloud Foundry
15 Dec 2017	USN-3509-2	Linux kernel (Xenial HWE) vulnerabilities	Pivotal Cloud Foundry
15 Dec 2017	USN-3505-1	Linux firmware vulnerabilities	Pivotal Cloud Foundry
15 Dec 2017	USN-3498-1	curl vulnerabilities	Pivotal Cloud Foundry
15 Dec 2017	USN-3496-3	Python vulnerability	Pivotal Cloud Foundry
15 Dec 2017	USN-3496-1	Python vulnerability	Pivotal Cloud Foundry
15 Dec 2017	USN-3489-1	Berkeley DB vulnerability	Pivotal Cloud Foundry
15 Dec 2017	USN-3485-2	Linux kernel (Xenial HWE) vulnerabilities	Pivotal Cloud Foundry
15 Dec 2017	USN-3478-1	Perl vulnerabilities	Pivotal Cloud Foundry
15 Dec 2017	USN-3475-1	OpenSSL vulnerabilities	Pivotal Cloud Foundry
15 Dec 2017	USN-3469-2	Linux kernel (Xenial HWE) vulnerabilities	Pivotal Cloud Foundry
15 Dec 2017	USN-3464-1	Wget vulnerabilities	Pivotal Cloud Foundry
15 Dec 2017	USN-3458-1	ICU vulnerability	Pivotal Cloud Foundry
15 Dec 2017	USN-3457-1	curl vulnerability	Pivotal Cloud Foundry
21 Nov 2017	USN-3454-1	libffi vulnerability	Pivotal Cloud Foundry
21 Nov 2017	USN-3444-2	Linux kernel (Xenial HWE) vulnerabilities	Pivotal Cloud Foundry
21 Nov 2017	USN-3441-1	curl vulnerabilities	Pivotal Cloud Foundry
21 Nov 2017	USN-3437-1	OCaml vulnerability	Pivotal Cloud Foundry
21 Nov 2017	USN-3434-1	Libidn vulnerability	Pivotal Cloud Foundry
21 Nov 2017	USN-3432-1	ca-certificates update	Pivotal Cloud Foundry
21 Nov 2017	USN-3424-1	libxml2 vulnerabilities	Pivotal Cloud Foundry
21 Nov 2017	USN-3387-1	Git vulnerability	Pivotal Cloud Foundry
16 Nov 2017	CVE-2017-8031	UAA Denial of Service through client token revocation endpoint	Pivotal Cloud Foundry
15 Nov 2017	CVE-2017-14388	GrootFS doesn’t validate DiffIDs	Pivotal Cloud Foundry
11 Oct 2017	CVE-2017-8048	Cloud Controller API regression	Pivotal Cloud Foundry
10 Oct 2017	CVE-2017-8047	Cloud Foundry router open redirect	Pivotal Cloud Foundry
28 Sep 2017	USN-3420-2	Linux kernel (Xenial HWE) vulnerabilities	Pivotal Cloud Foundry
28 Sep 2017	USN-3418-1	GDK-PixBuf vulnerabilities	Pivotal Cloud Foundry
28 Sep 2017	USN-3415-1	tcpdump vulnerabilities	Pivotal Cloud Foundry
28 Sep 2017	USN-3411-1	Bazaar vulnerability	Pivotal Cloud Foundry
28 Sep 2017	USN-3410-1	GD library vulnerability	Pivotal Cloud Foundry
28 Sep 2017	USN-3405-2	Linux kernel (Xenial HWE) vulnerabilities	Pivotal Cloud Foundry
28 Sep 2017	USN-3398-1	graphite2 vulnerabilities	Pivotal Cloud Foundry
08 Sep 2017	CVE-2017-9805	Apache Struts Remote Code Execution	Spring, Pivotal Cloud Foundry
28 Aug 2017	USN-3392-2	Linux kernel (Xenial HWE) regression	Pivotal Cloud Foundry
21 Aug 2017	USN-3385-2	Linux kernel (Xenial HWE) vulnerabilities	Pivotal Cloud Foundry
14 Aug 2017	USN-3378-2	Linux kernel (Xenial HWE) vulnerabilities	Pivotal Cloud Foundry
14 Aug 2017	USN-3367-1	gdb vulnerabilities	Pivotal Cloud Foundry
14 Aug 2017	USN-3364-2	Linux kernel (Xenial HWE) vulnerabilities	Pivotal Cloud Foundry
14 Aug 2017	USN-3363-2	ImageMagick regression References	Pivotal Cloud Foundry
14 Aug 2017	USN-3363-1	ImageMagick vulnerabilities	Pivotal Cloud Foundry
14 Aug 2017	USN-3356-1	Expat vulnerability	Pivotal Cloud Foundry
14 Aug 2017	USN-3353-1	Heimdal vulnerability	Pivotal Cloud Foundry
14 Aug 2017	USN-3349-1	NTP vulnerabilities	Pivotal Cloud Foundry
14 Aug 2017	USN-3347-1	Libgcrypt vulnerabilities	Pivotal Cloud Foundry
14 Aug 2017	USN-3346-1	bind9 vulnerabilities	Pivotal Cloud Foundry
14 Aug 2017	USN-3344-2	Linux kernel (Xenial HWE) vulnerabilities	Pivotal Cloud Foundry
07 Aug 2017	CVE-2017-8037	Incomplete fix for Cloud Controller API access to CC VM contents	Pivotal Cloud Foundry
02 Aug 2017	CVE-2017-9022/CVE-2017-9023	strongSwan DOS Vulnerabilities	Pivotal Cloud Foundry
01 Aug 2017	CVE-2017-8038	Credentials readable from CredHub endpoint	Pivotal Cloud Foundry
25 Jul 2017	CVE-2017-8036	Cloud Controller API regression	Pivotal Cloud Foundry
25 Jul 2017	CVE-2017-8035	Cloud Controller API access to CC VM contents	Pivotal Cloud Foundry
25 Jul 2017	CVE-2017-8033	Cloud Controller API filesystem traversal vulnerability	Pivotal Cloud Foundry
24 Jul 2017	CVE-2017-8032	UAA Identity Zone Admin Privilege Escalation	Pivotal Cloud Foundry
05 Jul 2017	CVE-2017-7485	PostgreSQL vulnerabilities	Pivotal Cloud Foundry
26 Jun 2017	CVE-2017-5946	Directory Traversal in Rubyzip	Pivotal Cloud Foundry
26 Jun 2017	USN-3334-1	Linux kernel (Xenial HWE) vulnerabilities	Pivotal Cloud Foundry
26 Jun 2017	USN-3323-1	GNU C Library vulnerability	Pivotal Cloud Foundry
26 Jun 2017	USN-3318-1	GnuTLS vulnerabilities	Pivotal Cloud Foundry
26 Jun 2017	USN-3312-2	Linux kernel (Xenial HWE) vulnerabilities	Pivotal Cloud Foundry
26 Jun 2017	USN-3311-1	libnl vulnerability	Pivotal Cloud Foundry
26 Jun 2017	USN-3309-1	Libtasn1 vulnerability	Pivotal Cloud Foundry
26 Jun 2017	USN-3302-1	ImageMagick vulnerabilities	Pivotal Cloud Foundry
26 Jun 2017	USN-3212-2	LibTIFF regression	Pivotal Cloud Foundry
22 Jun 2017	USN-3304-1	Sudo vulnerability	Pivotal Cloud Foundry
08 Jun 2017	CVE-2017-4994	Forwarded Headers in UAA	Pivotal Cloud Foundry
08 Jun 2017	USN-3295-1	JasPer vulnerabilities	Pivotal Cloud Foundry
08 Jun 2017	USN-3294-1	Bash vulnerabilities	Pivotal Cloud Foundry
08 Jun 2017	USN-3291-3	Linux kernel (Xenial HWE) vulnerabilities	Pivotal Cloud Foundry
08 Jun 2017	USN-3287-1	Git vulnerability	Pivotal Cloud Foundry
08 Jun 2017	USN-3283-1	rtmpdump vulnerabilities	Pivotal Cloud Foundry
08 Jun 2017	USN-3282-1	FreeType vulnerabilities	Pivotal Cloud Foundry
08 Jun 2017	USN-3276-2	shadow regression	Pivotal Cloud Foundry
08 Jun 2017	USN-3263-1	FreeType vulnerability	Pivotal Cloud Foundry
08 Jun 2017	USN-3259-1	Bind vulnerabilities	Pivotal Cloud Foundry
08 Jun 2017	USN-3246-1	Eject vulnerability	Pivotal Cloud Foundry
08 Jun 2017	USN-3181-1	OpenSSL vulnerabilities	Pivotal Cloud Foundry
19 May 2017	CVE-2017-4992	Privilege escalation with user invitations	Pivotal Cloud Foundry
19 May 2017	CVE-2017-4991	UAA password reset vulnerability	Pivotal Cloud Foundry
02 May 2017	USN-3265-2	Linux kernel (Xenial HWE) vulnerabilities	Pivotal Cloud Foundry
01 May 2017	CVE-2017-4974	Blind SQL Injection with privileged UAA endpoints	Pivotal Cloud Foundry
20 Apr 2017	CVE-2015-3281	HAProxy vulnerabilities	Pivotal Cloud Foundry
20 Apr 2017	CVE-2017-4973	Privilege Escalation in UAA	Pivotal Cloud Foundry
20 Apr 2017	CVE-2017-4972	Blind SQL Injection in UAA	Pivotal Cloud Foundry
13 Apr 2017	CVE-2017-4969	Bug in CC allows users to exceed quotas	Pivotal Cloud Foundry
12 Apr 2017	USN-3256-2	Linux kernel (HWE) vulnerability	Pivotal Cloud Foundry
10 Apr 2017	CVE-2017-4970	Staticfile buildpack ignores basic authentication when misconfigured	Pivotal Cloud Foundry
06 Apr 2017	USN-3243-1	Git vulnerability	Pivotal Cloud Foundry
06 Apr 2017	USN-3241-1	audiofile vulnerabilities	Pivotal Cloud Foundry
06 Apr 2017	USN-3239-2	GNU C Library Regression	Pivotal Cloud Foundry
06 Apr 2017	USN-3237-1	FreeType vulnerability	Pivotal Cloud Foundry
06 Apr 2017	USN-3235-1	libxml2 vulnerabilities	Pivotal Cloud Foundry
06 Apr 2017	USN-3232-1	ImageMagick vulnerabilities	Pivotal Cloud Foundry
06 Apr 2017	USN-3227-1	ICU vulnerabilities	Pivotal Cloud Foundry
06 Apr 2017	USN-3225-1	libarchive vulnerabilities	Pivotal Cloud Foundry
06 Apr 2017	USN-3183-2	GnuTLS vulnerability	Pivotal Cloud Foundry
05 Apr 2017	CVE-2017-5649	Apache Geode privilege escalation vulnerability	Pivotal GemFire
04 Apr 2017	USN-3201-1	Bind vulnerabilities	Pivotal Cloud Foundry
04 Apr 2017	USN-3234-2	Linux kernel (Xenial HWE) vulnerabilities	Pivotal Cloud Foundry
04 Apr 2017	USN-3228-1	libevent vulnerabilities	Pivotal Cloud Foundry
04 Apr 2017	USN-3247-1	AppArmor vulnerability	Pivotal Cloud Foundry
04 Apr 2017	USN-3249-2	Linux kernel (Xenial HWE) vulnerability	Pivotal Cloud Foundry
31 Mar 2017	USN-3222-1	ImageMagick vulnerabilities	Pivotal Cloud Foundry
31 Mar 2017	USN-3213-1	GD library vulnerabilities	Pivotal Cloud Foundry
31 Mar 2017	USN-3212-1	LibTIFF vulnerabilities	Pivotal Cloud Foundry
31 Mar 2017	USN-3205-1	tcpdump vulnerabilities	Pivotal Cloud Foundry
31 Mar 2017	USN-3142-2	ImageMagick vulnerabilities	Pivotal Cloud Foundry
29 Mar 2017	CVE-2017-4963	Session Fixation for UAA External Authentication	Pivotal Cloud Foundry
17 Mar 2017	USN-3196-1	Multiple PHP vulnerabilities	Pivotal Cloud Foundry
17 Mar 2017	USN-3185-1	libXpm vulnerability	Pivotal Cloud Foundry
17 Mar 2017	USN-3193-1	Nettle vulnerability	Pivotal Cloud Foundry
17 Mar 2017	USN-3183-1	GnuTLS vulnerabilities	Pivotal Cloud Foundry
14 Mar 2017	USN-3189-2	Linux kernel (Xenial HWE) vulnerabilities	Pivotal Cloud Foundry
14 Mar 2017	CVE-2017-5638	Apache Struts Remote Code Execution	Pivotal Cloud Foundry
13 Mar 2017	USN-3220-2	Linux kernel (Xenial HWE) vulnerability	Pivotal Cloud Foundry
09 Mar 2017	CVE-2017-4960	UAA OAuth DOS via lockout feature	Pivotal Cloud Foundry
01 Mar 2017	USN-3208-2	Linux kernel (Xenial HWE) vulnerabilities	Pivotal Cloud Foundry
31 Jan 2017	USN-3172-1	Bind vulnerabilities	Pivotal Cloud Foundry
31 Jan 2017	USN-3169-2	Linux kernel (Xenial HWE) vulnerabilities	Pivotal Cloud Foundry
31 Jan 2017	USN-3161-2	Linux kernel (Xenial HWE) vulnerabilities	Pivotal Cloud Foundry
23 Jan 2017	CVE-2016-6660	Cloud Controller logs application environment variables	Pivotal Cloud Foundry
19 Jan 2017	USN-3024-1	tomcat6, tomcat7 vulnerabilities	Pivotal Cloud Foundry
12 Jan 2017	RunC Exec	RunC Exec Vulnerability	Pivotal Cloud Foundry
10 Jan 2017	CVE-2016-9882	Cloud Foundry Logs Service Credentials	Pivotal Cloud Foundry
29 Dec 2016	CVE-2016-3958 and CVE-2016-3959	Golang vulnerabilities	Pivotal Cloud Foundry
27 Dec 2016	USN-3146-2	Linux kernel (Xenial HWE) vulnerabilities	Pivotal Cloud Foundry
27 Dec 2016	USN-3128-2	Linux kernel (Xenial HWE) vulnerability	Pivotal Cloud Foundry
27 Dec 2016	USN-3142-1	ImageMagick vulnerabilities	Pivotal Cloud Foundry
19 Dec 2016	CVE-2016-8219	Space Auditor can restage apps	Pivotal Cloud Foundry
21 Dec 2016	Multiple CVEs	httpoxy vulnerabilities	Pivotal Cloud Foundry
20 Dec 2016	USN-3156-1	APT vulnerability	Pivotal Cloud Foundry
19 Dec 2016	USN-3131-1	ImageMagick vulnerabilities	Pivotal Cloud Foundry
19 Dec 2016	USN-3067-1	HarfBuzz vulnerabilities	Pivotal Cloud Foundry
19 Dec 2016	USN-3117-1	GD library vulnerabilities	Pivotal Cloud Foundry
14 Dec 2016	USN-3132-1	tar vulnerability	Pivotal Cloud Foundry
14 Dec 2016	USN-3134-1	Python vulnerabilities	Pivotal Cloud Foundry
14 Dec 2016	USN-3139-1	Vim vulnerability	Pivotal Cloud Foundry
14 Dec 2016	CVE-2016-6659	UAA Privilege Escalation	Pivotal Cloud Foundry
14 Dec 2016	USN-3116-1	DBus vulnerabilities	Pivotal Cloud Foundry
14 Dec 2016	USN-3119-1	Bind vulnerability	Pivotal Cloud Foundry
13 Dec 2016	USN-3123-1	curl vulnerabilities	Pivotal Cloud Foundry
13 Dec 2016	USN-3088-1	Bind vulnerability	Pivotal Cloud Foundry
09 Dec 2016	CVE-2016-8218	Unauthenticated JWT signing algorithm in routing	Pivotal Cloud Foundry
07 Dec 2016	USN-3151-2	Linux kernel (Xenial HWE) vulnerability	Pivotal Cloud Foundry
17 Nov 2016	CVE-2016-6663/CVE-2016-6664	MariaDB Root Privilege Escalation	Pivotal Cloud Foundry
17 Nov 2016	Several	PCRE vulnerabilities prior to version 8.39	Pivotal Cloud Foundry
07 Nov 2016	USN-3096-1	NTP vulnerabilities	Pivotal Cloud Foundry
07 Nov 2016	USN-3095-1	PHP vulnerabilities	Pivotal Cloud Foundry
02 Nov 2016	CVE-2016-6658	Incomplete fix for Credential Vulnerability for Custom Buildpacks	Pivotal Cloud Foundry
21 Oct 2016	CVE-2016-5195	Linux kernel vulnerability	Pivotal Cloud Foundry
17 Oct 2016	CVE-2016-6655	Utility Script Command Injection	Pivotal Cloud Foundry
17 Oct 2016	USN-3099-2	Linux kernel vulnerabilities	Pivotal Cloud Foundry
29 Sep 2016	CVE-2016-6653	MySQL Audit logs sent to Syslog	Pivotal Cloud Foundry
28 Sep 2016	USN-3087-2	OpenSSL Regression	Pivotal Cloud Foundry
28 Sep 2016	USN-3083-1	Linux kernel vulnerabilities	Pivotal Cloud Foundry
28 Sep 2016	USN-3068-1	Libidn vulnerabilities	Pivotal Cloud Foundry
28 Sep 2016	CVE-2016-6662	Multiple MySQL Vulnerabilities	Pivotal Cloud Foundry
28 Sep 2016	USN-3085-1	GDK-PixBuf vulnerabilities	Pivotal Cloud Foundry
26 Sep 2016	CVE-2016-6651	Privilege Escalation in UAA	Pivotal Cloud Foundry
26 Sep 2016	CVE-2016-6636	UAA Open Redirect Vulnerability for Subdomains	Pivotal Cloud Foundry
26 Sep 2016	CVE-2016-6637	UAA CSRF Vulnerability for OAuth Approvals	Pivotal Cloud Foundry
21 Sep 2016	CVE-2014-9130	LibYAML vulnerability	Pivotal Cloud Foundry
09 Sep 2016	CVE-2016-6639	PHP Buildpack exposes .profile file	Pivotal Cloud Foundry
09 Sep 2016	USN-3045-1	PHP vulnerabilities	Pivotal Cloud Foundry
25 Aug 2016	USN-3065-1	Libgcrypt vulnerability	Pivotal Cloud Foundry
25 Aug 2016	USN-3064-1	GnuPG vulnerability	Pivotal Cloud Foundry
25 Aug 2016	USN-3063-1	Fontconfig vulnerability	Pivotal Cloud Foundry
25 Aug 2016	USN-3061-1	OpenSSH vulnerability	Pivotal Cloud Foundry
25 Aug 2016	USN-3030-1/USN-3060-1	GD library vulnerability	Pivotal Cloud Foundry
25 Aug 2016	USN-3053-1/USN-3037-1	Linux kernel (Vivid HWE) vulnerability	Pivotal Cloud Foundry
25 Aug 2016	USN-3048-1	curl vulnerability	Pivotal Cloud Foundry
25 Aug 2016	USN-3033-1	libarchive vulnerability	Pivotal Cloud Foundry
18 Aug 2016	CVE-2016-5016	UAA accepts expired certificates	Pivotal Cloud Foundry
26 Jul 2016	CVE-2016-5006	Cloud Controller API logs user-provided service credentials	Pivotal Cloud Foundry
13 Jul 2016	USN-3010-1	Expat vulnerabilities	Pivotal Cloud Foundry
13 Jul 2016	CVE-2016-4450	Nginx Vulnerabilities	Pivotal Cloud Foundry
13 Jul 2016	USN-3012-1	Wget vulnerability	Pivotal Cloud Foundry
01 Jul 2016	USN-3020-1	Linux kernel (Vivid HWE) vulnerabilities	Pivotal Cloud Foundry
30 Jun 2016	CVE-2016-4468	UAA SQL Injection	Pivotal Cloud Foundry
15 Jun 2016	USN-3001-1	Linux kernel (Vivid HWE) vulnerabilities	Pivotal Cloud Foundry
13 Jun 2016	CVE-2016-4435	BOSH Agent Anonymous Endpoint	Pivotal Cloud Foundry
13 Jun 2016	USN-2994-1	libxml2 vulnerabilities	Pivotal Cloud Foundry
13 Jun 2016	USN-2991-1	nginx vulnerability	Pivotal Cloud Foundry
13 Jun 2016	USN-2990-1	ImageMagick vulnerability (a.k.a. ImageTragick)	Pivotal Cloud Foundry
13 Jun 2016	USN-2987-1	GD library vulnerabilities	Pivotal Cloud Foundry
13 Jun 2016	USN-2985-2	GNU C Library regression	Pivotal Cloud Foundry
13 Jun 2016	USN-2983-1	Expat vulnerability	Pivotal Cloud Foundry
13 Jun 2016	USN-2981-1	libarchive vulnerabilities	Pivotal Cloud Foundry
13 Jun 2016	USN-2966-1	OpenSSH vulnerabilities	Pivotal Cloud Foundry
13 Jun 2016	USN-2961-1	Little CMS vulnerability	Pivotal Cloud Foundry
08 Jun 2016	CVE-2013-7456	PHP vulnerabilities	Pivotal Cloud Foundry
03 Jun 2016	USN-2970-1	Linux kernel (Vivid HWE) vulnerabilities	Pivotal Cloud Foundry
23 May 2016	CVE-2016-3084	UAA Password Reset Vulnerability	Pivotal Cloud Foundry
19 May 2016	USN-2977-1	Linux kernel (Vivid HWE) vulnerabilities	Pivotal Cloud Foundry
17 May 2016	CVE-2016-3091	Diego log encoding vulnerability	Pivotal Cloud Foundry
06 May 2016	USN-2959-1	OpenSSL vulnerabilities	Pivotal Cloud Foundry
06 May 2016	USN-2957-1	Libtasn1 vulnerability	Pivotal Cloud Foundry
06 May 2016	USN-2949-1	Linux kernel (Vivid HWE) vulnerabilities	Pivotal Cloud Foundry
06 May 2016	USN-2943-1	PCRE vulnerabilities	Pivotal Cloud Foundry
06 May 2016	USN-2935-2	PAM regression	Pivotal Cloud Foundry
02 May 2016	CVE-2015-5170-5173	UAA Vulnerabilities	Pivotal Cloud Foundry
14 Apr 2016	Badlock bug	Samba and Windows Vulnerabilities	n/a
24 Mar 2016	USN-2939-1	LibTIFF vulnerabilities	Pivotal Cloud Foundry
24 Mar 2016	USN-2927-1	Graphite2 vulnerabilities	Pivotal Cloud Foundry
24 Mar 2016	USN-2925-1	Bind9 vulnerabilities	Pivotal Cloud Foundry
24 Mar 2016	USN-2919-1	JasPer vulnerabilities	Pivotal Cloud Foundry
24 Mar 2016	USN-2918-1	Pixman vulnerabilities	Pivotal Cloud Foundry
24 Mar 2016	USN-2916-1	Perl vulnerabilities	Pivotal Cloud Foundry
24 Mar 2016	USN-2914-1	OpenSSL vulnerabilities	Pivotal Cloud Foundry
24 Mar 2016	NPM Ownership Issue	Warning about NPM modules	Pivotal Cloud Foundry
24 Mar 2016	USN-2938-1	Git vulnerabilities	Pivotal Cloud Foundry
16 Mar 2016	USN-2932-1	Linux kernel vulnerabilities	Pivotal Cloud Foundry
02 Mar 2016	CVE-2016-0800	OpenSSL vulnerabilities	Pivotal Cloud Foundry
26 Feb 2016	USN-2910-1	Linux kernel vulnerability	Pivotal Cloud Foundry
26 Feb 2016	CVE-2016-0761	Docker Image Host Files Corruption	Pivotal Cloud Foundry
19 Feb 2016	USN-2900-1	GNU libc vulnerability	Pivotal Cloud Foundry
02 Feb 2016	CVE-2016-0732	Privilege Escalation	Pivotal Cloud Foundry
01 Feb 2016	CVE-2016-0713	Gorouter XSS	Pivotal Cloud Foundry
22 Jan 2016	USN-2871-1	Linux kernel vulnerability	Pivotal Cloud Foundry
20 Jan 2016	CVE-2016-0715	Remote Information Disclosure	Pivotal Cloud Foundry
19 Jan 2016	USN-2865-1	GnuTLS vulnerability	Pivotal Cloud Foundry
19 Jan 2016	USN-2861-1	libpng vulnerability	Pivotal Cloud Foundry
19 Jan 2016	USN-2868-1	DHCP vulnerability	Pivotal Cloud Foundry
19 Jan 2016	USN-2869-1	OpenSSH vulnerability	Pivotal Cloud Foundry
18 Jan 2016	CVE-2016-0708	Remote Information Disclosure	Pivotal Cloud Foundry
07 Jan 2016	USN-2857-1	Linux kernel vulnerability	Pivotal Cloud Foundry
07 Jan 2016	USN-2842-1/USN-2842-2	Linux kernel vulnerability	Pivotal Cloud Foundry
07 Jan 2016	USN-2837-1	bind9 vulnerability	Pivotal Cloud Foundry
07 Jan 2016	USN-2836-1	grub2 vulnerability	Pivotal Cloud Foundry
07 Jan 2016	USN-2835-1	git vulnerability	Pivotal Cloud Foundry
07 Jan 2016	USN-2834-1	libxml2 vulnerability	Pivotal Cloud Foundry
07 Jan 2016	USN-2830-1	OpenSSL vulnerability	Pivotal Cloud Foundry
07 Jan 2016	USN-2829-1	Linux kernel vulnerability	Pivotal Cloud Foundry
15 Dec 2015	CVE-2015-5350	Garden Nstar vulnerability	Pivotal Cloud Foundry
04 Dec 2015	USN-2821-1	GnuTLS vulnerability	Pivotal Cloud Foundry
04 Dec 2015	USN-2820-1	dpkg vulnerability	Pivotal Cloud Foundry
02 Dec 2015	USN-2815-1	PNG vulnerability	Pivotal Cloud Foundry
02 Dec 2015	USN-2812-1	libxml2 vulnerability	Pivotal Cloud Foundry
02 Dec 2015	USN-2810-1	Kerberos vulnerability	Pivotal Cloud Foundry
02 Dec 2015	USN-2787-1	audiofile vulnerability	Pivotal Cloud Foundry
24 Nov 2015	USN-2788-1/2788-2	unzip vulnerability	Pivotal Cloud Foundry
12 Nov 2015	USN-2798-1	Linux kernel vulnerability	Pivotal Cloud Foundry
12 Nov 2015	USN-2806-1	Linux kernel vulnerability	Pivotal Cloud Foundry
03 Nov 2015	USN-2778-1	Linux kernel vulnerabilities	Pivotal Cloud Foundry
03 Nov 2015	USN-2767-1	GDK-Pixbuf library vulnerability	Pivotal Cloud Foundry
07 Oct 2015	Golang	Golang 1.4.3 CVE Fixes	Pivotal Cloud Foundry
07 Oct 2015	USN-2722-1	GDK-PixBuf Vulnerabilities	Pivotal Cloud Foundry
07 Oct 2015	USN-2711-1	Net-SNMP Vulnerabilities	Pivotal Cloud Foundry
07 Oct 2015	USN-2739-1	FreeType Vulnerabilities	Pivotal Cloud Foundry
07 Oct 2015	USN-2740-1	ICU Vulnerabilities	Pivotal Cloud Foundry
07 Oct 2015	USN-2751-1	Linux Kernel (Vivid HWE) Vulnerability	Pivotal Cloud Foundry
07 Oct 2015	USN-2756-1	rpcbind Vulnerability	Pivotal Cloud Foundry
07 Oct 2015	USN-2765-1	Linux Kernel (Vivid HWE) Vulnerability	Pivotal Cloud Foundry
08 Sep 2015	USN-2710-1	OpenSSH Vulnerabilities	Pivotal Cloud Foundry
08 Sep 2015	USN-2698-1	SQLite Vulnerabilities	Pivotal Cloud Foundry
08 Sep 2015	USN-2694-1	PCRE Vulnerabilities	Pivotal Cloud Foundry
08 Sep 2015	USN-2718-1	Address Configuration Change Vulnerabilities	Pivotal Cloud Foundry
06 Aug 2015	USN-2696-1	OpenJDK 7 Vulnerabilities	Pivotal Cloud Foundry
29 Jul 2015	CVE-2015-3290	Linux Kernel NMI Vulnerability	Pivotal Cloud Foundry
10 Jul 2015	CVE-2015-1420	file_handle size verification	Pivotal Cloud Foundry
06 Jul 2015	CVE-2015-1330	Unattended-Upgrades Vulnerability	Pivotal Cloud Foundry
25 Jun 2015	CVE-2015-3189	Expire old reset password links	UAA, Pivotal Cloud Foundry
25 Jun 2015	CVE-2015-3190	Open redirect on Login	UAA, Pivotal Cloud Foundry
25 Jun 2015	CVE-2015-3191	CSRF attack on change email	UAA, Pivotal Cloud Foundry
12 Jun 2015	USN-2639-1	OpenSSL vulnerabilities	Pivotal Cloud Foundry
12 Jun 2015	CVE-2015-3636	ipv4 use-after-free	Pivotal Cloud Foundry
17 Jun 2015	CVE-2015-1328	overlayfs privilege escalation	Pivotal Cloud Foundry
09 Jun 2015	Redis LUA Sandbox	Redis LUA Exploit	Pivotal Cloud Foundry
22 May 2015	CVE-2015-1834	Path Traversal Vulnerability	Pivotal Cloud Foundry
22 May 2015	USN-2617-1	FUSE Vulnerability	Pivotal Cloud Foundry
30 Apr 2015	CVE-2015-1855	Ruby OpenSSL Hostname Verification	Pivotal Cloud Foundry
23 Mar 2015	CVE-2015-0282	Multiple GnuTLS Vulnerabilities	Pivotal Cloud Foundry
21 Mar 2015	USN-2537-1	OpenSSL vulnerabilities	Pivotal Cloud Foundry
13 Mar 2015	CVE-2014-8159	Linux Kernel Infiniband Vulnerability
09 Feb 2015	CVE-2014-0227	Apache Tomcat Request Smuggling	Pivotal tc Server
28 Jan 2015	CVE-2015-0235	GHOST	Pivotal Cloud Foundry
10 Sep 2014	CVE-2013-4444	Remote Code Execution in Apache Tomcat	Pivotal Cloud Foundry
16 Oct 2014	CVE-2014-3566	SSLV3 POODLE	Pivotal Cloud Foundry
29 Sep 2014	CVE-2014-7186	Bash Out-of Bonds	Pivotal Cloud Foundry
25 Sep 2014	CVE-2014-6271	Bash - ShellShock	Pivotal Cloud Foundry
19 Sep 2014	CVE-2014-5119	glib_gconv_translit_find() exploit	Pivotal Cloud Foundry
18 Aug 2014	CVE-2014-3153	Futex requeue exploit	Pivotal Cloud Foundry
05 Jun 2014	CVE-2014-0224	SSL/TLS MITM Vulnerability	vFabric Web Server Pivotal Web Server Enterprise Ready Server (ERS) Greenplum Command Center (GPCC) Greenplum Database (GPDB) HAWQ Pivotal Command Center (PCC) Pivotal App Suite Virtual Appliance GemFire Native Client
10 Apr 2014	CVE-2014-0160	Heartbleed	vFabric Web Server vFabric GemFire Native Client Pivotal GemFire Native Client Pivotal Command Center Pivotal App Suite Virtual Appliance

[1] This table is not yet a complete list of vulnerabilities in dependencies. Formulating such a list is an extensive undertaking which Pivotal is addressing systematically. When this table becomes a complete and comprehensive list, we will remove this footnote.

Thanks

The Pivotal Security Team would like to thank the following individuals and companies for responsibly reporting a security issue. Names appear in the order vulnerability reports were received, most recent first.

Rohit Patil
Jimmy Bruneel
Taha Smily
Lacroute Serge
Md. Nur A Alam Dipu
GE Digital Security Team
SaifAllah benMassaoud
Pradeep Kumar
Muhammad Abdullah
Koutrouss Naddara

Note: Reports of vulnerabilities in Pivotal products are listed in the credit section of the associated security announcement.