Pivotal Application Security Team


Overview

The Pivotal Application Security Team provides a single point of contact for the reporting of security vulnerabilities in Pivotal products and coordinates the process of investigating any reported vulnerabilities.

Reporting a vulnerability

We strongly encourage people to report security vulnerabilities privately to our security team before disclosing them in a public forum.

Please note that the e-mail address below should only be used for reporting undisclosed security vulnerabilities in Pivotal products and managing the process of fixing such vulnerabilities. We cannot accept regular bug reports or other security related queries at this address.

The e-mail address to use to contact the Pivotal Application Security Team is security@pivotal.io.

The fingerprint is: 16F6 51BF 4637 F486 C5E2 4635 19BB 5184 0191 92ED

It can be obtained from a public key server such as pgp.mit.edu.



Pivotal Product Vulnerability Reports
Date   CVE Reference   Description
21 Sep 2017 CVE-2017-8046   RCE in PATCH requests in Spring Data REST
19 Sep 2017 CVE-2017-8045   Remote code execution in spring-amqp
15 Sep 2017 CVE-2017-8039   Data Binding Expression Vulnerability in Spring Web Flow
31 Aug 2017 CVE-2017-8044   XSS vulnerability in Single Sign-On for PCF via DOM-based query parameters
31 Aug 2017 CVE-2017-8041   XSS vulnerability in org name in Single Sign-On for PCF
31 Aug 2017 CVE-2017-8040   XXE Vulnerability in Single Sign-On for PCF
08 Jun 2017 CVE-2017-4995   Jackson Configuration Allows Code Execution with Unknown “Serialization Gadgets”
31 May 2017 CVE-2017-4971   Data Binding Expression Vulnerability in Spring Web Flow
15 May 2017 CVE-2017-4975   Tile generator sets open security groups
04 May 2017 CVE-2017-4966   RabbitMQ local storage of credentials
04 May 2017 CVE-2017-4965   XSS vulnerabilities in RabbitMQ management UI
27 Mar 2017 CVE-2017-2773   Unauthenticated JWT signing algorithm in multiple components
24 Mar 2017 CVE-2017-4955   Credentials in Elastic Runtime Notifications errand log
14 Feb 2017 CVE-2017-4959   Pivotal Cloud Foundry account authorization vulnerability
09 Feb 2017 CVE-2016-9880   Unauthenticated access to GemFire for PCF broker endpoints
04 Jan 2017 CVE-2016-9885   gfsh exposed over go router for GemFire for PCF
28 Dec 2016 CVE-2016-9879   Encoded "/" in path variables
28 Dec 2016 CVE-2016-0898   Service backups log AWS key
21 Dec 2016 CVE-2016-9878   Directory Traversal in the Spring Framework ResourceServlet
19 Dec 2016 CVE-2016-9877   RabbitMQ authentication vulnerability
31 Oct 2016 CVE-2016-6657   PCF Open Redirects
31 Oct 2016 CVE-2016-6656   Code injection vulnerability via GPHDFS in Greenplum database
30 Sep 2016 CVE-2016-6652   Spring Data JPA Blind SQL Injection Vulnerability
12 Sep 2016 CVE-2016-0930   Ops Manager Compilation VMs Vulnerability on vSphere and vCloud
27 Jul 2016 CVE-2016-0896   IaaS Metadata Endpoint Accessible from Application Containers
15 Jul 2016 CVE-2016-0929   RabbitMQ for PCF vulnerability
07 Jul 2016 CVE-2016-5007   Spring Security / MVC Path Matching Inconsistency
07 Jul 2016 CVE-2016-0926   Apps Manager XSS vulnerability
05 Jul 2016 CVE-2016-4977   Remote Code Execution (RCE) in Spring Security OAuth
29 Jun 2016 CVE-2016-0928   PCF Open Redirects
24 Jun 2016 CVE-2016-0897   Ops Manager vSphere and vCloud vulnerability
23 Jun 2016 CVE-2016-0927   Ops Manager XSS vulnerability
11 Apr 2016 CVE-2016-2173   Remote Code Execution in Spring AMQP
23 Mar 2016 CVE-2016-0780   Cloud Controller Disk Quota Enforcement
23 Mar 2016 CVE-2016-2165   Loggregator Request URL Paths
23 Mar 2016 CVE-2016-0781   UAA Persistent XSS Vulnerability
03 Feb 2016 CVE-2016-0883   Pivotal Ops Manager Weak Authentication Scheme
12 Nov 2015 CVE-2015-5258   Spring Social CSRF
15 Oct 2015 CVE-2015-5211   RFD Attack in Spring Framework
30 Jun 2015 CVE-2015-3192   DoS Attack with XML Input
06 Mar 2015 CVE-2015-0201   Insufficiently random session id in Java SockJS client
13 Jan 2015 CVE-2014-3626   Directory Traversal in Grails Resources Plugin
11 Nov 2014 CVE-2014-3625   Directory Traversal in Spring Framework
05 Sep 2014 CVE-2014-3578   Directory Traversal in Spring Framework
15 Aug 2014 CVE-2014-3527   Access Control Bypass in Spring Security
28 May 2014 CVE-2014-0225   Information Disclosure when using Spring MVC
11 Mar 2014 CVE-2014-1904   XSS when using Spring MVC
11 Mar 2014 CVE-2014-0097   Blank password may bypass user authentication
11 Mar 2014 CVE-2014-0054   Incomplete fix for CVE-2013-7315 / CVE-2013-6429 (XXE)
19 Feb 2014 CVE-2014-0053   Information Disclosure when using Grails
14 Jan 2014 CVE-2013-6430   Possible XSS when using Spring MVC
14 Jan 2014 CVE-2013-6429   Incomplete fix for CVE-2013-7315 (XXE)
22 Aug 2013 CVE-2013-7315   XML External Entity (XXE) injection in Spring Framework
22 Aug 2013 CVE-2013-4152   XML eXternal Entity (XXE) injection in Spring Framework


Notable Vulnerabilities in Dependencies[1]
Date   CVE Reference   Description Affected Pivotal Product(s)
08 Sep 2017 CVE-2017-9805   Apache Struts Remote Code Execution Spring, Pivotal Cloud Foundry
28 Aug 2017 USN-3392-2   Linux kernel (Xenial HWE) regression Pivotal Cloud Foundry
21 Aug 2017 USN-3385-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
14 Aug 2017 USN-3378-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
14 Aug 2017 USN-3367-1   gdb vulnerabilities Pivotal Cloud Foundry
14 Aug 2017 USN-3364-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
14 Aug 2017 USN-3363-2   ImageMagick regression References Pivotal Cloud Foundry
14 Aug 2017 USN-3363-1   ImageMagick vulnerabilities Pivotal Cloud Foundry
14 Aug 2017 USN-3356-1   Expat vulnerability Pivotal Cloud Foundry
14 Aug 2017 USN-3353-1   Heimdal vulnerability Pivotal Cloud Foundry
14 Aug 2017 USN-3349-1   NTP vulnerabilities Pivotal Cloud Foundry
14 Aug 2017 USN-3347-1   Libgcrypt vulnerabilities Pivotal Cloud Foundry
14 Aug 2017 USN-3346-1   bind9 vulnerabilities Pivotal Cloud Foundry
14 Aug 2017 USN-3344-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
07 Aug 2017 CVE-2017-8037   Incomplete fix for Cloud Controller API access to CC VM contents Pivotal Cloud Foundry
02 Aug 2017 CVE-2017-9022/CVE-2017-9023   strongSwan DOS Vulnerabilities Pivotal Cloud Foundry
01 Aug 2017 CVE-2017-8038   Credentials readable from CredHub endpoint Pivotal Cloud Foundry
25 Jul 2017 CVE-2017-8036   Cloud Controller API regression Pivotal Cloud Foundry
25 Jul 2017 CVE-2017-8035   Cloud Controller API access to CC VM contents Pivotal Cloud Foundry
25 Jul 2017 CVE-2017-8033   Cloud Controller API filesystem traversal vulnerability Pivotal Cloud Foundry
24 Jul 2017 CVE-2017-8032   UAA Identity Zone Admin Privilege Escalation Pivotal Cloud Foundry
05 Jul 2017 CVE-2017-7485   PostgreSQL vulnerabilities Pivotal Cloud Foundry
26 Jun 2017 CVE-2017-5946   Directory Traversal in Rubyzip Pivotal Cloud Foundry
26 Jun 2017 USN-3334-1   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
26 Jun 2017 USN-3323-1   GNU C Library vulnerability Pivotal Cloud Foundry
26 Jun 2017 USN-3318-1   GnuTLS vulnerabilities Pivotal Cloud Foundry
26 Jun 2017 USN-3312-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
26 Jun 2017 USN-3311-1   libnl vulnerability Pivotal Cloud Foundry
26 Jun 2017 USN-3309-1   Libtasn1 vulnerability Pivotal Cloud Foundry
26 Jun 2017 USN-3302-1   ImageMagick vulnerabilities Pivotal Cloud Foundry
26 Jun 2017 USN-3212-2   LibTIFF regression Pivotal Cloud Foundry
22 Jun 2017 USN-3304-1   Sudo vulnerability Pivotal Cloud Foundry
08 Jun 2017 CVE-2017-4994   Forwarded Headers in UAA Pivotal Cloud Foundry
08 Jun 2017 USN-3295-1   JasPer vulnerabilities Pivotal Cloud Foundry
08 Jun 2017 USN-3294-1   Bash vulnerabilities Pivotal Cloud Foundry
08 Jun 2017 USN-3291-3   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
08 Jun 2017 USN-3287-1   Git vulnerability Pivotal Cloud Foundry
08 Jun 2017 USN-3283-1   rtmpdump vulnerabilities Pivotal Cloud Foundry
08 Jun 2017 USN-3282-1   FreeType vulnerabilities Pivotal Cloud Foundry
08 Jun 2017 USN-3276-2   shadow regression Pivotal Cloud Foundry
08 Jun 2017 USN-3263-1   FreeType vulnerability Pivotal Cloud Foundry
08 Jun 2017 USN-3259-1   Bind vulnerabilities Pivotal Cloud Foundry
08 Jun 2017 USN-3246-1   Eject vulnerability Pivotal Cloud Foundry
08 Jun 2017 USN-3181-1   OpenSSL vulnerabilities Pivotal Cloud Foundry
19 May 2017 CVE-2017-4992   Privilege escalation with user invitations Pivotal Cloud Foundry
19 May 2017 CVE-2017-4991   UAA password reset vulnerability Pivotal Cloud Foundry
02 May 2017 USN-3265-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
01 May 2017 CVE-2017-4974   Blind SQL Injection with privileged UAA endpoints Pivotal Cloud Foundry
20 Apr 2017 CVE-2015-3281   HAProxy vulnerabilities Pivotal Cloud Foundry
20 Apr 2017 CVE-2017-4973   Privilege Escalation in UAA Pivotal Cloud Foundry
20 Apr 2017 CVE-2017-4972   Blind SQL Injection in UAA Pivotal Cloud Foundry
13 Apr 2017 CVE-2017-4969   Bug in CC allows users to exceed quotas Pivotal Cloud Foundry
12 Apr 2017 USN-3256-2   Linux kernel (HWE) vulnerability Pivotal Cloud Foundry
10 Apr 2017 CVE-2017-4970   Staticfile buildpack ignores basic authentication when misconfigured Pivotal Cloud Foundry
06 Apr 2017 USN-3243-1   Git vulnerability Pivotal Cloud Foundry
06 Apr 2017 USN-3241-1   audiofile vulnerabilities Pivotal Cloud Foundry
06 Apr 2017 USN-3239-2   GNU C Library Regression Pivotal Cloud Foundry
06 Apr 2017 USN-3237-1   FreeType vulnerability Pivotal Cloud Foundry
06 Apr 2017 USN-3235-1   libxml2 vulnerabilities Pivotal Cloud Foundry
06 Apr 2017 USN-3232-1   ImageMagick vulnerabilities Pivotal Cloud Foundry
06 Apr 2017 USN-3227-1   ICU vulnerabilities Pivotal Cloud Foundry
06 Apr 2017 USN-3225-1   libarchive vulnerabilities Pivotal Cloud Foundry
06 Apr 2017 USN-3183-2   GnuTLS vulnerability Pivotal Cloud Foundry
05 Apr 2017 CVE-2017-5649   Apache Geode privilege escalation vulnerability Pivotal GemFire
04 Apr 2017 USN-3201-1   Bind vulnerabilities Pivotal Cloud Foundry
04 Apr 2017 USN-3234-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
04 Apr 2017 USN-3228-1   libevent vulnerabilities Pivotal Cloud Foundry
04 Apr 2017 USN-3247-1   AppArmor vulnerability Pivotal Cloud Foundry
04 Apr 2017 USN-3249-2   Linux kernel (Xenial HWE) vulnerability Pivotal Cloud Foundry
31 Mar 2017 USN-3222-1   ImageMagick vulnerabilities Pivotal Cloud Foundry
31 Mar 2017 USN-3213-1   GD library vulnerabilities Pivotal Cloud Foundry
31 Mar 2017 USN-3212-1   LibTIFF vulnerabilities Pivotal Cloud Foundry
31 Mar 2017 USN-3205-1   tcpdump vulnerabilities Pivotal Cloud Foundry
31 Mar 2017 USN-3142-2   ImageMagick vulnerabilities Pivotal Cloud Foundry
29 Mar 2017 CVE-2017-4963   Session Fixation for UAA External Authentication Pivotal Cloud Foundry
17 Mar 2017 USN-3196-1   Multiple PHP vulnerabilities Pivotal Cloud Foundry
17 Mar 2017 USN-3185-1   libXpm vulnerability Pivotal Cloud Foundry
17 Mar 2017 USN-3193-1   Nettle vulnerability Pivotal Cloud Foundry
17 Mar 2017 USN-3183-1   GnuTLS vulnerabilities Pivotal Cloud Foundry
14 Mar 2017 USN-3189-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
14 Mar 2017 CVE-2017-5638   Apache Struts Remote Code Execution Pivotal Cloud Foundry
13 Mar 2017 USN-3220-2   Linux kernel (Xenial HWE) vulnerability Pivotal Cloud Foundry
09 Mar 2017 CVE-2017-4960   UAA OAuth DOS via lockout feature Pivotal Cloud Foundry
01 Mar 2017 USN-3208-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
31 Jan 2017 USN-3172-1   Bind vulnerabilities Pivotal Cloud Foundry
31 Jan 2017 USN-3169-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
31 Jan 2017 USN-3161-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
23 Jan 2017 CVE-2016-6660   Cloud Controller logs application environment variables Pivotal Cloud Foundry
19 Jan 2017 USN-3024-1   tomcat6, tomcat7 vulnerabilities Pivotal Cloud Foundry
12 Jan 2017 RunC Exec   RunC Exec Vulnerability Pivotal Cloud Foundry
10 Jan 2017 CVE-2016-9882   Cloud Foundry Logs Service Credentials Pivotal Cloud Foundry
29 Dec 2016 CVE-2016-3958 and CVE-2016-3959   Golang vulnerabilities Pivotal Cloud Foundry
27 Dec 2016 USN-3146-2   Linux kernel (Xenial HWE) vulnerabilities Pivotal Cloud Foundry
27 Dec 2016 USN-3128-2   Linux kernel (Xenial HWE) vulnerability Pivotal Cloud Foundry
27 Dec 2016 USN-3142-1   ImageMagick vulnerabilities Pivotal Cloud Foundry
19 Dec 2016 CVE-2016-8219   Space Auditor can restage apps Pivotal Cloud Foundry
21 Dec 2016 Multiple CVEs   httpoxy vulnerabilities Pivotal Cloud Foundry
20 Dec 2016 USN-3156-1   APT vulnerability Pivotal Cloud Foundry
19 Dec 2016 USN-3131-1   ImageMagick vulnerabilities Pivotal Cloud Foundry
19 Dec 2016 USN-3067-1   HarfBuzz vulnerabilities Pivotal Cloud Foundry
19 Dec 2016 USN-3117-1   GD library vulnerabilities Pivotal Cloud Foundry
14 Dec 2016 USN-3132-1   tar vulnerability Pivotal Cloud Foundry
14 Dec 2016 USN-3134-1   Python vulnerabilities Pivotal Cloud Foundry
14 Dec 2016 USN-3139-1   Vim vulnerability Pivotal Cloud Foundry
14 Dec 2016 CVE-2016-6659   UAA Privilege Escalation Pivotal Cloud Foundry
14 Dec 2016 USN-3116-1   DBus vulnerabilities Pivotal Cloud Foundry
14 Dec 2016 USN-3119-1   Bind vulnerability Pivotal Cloud Foundry
13 Dec 2016 USN-3123-1   curl vulnerabilities Pivotal Cloud Foundry
13 Dec 2016 USN-3088-1   Bind vulnerability Pivotal Cloud Foundry
09 Dec 2016 CVE-2016-8218   Unauthenticated JWT signing algorithm in routing Pivotal Cloud Foundry
07 Dec 2016 USN-3151-2   Linux kernel (Xenial HWE) vulnerability Pivotal Cloud Foundry
17 Nov 2016 CVE-2016-6663/CVE-2016-6664   MariaDB Root Privilege Escalation Pivotal Cloud Foundry
17 Nov 2016 Several   PCRE vulnerabilities prior to version 8.39 Pivotal Cloud Foundry
07 Nov 2016 USN-3096-1   NTP vulnerabilities Pivotal Cloud Foundry
07 Nov 2016 USN-3095-1   PHP vulnerabilities Pivotal Cloud Foundry
02 Nov 2016 CVE-2016-6658   Incomplete fix for Credential Vulnerability for Custom Buildpacks Pivotal Cloud Foundry
21 Oct 2016 CVE-2016-5195   Linux kernel vulnerability Pivotal Cloud Foundry
17 Oct 2016 CVE-2016-6655   Utility Script Command Injection Pivotal Cloud Foundry
17 Oct 2016 USN-3099-2   Linux kernel vulnerabilities Pivotal Cloud Foundry
29 Sep 2016 CVE-2016-6653   MySQL Audit logs sent to Syslog Pivotal Cloud Foundry
28 Sep 2016 USN-3087-2   OpenSSL Regression Pivotal Cloud Foundry
28 Sep 2016 USN-3083-1   Linux kernel vulnerabilities Pivotal Cloud Foundry
28 Sep 2016 USN-3068-1   Libidn vulnerabilities Pivotal Cloud Foundry
28 Sep 2016 CVE-2016-6662   Multiple MySQL Vulnerabilities Pivotal Cloud Foundry
28 Sep 2016 USN-3085-1   GDK-PixBuf vulnerabilities Pivotal Cloud Foundry
26 Sep 2016 CVE-2016-6651   Privilege Escalation in UAA Pivotal Cloud Foundry
26 Sep 2016 CVE-2016-6636   UAA Open Redirect Vulnerability for Subdomains Pivotal Cloud Foundry
26 Sep 2016 CVE-2016-6637   UAA CSRF Vulnerability for OAuth Approvals Pivotal Cloud Foundry
21 Sep 2016 CVE-2014-9130   LibYAML vulnerability Pivotal Cloud Foundry
09 Sep 2016 CVE-2016-6639   PHP Buildpack exposes .profile file Pivotal Cloud Foundry
09 Sep 2016 USN-3045-1   PHP vulnerabilities Pivotal Cloud Foundry
25 Aug 2016 USN-3065-1   Libgcrypt vulnerability Pivotal Cloud Foundry
25 Aug 2016 USN-3064-1   GnuPG vulnerability Pivotal Cloud Foundry
25 Aug 2016 USN-3063-1   Fontconfig vulnerability Pivotal Cloud Foundry
25 Aug 2016 USN-3061-1   OpenSSH vulnerability Pivotal Cloud Foundry
25 Aug 2016 USN-3030-1/USN-3060-1   GD library vulnerability Pivotal Cloud Foundry
25 Aug 2016 USN-3053-1/USN-3037-1   Linux kernel (Vivid HWE) vulnerability Pivotal Cloud Foundry
25 Aug 2016 USN-3048-1   curl vulnerability Pivotal Cloud Foundry
25 Aug 2016 USN-3033-1   libarchive vulnerability Pivotal Cloud Foundry
18 Aug 2016 CVE-2016-5016   UAA accepts expired certificates Pivotal Cloud Foundry
26 Jul 2016 CVE-2016-5006   Cloud Controller API logs user-provided service credentials Pivotal Cloud Foundry
13 Jul 2016 USN-3010-1   Expat vulnerabilities Pivotal Cloud Foundry
13 Jul 2016 CVE-2016-4450   Nginx Vulnerabilities Pivotal Cloud Foundry
13 Jul 2016 USN-3012-1   Wget vulnerability Pivotal Cloud Foundry
01 Jul 2016 USN-3020-1   Linux kernel (Vivid HWE) vulnerabilities Pivotal Cloud Foundry
30 Jun 2016 CVE-2016-4468   UAA SQL Injection Pivotal Cloud Foundry
15 Jun 2016 USN-3001-1   Linux kernel (Vivid HWE) vulnerabilities Pivotal Cloud Foundry
13 Jun 2016 CVE-2016-4435   BOSH Agent Anonymous Endpoint Pivotal Cloud Foundry
13 Jun 2016 USN-2994-1   libxml2 vulnerabilities Pivotal Cloud Foundry
13 Jun 2016 USN-2991-1   nginx vulnerability Pivotal Cloud Foundry
13 Jun 2016 USN-2990-1   ImageMagick vulnerability (a.k.a. ImageTragick) Pivotal Cloud Foundry
13 Jun 2016 USN-2987-1   GD library vulnerabilities Pivotal Cloud Foundry
13 Jun 2016 USN-2985-2   GNU C Library regression Pivotal Cloud Foundry
13 Jun 2016 USN-2983-1   Expat vulnerability Pivotal Cloud Foundry
13 Jun 2016 USN-2981-1   libarchive vulnerabilities Pivotal Cloud Foundry
13 Jun 2016 USN-2966-1   OpenSSH vulnerabilities Pivotal Cloud Foundry
13 Jun 2016 USN-2961-1   Little CMS vulnerability Pivotal Cloud Foundry
08 Jun 2016 CVE-2013-7456   PHP vulnerabilities Pivotal Cloud Foundry
03 Jun 2016 USN-2970-1   Linux kernel (Vivid HWE) vulnerabilities Pivotal Cloud Foundry
23 May 2016 CVE-2016-3084   UAA Password Reset Vulnerability Pivotal Cloud Foundry
19 May 2016 USN-2977-1   Linux kernel (Vivid HWE) vulnerabilities Pivotal Cloud Foundry
17 May 2016 CVE-2016-3091   Diego log encoding vulnerability Pivotal Cloud Foundry
06 May 2016 USN-2959-1   OpenSSL vulnerabilities Pivotal Cloud Foundry
06 May 2016 USN-2957-1   Libtasn1 vulnerability Pivotal Cloud Foundry
06 May 2016 USN-2949-1   Linux kernel (Vivid HWE) vulnerabilities Pivotal Cloud Foundry
06 May 2016 USN-2943-1   PCRE vulnerabilities Pivotal Cloud Foundry
06 May 2016 USN-2935-2   PAM regression Pivotal Cloud Foundry
02 May 2016 CVE-2015-5170-5173   UAA Vulnerabilities Pivotal Cloud Foundry
14 Apr 2016 Badlock bug   Samba and Windows Vulnerabilities n/a
24 Mar 2016 USN-2939-1   LibTIFF vulnerabilities Pivotal Cloud Foundry
24 Mar 2016 USN-2927-1   Graphite2 vulnerabilities Pivotal Cloud Foundry
24 Mar 2016 USN-2925-1   Bind9 vulnerabilities Pivotal Cloud Foundry
24 Mar 2016 USN-2919-1   JasPer vulnerabilities Pivotal Cloud Foundry
24 Mar 2016 USN-2918-1   Pixman vulnerabilities Pivotal Cloud Foundry
24 Mar 2016 USN-2916-1   Perl vulnerabilities Pivotal Cloud Foundry
24 Mar 2016 USN-2914-1   OpenSSL vulnerabilities Pivotal Cloud Foundry
24 Mar 2016 NPM Ownership Issue   Warning about NPM modules Pivotal Cloud Foundry
24 Mar 2016 USN-2938-1   Git vulnerabilities Pivotal Cloud Foundry
16 Mar 2016 USN-2932-1   Linux kernel vulnerabilities Pivotal Cloud Foundry
02 Mar 2016 CVE-2016-0800   OpenSSL vulnerabilities Pivotal Cloud Foundry
26 Feb 2016 USN-2910-1   Linux kernel vulnerability Pivotal Cloud Foundry
26 Feb 2016 CVE-2016-0761   Docker Image Host Files Corruption Pivotal Cloud Foundry
19 Feb 2016 USN-2900-1   GNU libc vulnerability Pivotal Cloud Foundry
02 Feb 2016 CVE-2016-0732   Privilege Escalation Pivotal Cloud Foundry
01 Feb 2016 CVE-2016-0713   Gorouter XSS Pivotal Cloud Foundry
22 Jan 2016 USN-2871-1   Linux kernel vulnerability Pivotal Cloud Foundry
20 Jan 2016 CVE-2016-0715   Remote Information Disclosure Pivotal Cloud Foundry
19 Jan 2016 USN-2865-1   GnuTLS vulnerability Pivotal Cloud Foundry
19 Jan 2016 USN-2861-1   libpng vulnerability Pivotal Cloud Foundry
19 Jan 2016 USN-2868-1   DHCP vulnerability Pivotal Cloud Foundry
19 Jan 2016 USN-2869-1   OpenSSH vulnerability Pivotal Cloud Foundry
18 Jan 2016 CVE-2016-0708   Remote Information Disclosure Pivotal Cloud Foundry
07 Jan 2016 USN-2857-1   Linux kernel vulnerability Pivotal Cloud Foundry
07 Jan 2016 USN-2842-1/USN-2842-2   Linux kernel vulnerability Pivotal Cloud Foundry
07 Jan 2016 USN-2837-1   bind9 vulnerability Pivotal Cloud Foundry
07 Jan 2016 USN-2836-1   grub2 vulnerability Pivotal Cloud Foundry
07 Jan 2016 USN-2835-1   git vulnerability Pivotal Cloud Foundry
07 Jan 2016 USN-2834-1   libxml2 vulnerability Pivotal Cloud Foundry
07 Jan 2016 USN-2830-1   OpenSSL vulnerability Pivotal Cloud Foundry
07 Jan 2016 USN-2829-1   Linux kernel vulnerability Pivotal Cloud Foundry
15 Dec 2015 CVE-2015-5350   Garden Nstar vulnerability Pivotal Cloud Foundry
04 Dec 2015 USN-2821-1   GnuTLS vulnerability Pivotal Cloud Foundry
04 Dec 2015 USN-2820-1   dpkg vulnerability Pivotal Cloud Foundry
02 Dec 2015 USN-2815-1   PNG vulnerability Pivotal Cloud Foundry
02 Dec 2015 USN-2812-1   libxml2 vulnerability Pivotal Cloud Foundry
02 Dec 2015 USN-2810-1   Kerberos vulnerability Pivotal Cloud Foundry
02 Dec 2015 USN-2787-1   audiofile vulnerability Pivotal Cloud Foundry
24 Nov 2015 USN-2788-1/2788-2   unzip vulnerability Pivotal Cloud Foundry
12 Nov 2015 USN-2798-1   Linux kernel vulnerability Pivotal Cloud Foundry
12 Nov 2015 USN-2806-1   Linux kernel vulnerability Pivotal Cloud Foundry
03 Nov 2015 USN-2778-1   Linux kernel vulnerabilities Pivotal Cloud Foundry
03 Nov 2015 USN-2767-1   GDK-Pixbuf library vulnerability Pivotal Cloud Foundry
07 Oct 2015 Golang   Golang 1.4.3 CVE Fixes Pivotal Cloud Foundry
07 Oct 2015 USN-2722-1   GDK-PixBuf Vulnerabilities Pivotal Cloud Foundry
07 Oct 2015 USN-2711-1   Net-SNMP Vulnerabilities Pivotal Cloud Foundry
07 Oct 2015 USN-2739-1   FreeType Vulnerabilities Pivotal Cloud Foundry
07 Oct 2015 USN-2740-1   ICU Vulnerabilities Pivotal Cloud Foundry
07 Oct 2015 USN-2751-1   Linux Kernel (Vivid HWE) Vulnerability Pivotal Cloud Foundry
07 Oct 2015 USN-2756-1   rpcbind Vulnerability Pivotal Cloud Foundry
07 Oct 2015 USN-2765-1   Linux Kernel (Vivid HWE) Vulnerability Pivotal Cloud Foundry
08 Sep 2015 USN-2710-1   OpenSSH Vulnerabilities Pivotal Cloud Foundry
08 Sep 2015 USN-2698-1   SQLite Vulnerabilities Pivotal Cloud Foundry
08 Sep 2015 USN-2694-1   PCRE Vulnerabilities Pivotal Cloud Foundry
08 Sep 2015 USN-2718-1   Address Configuration Change Vulnerabilities Pivotal Cloud Foundry
06 Aug 2015 USN-2696-1   OpenJDK 7 Vulnerabilities Pivotal Cloud Foundry
29 Jul 2015 CVE-2015-3290   Linux Kernel NMI Vulnerability Pivotal Cloud Foundry
10 Jul 2015 CVE-2015-1420   file_handle size verification Pivotal Cloud Foundry
06 Jul 2015 CVE-2015-1330   Unattended-Upgrades Vulnerability Pivotal Cloud Foundry
25 Jun 2015 CVE-2015-3189   Expire old reset password links UAA, Pivotal Cloud Foundry
25 Jun 2015 CVE-2015-3190   Open redirect on Login UAA, Pivotal Cloud Foundry
25 Jun 2015 CVE-2015-3191   CSRF attack on change email UAA, Pivotal Cloud Foundry
12 Jun 2015 USN-2639-1   OpenSSL vulnerabilities Pivotal Cloud Foundry
12 Jun 2015 CVE-2015-3636   ipv4 use-after-free Pivotal Cloud Foundry
17 Jun 2015 CVE-2015-1328   overlayfs privilege escalation Pivotal Cloud Foundry
09 Jun 2015 Redis LUA Sandbox   Redis LUA Exploit Pivotal Cloud Foundry
22 May 2015 CVE-2015-1834   Path Traversal Vulnerability Pivotal Cloud Foundry
22 May 2015 USN-2617-1   FUSE Vulnerability Pivotal Cloud Foundry
30 Apr 2015 CVE-2015-1855   Ruby OpenSSL Hostname Verification Pivotal Cloud Foundry
23 Mar 2015 CVE-2015-0282   Multiple GnuTLS Vulnerabilities Pivotal Cloud Foundry
21 Mar 2015 USN-2537-1   OpenSSL vulnerabilities Pivotal Cloud Foundry
13 Mar 2015 CVE-2014-8159   Linux Kernel Infiniband Vulnerability
09 Feb 2015 CVE-2014-0227   Apache Tomcat Request Smuggling Pivotal tc Server
28 Jan 2015 CVE-2015-0235   GHOST Pivotal Cloud Foundry
10 Sep 2014 CVE-2013-4444   Remote Code Execution in Apache Tomcat Pivotal Cloud Foundry
16 Oct 2014 CVE-2014-3566   SSLV3 POODLE Pivotal Cloud Foundry
29 Sep 2014 CVE-2014-7186   Bash Out-of Bonds Pivotal Cloud Foundry
25 Sep 2014 CVE-2014-6271   Bash - ShellShock Pivotal Cloud Foundry
19 Sep 2014 CVE-2014-5119   glib_gconv_translit_find() exploit Pivotal Cloud Foundry
18 Aug 2014 CVE-2014-3153   Futex requeue exploit Pivotal Cloud Foundry
05 Jun 2014 CVE-2014-0224   SSL/TLS MITM Vulnerability vFabric Web Server
Pivotal Web Server
Enterprise Ready Server (ERS)
Greenplum Command Center (GPCC)
Greenplum Database (GPDB)
HAWQ
Pivotal Command Center (PCC)
Pivotal App Suite Virtual Appliance
GemFire Native Client
10 Apr 2014 CVE-2014-0160   Heartbleed vFabric Web Server
vFabric GemFire Native Client
Pivotal GemFire Native Client
Pivotal Command Center
Pivotal App Suite Virtual Appliance

[1] This table is not yet a complete list of vulnerabilities in dependencies. Formulating such a list is an extensive undertaking which Pivotal is addressing systematically. When this table becomes a complete and comprehensive list, we will remove this footnote.



Thanks

The Pivotal Security Team would like to thank the following individuals and companies for responsibly reporting a security issue. Names appear in the order vulnerability reports were received, most recent first.

  • SaifAllah benMassaoud
  • Pradeep Kumar
  • Muhammad Abdullah
  • Koutrouss Naddara

Note: Reports of vulnerabilities in Pivotal products are listed in the credit section of the associated security announcement.