1109 matches found
USN-6658-1: libxml2 vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that libxml2 incorrectly handled certain XML documents. A remote attacker could possibly use this issue to cause libxml2 to crash, resulting in a denial of service, or possibly execute...
USN-6513-2: Python vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description USN-6513-1 fixed vulnerabilities in Python. This update provides the corresponding updates for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. Original advisory details: It was discovered that Pytho...
USN-6195-1: Vim vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that Vim contained an out-of-bounds read vulnerability. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2022-0128 It was discovered...
USN-5928-1: systemd vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that systemd did not properly validate the time and accuracy values provided to the formattimespan function. An attacker could possibly use...
USN-5619-1: LibTIFF vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that LibTIFF was not properly performing the calculation of data that would eventually be used as a reference for bound-checking operations. An attacker could...
USN-5456-1: ImageMagick vulnerability | Cloud Foundry
usn-5456-1 Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that ImageMagick incorrectly handled memory under certain circumstances. If a user were tricked into opening a specially crafted image, an attacker could possibly exploit this...
USN-5301-1: Cyrus SASL vulnerability | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that the Cyrus SASL SQL plugin incorrectly handled SQL input. A remote attacker could use this issue to execute arbitrary SQL commands. CVEs contained in this USN include: CVE-2022-24407...
USN-5247-1: Vim vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that vim incorrectly handled parsing of filenames in its search functionality. If a user was tricked into opening a specially crafted file, an attacker could crash the application, leadi...
USN-5174-2: Samba regression | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description USN-5174-1 fixed vulnerabilities in Samba. Some of the changes introduced a regression in Kerberos authentication in certain environments. Please see the following upstream bug for more information:...
USN-4109-1: OpenJPEG vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that OpenJPEG incorrectly handled certain PGX files. An attacker could possibly use this issue to cause a denial of service or possibly remote code execution. CVE-2017-17480 It was...
USN-3648-1: curl vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Dario Weisser discovered that curl incorrectly handled long FTP server command replies. If a user or automated system were tricked into connecting to a malicious FTP server, a remote attacker could use th...
CVE-2018-1193: gorouter accepts user-provided X-Forwarded-Proto headers | Cloud Foundry
Severity Low Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using routing-release versions prior to 0.175.0 You are using cf-deployment versions prior to v1.27.0 Description Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for...
USN-3543-1: rsync vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that rsync incorrectly handled certain data input. An attacker could possibly use this to cause a denial of service or execute arbitrary code. CVE-2017-16548 It was discovered that rsync...
USN-3434-1: Libidn vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that Libidn incorrectly handled decoding certain digits. A remote attacker could use this issue to cause Libidn to crash, resulting in a denial of service, or possibly execute arbitrary...
CVE-2017-8048: Cloud Controller API regression | Cloud Foundry
Severity Critical Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions capi-release versions 1.33.0 and later, prior to 1.42.0 cf-release versions 268 and later, prior to 274 Please note: due to a bug in 274, it is not recommended for production use. Deployments should use...
USN-3347-1: Libgcrypt vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and Yuval Yarom discovered that Libgcrypt was susceptible to an attack...
USN-3283-1: rtmpdump vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Dave McDaniel discovered that rtmpdump incorrectly handled certain malformed streams. If a user were tricked into processing a specially crafted stream, a remote attacker could cause rtmpdump to crash,...
CVE-2017-4969: Bug in CC allows users to exceed quotas | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v255 Description The Cloud Foundry Cloud Controller allows authenticated developer users to exceed memory and disk quotas for tasks. Mitigation OSS users are strongly encouraged to follow one of the...
USN-3048-1 curl vulnerability | Cloud Foundry
USN-3048-1 curl vulnerability Medium Vendor Canonical Ubuntu, curl Versions Affected Canonical Ubuntu 14.04 LTS Description Bru Rom discovered that curl incorrectly handled client certificates when resuming a TLS session. CVE-2016-5419 It was discovered that curl incorrectly handled client...
USN-2916-1 Perl vulnerabilities | Cloud Foundry
USN-2916-1 Perl vulnerabilities Medium Vendor Ubuntu, Perl Versions Affected Ubuntu 14.04 LTS Description Several security issues were fixed in Perl. It was discovered that Perl incorrectly handled certain regular expressions with an invalid back-reference. An attacker could use this issue to cau...
CVE-2015-1420 file_handle size verification | Cloud Foundry
CVE-2015-1420 filehandle size verification Medium Vendor Ubuntu Versions Affected Ubuntu 14.04 Description A race condition was discovered in the Linux kernel’s filehandle size verification. A local user could exploit this flaw to read potentially sensitive memory locations. The Cloud Foundry...
CVE-2015-3636 - ipv4 use-after-free | Cloud Foundry
CVE-2015-3636 – ipv4 use-after-free Medium Vendor Ubuntu Versions Affected Ubuntu 14.04 Description A use-after-free flaw was discovered in the Linux kernel’s ipv4 ping support. A local user could exploit this flaw to gain administrative privileges on the system. The Cloud Foundry project is...
USN-6561-1: libssh vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension...
USN-6237-1: curl vulnerabilities | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description Hiroki Kurosawa discovered that curl incorrectly handled validating certain certificate wildcards. A remote attacker could possibly use this issue to spoof certain website certificates using IDN hosts...
USN-6104-1: PostgreSQL vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Alexander Lakhin discovered that PostgreSQL incorrectly handled certain CREATE privileges. An authenticated user could possibly use this issue to execute arbitrary code as the...
USN-5964-1: curl vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Harry Sintonen discovered that curl incorrectly handled certain TELNET connection options. Due to lack of proper input scrubbing, curl could pass on user name and telnet options to...
USN-5732-1: Unbound vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that Unbound incorrectly handled delegations with a large number of non-responsive nameservers. A remote attacker could possibly use this issue to cause Unbound to consume resources,...
USN-5412-1: curl vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Axel Chong discovered that curl incorrectly handled percent-encoded URL separators. A remote attacker could possibly use this issue to trick curl into using the wrong URL and bypass...
USN-5537-1: MySQL vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.30 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Ubunt...
USN-4900-1: OpenEXR vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or...
USN-4891-1: OpenSSL vulnerability | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that OpenSSL incorrectly handled certain renegotiation ClientHello messages. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly...
USN-4759-1: GLib vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Krzesimir Nowak discovered that GLib incorrectly handled certain large buffers. A remote attacker could use this issue to cause applications linked to GLib to crash, resulting in a...
USN-4738-1: OpenSSL vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths in EVP functions. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting ...
USN-4627-1: Linux kernel vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Description Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running Average Power Limit RAPL driver in...
CVE-2020-5420: Gorouter is vulnerable to DoS attack via invalid HTTP responses | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Description Cloud Foundry Routing Gorouter versions prior to 0.206.0 allow a malicious developer with “cf push” access to cause denial-of-service to the CF cluster by pushing an app that returns specially crafted HTTP responses that crash the Gorouter...
USN-4049-3: GLib regression | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description USN-4049-1 fixed a vulnerability in GLib. The update introduced a regression in Ubuntu 16.04 LTS causing a possible memory leak. This update fixes the problem. We apologize for the inconvenience. Original...
USN-3834-1: Perl vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Jayakrishna Menon discovered that Perl incorrectly handled Perlmysetenv. An attacker could use this issue to cause Perl to crash, resulting in a denial of...
USN-3598-1: curl vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Phan Thanh discovered that curl incorrectly handled certain FTP paths. An attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2018-1000120 Dario Weisser discovered...
CVE-2018-1195: Cloud Controller API will accept a refresh token for authentication | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using Cloud Controller version prior to 1.46.0 You are using cf-deployment version prior to 1.3.0 You are using cf-release version prior to 283 Description Cloud Controller accepts refresh tokens fo...
CVE-2017-8033: Cloud Controller API filesystem traversal vulnerability | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Versions Affected CAPI-release versions prior to v1.35.0 cf-release versions prior to v268 Description A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a...
USN-3311-1: libnl vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that libnl incorrectly handled memory when performing certain operations. A local attacker could possibly use this issue to cause libnl to crash, resulting in a denial of service, or...
CVE-2017-8032: UAA Identity Zone Admin Privilege Escalation | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Versions Affected Please see additional information in the Mitigation section to determine if your foundation is affected. cf-release versions prior to v264 UAA release: All versions of UAA v2.x.x 3.6.x versions prior to v3.6.13 3.9.x versions prior t...
USN-3282-1: FreeType vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash,...
CVE-2017-4974: Blind SQL Injection with privileged UAA endpoints | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v258 UAA release: 2.x versions prior to v2.7.4.15 3.6.x versions prior to v3.6.9 3.9.x versions prior to v3.9.11 Other versions prior to v3.16.0 UAA bosh release uaa-release: 13.x versions prior to v13.13...
CVE-2017-4972: Blind SQL Injection in UAA | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v257 UAA release: 2.x versions prior to v2.7.4.14 3.6.x versions prior to v3.6.8 3.9.x versions prior to v3.9.10 Other versions prior to v3.15.0 UAA bosh release uaa-release: 13.x versions prior to v13.12...
USN-3243-1: Git vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that Git incorrectly sanitized branch names in the PS1 variable when configured to display the repository status in the shell prompt. If a user were tricked into exploring a malicious...
USN-3237-1: FreeType vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash,...
USN-3228-1: libevent vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Guido Vranken discovered that libevent incorrectly handled memory when processing certain data. A remote attacker could possibly use this issue with an application that uses libevent to cause a denial of...
USN-5767-3: Python vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description USN-5767-1 fixed vulnerabilities in Python. This update fixes the problem for Ubuntu 18.04 LTS. Original advisory details: Nicky Mouha discovered that Python incorrectly handled certain SHA-3 internals. A...
USN-5845-1: OpenSSL vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description David Benjamin discovered that OpenSSL incorrectly handled X.400 address processing. A remote attacker could possibly use this issue to read arbitrary memory contents or cause OpenSSL to crash, resulting in...