1111 matches found
USN-4242-1: Sysstat vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that Sysstat incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected...
CVE-2019-11278: Privilege Escalation via Blind SCIM Injection in UAA | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions UAA Release All versions prior to v74.1.0 Description CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with ‘client.write’ and ‘groups.update’ ca...
USN-4004-1: Berkeley DB vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that Berkeley DB incorrectly handled certain inputs. An attacker could possibly use this issue to read sensitive information. CVEs contained in this USN include:...
USN-3816-3: systemd regression | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description USN-3816-1 fixed vulnerabilities in systemd. The fix for CVE-2018-6954 caused a regression in systemd-tmpfiles when running Ubuntu inside a container on some older kernels. This issue only affected Ubuntu...
USN-3501-1: libxcursor vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that libxcursor incorrectly handled certain files. An attacker could use these issues to cause libxcursor to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-3547-1: Libtasn1 vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that Libtasn1 incorrectly handled certain files. If a user were tricked into opening a crafted file, an attacker could possibly use this to cause a denial of service. This issue only...
CVE-2017-8048: Cloud Controller API regression | Cloud Foundry
Severity Critical Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions capi-release versions 1.33.0 and later, prior to 1.42.0 cf-release versions 268 and later, prior to 274 Please note: due to a bug in 274, it is not recommended for production use. Deployments should use...
CVE-2017-8035: Cloud Controller API access to CC VM contents | Cloud Foundry
Severity Critical Vendor Cloud Foundry Foundation Versions Affected CAPI-release versions after v1.6.0 and prior to v1.35.0 cf-release versions after v244 and prior to v268 Description A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud...
CVE-2017-4974: Blind SQL Injection with privileged UAA endpoints | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v258 UAA release: 2.x versions prior to v2.7.4.15 3.6.x versions prior to v3.6.9 3.9.x versions prior to v3.9.11 Other versions prior to v3.16.0 UAA bosh release uaa-release: 13.x versions prior to v13.13...
USN-3243-1: Git vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that Git incorrectly sanitized branch names in the PS1 variable when configured to display the repository status in the shell prompt. If a user were tricked into exploring a malicious...
CVE-2017-4964: BOSH Azure CPI code injection vulnerability | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Versions Affected BOSH Azure CPI Release v22 Description The BOSH Azure CPI could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director. Mitigation OSS users are strongly encouraged to follow the...
USN-3228-1: libevent vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Guido Vranken discovered that libevent incorrectly handled memory when processing certain data. A remote attacker could possibly use this issue with an application that uses libevent to cause a denial of...
CVE-2016-9882: Cloud Foundry Logs Service Credentials | Cloud Foundry
CVE-2016-9882: Cloud Foundry Logs Service Credentials Medium Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v250 CAPI-release versions prior to v1.12.0 Description Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component...
USN-5964-1: curl vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Harry Sintonen discovered that curl incorrectly handled certain TELNET connection options. Due to lack of proper input scrubbing, curl could pass on user name and telnet options to...
USN-5767-3: Python vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description USN-5767-1 fixed vulnerabilities in Python. This update fixes the problem for Ubuntu 18.04 LTS. Original advisory details: Nicky Mouha discovered that Python incorrectly handled certain SHA-3 internals. A...
USN-5855-1: ImageMagick vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that ImageMagick incorrectly handled certain PNG images. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause...
USN-5767-1: Python vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Nicky Mouha discovered that Python incorrectly handled certain SHA-3 internals. An attacker could possibly use this issue to cause a crash or execute arbitrary code. CVE-2022-37454 ...
USN-5328-1: OpenSSL vulnerability | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Tavis Ormandy discovered that OpenSSL incorrectly parsed certain certificates. A remote attacker could possibly use this issue to cause OpenSSH to stop responding, resulting in a denial of service. CVEs...
USN-4898-1: curl vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Viktor Szakats discovered that curl did not strip off user credentials from referrer header fields. A remote attacker could possibly use this issue to obtain sensitive information...
USN-4277-1: libexif vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 18.04 Description Liu Bingchang discovered that libexif incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or cause a denial of service. This...
USN-3947-1: Libxslt vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that Libxslt incorrectly handled certain documents. An attacker could possibly use this issue to access sensitive information. CVEs containe...
CVE-2018-1190: XSS on UAA OpenID Connect check session iframe endpoint | Cloud Foundry
Severity Medium Vendor VMware Cloud Foundry Affected VMware Products and Versions Severity is medium unless otherwise noted. cf-release: All versions prior to cf-release v270 cf-deployment: No versions of cf-deployment are affected UAA release: v3.x prior to v3.20.2 UAA bosh release uaa-release:...
USN-3509-4: Linux kernel (Xenial HWE) regression | Cloud Foundry
Severity Unspecified Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3509-2 fixed vulnerabilities in the Linux Hardware Enablement kernel for Ubuntu 14.04 LTS. Unfortunately, it also introduced a regression that prevented the Ceph network filesystem from being use...
CVE-2017-8031: UAA Denial of Service through client token revocation endpoint | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions cf-release All versions prior to v279 UAA 30.x versions prior to 30.6 45.x versions prior to 45.4 52.x versions prior to 52.1 Description In some cases, the UAA allows an authenticated user for a particul...
USN-2751-1 Linux Kernel (Vivid HWE) Vulnerability | Cloud Foundry
USN-2751-1 Linux Kernel Vivid HWE Vulnerability Medium to Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description Several security issues were fixed in the kernel. Benjamin Randazzo discovered an information leak in the md multiple device driver when the bitmapinfo.fi...
USN-6154-1: Vim vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that Vim was using uninitialized memory when fuzzy matching, which could lead to invalid memory access. An attacker could possibly use this...
USN-6055-1: Ruby vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. CVE-2023-28755 It was discovered that Ruby incorrectly...
USN-5702-1: curl vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform...
USN-5964-2: curl vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description USN-5964-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Harry Sintonen discovered that curl...
USN-5900-1: tar vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that tar incorrectly handled certain files. An attacker could possibly use this issue to expose sensitive information or cause a crash. Upda...
USN-5583-1: systemd vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that systemd incorrectly handled certain DNS requests, which leads to user-after-free vulnerability. An attacker could possibly use this issue to cause a crash or execute arbitrary code...
USN-5395-1: networkd-dispatcher vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that networkd-dispatcher incorrectly handled internal scripts. A local attacker could possibly use this issue to cause a race condition, escalate privileges and execute arbitrary code...
USN-5359-1: rsync vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Danilo Ramos discovered that rsync incorrectly handled memory when performing certain zlib deflating operations. An attacker could use this issue to cause rsync to crash, resulting in a denial of service,...
USN-5199-1: Python vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex with a quadratic worst-case time complexity. Specially crafted traffic from a malicious HTTP server could...
USN-5116-1: Linux kernel vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Several security issues were fixed in the Linux kernel. CVEs contained in this USN include: CVE-2021-38198, CVE-2021-38205, CVE-2021-3732, CVE-2021-40490, CVE-2020-3702. Affected Cloud Foundry Products an...
USN-5068-1: GD library vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that GD Graphics Library incorrectly handled certain GD and GD2 files. An attacker could possibly use this issue to cause a crash or expose...
USN-4628-3: Intel Microcode vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description USN-4628-1 provided updated Intel Processor Microcode for various processor types. This update provides the corresponding updates for some additional processor types. Original advisory details: Moritz Lip...
USN-4624-1: libexif vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 18.04 Description It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to cause unexpected behaviours, or execute arbitrary code. CVEs containe...
CVE-2020-15586: Gorouter is vulnerable to DoS Attack via Expect: 100-continue requests | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Description Cloud Foundry Routing Release, versions prior to 0.203.0, allows a malicious client to cause the Gorouter to crash by sending specially crafted HTTP requests that include the “Expect: 100-continue” header. The Gorouter is vulnerable due to...
USN-4329-1: Git vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Felix Wilhelm discovered that Git incorrectly handled certain URLs that included newlines. A remote attacker could possibly use this issue to trick Git into returning credential...
CVE-2020-5400: Cloud Controller logs environment variables from app manifests | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Description Cloud Foundry Cloud Controller CAPI, versions prior to 1.91.0, logs properties of background jobs when they are run, which may include sensitive information such as credentials if provided to the job. A malicious user with access to those...
USN-4220-1: Git vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Joern Schneeweisz and Nicolas Joly discovered that Git contained various security flaws. An attacker could possibly use these issues to overwrite arbitrary paths, execute arbitrary code, and overwrite fil...
USN-4108-1: Zstandard vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that Zstandard incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. CVEs contained in this USN include: CVE-2019-11922 Affected Cloud...
USN-3622-1: Wayland vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that the Wayland Xcursor support incorrectly handled certain files. An attacker could use these issues to cause Wayland to crash, resulting in a denial of service, or possibly execute...
USN-3625-1: Perl vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that Perl incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause Perl to hang, resulting in a denial of service. This issue only affected...
USN-3513-1: libxml2 vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that libxml2 incorrecty handled certain files. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service...
USN-3246-1: Eject vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Ilja Van Sprundel discovered that dmcrypt-get-device incorrectly checked setuid and setgid return values. A local attacker could use this issue to execute code as an administrator. Affected Cloud Foundry...
USN-3033-1 libarchive vulnerability | Cloud Foundry
USN-3033-1 libarchive vulnerability Medium Vendor Canonical Ubuntu, libarchive Versions Affected Canonical Ubuntu 14.04 LTS Description Hanno Böck discovered that libarchive contained multiple security issues when processing certain malformed archive files. A remote attacker could use this issue ...
USN-3065-1 Libgcrypt vulnerability | Cloud Foundry
USN-3065-1 Libgcrypt vulnerability High Vendor Canonical Ubuntu, libgcrypt Versions Affected Canonical Ubuntu 14.04 LTS Description Felix Dörre and Vladimir Klebanov discovered that Libgcrypt incorrectly handled mixing functions in the random number generator. An attacker able to obtain 4640 bits...
USN-3012-1 Wget vulnerability | Cloud Foundry
USN-3012-1 Wget vulnerability Medium Vendor Canonical Ubuntu, wget Versions Affected Canonical Ubuntu 14.04 LTS Description Dawid Golunski discovered that Wget incorrectly handled filenames when being redirected from an HTTP to an FTP URL. A malicious server could possibly use this issue to...