1109 matches found
USN-3675-1: GnuPG vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft...
USN-3625-1: Perl vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that Perl incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause Perl to hang, resulting in a denial of service. This issue only affected...
USN-3622-1: Wayland vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that the Wayland Xcursor support incorrectly handled certain files. An attacker could use these issues to cause Wayland to crash, resulting in a denial of service, or possibly execute...
USN-3478-1: Perl vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Jakub Wilk discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary...
CVE-2017-8031: UAA Denial of Service through client token revocation endpoint | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions cf-release All versions prior to v279 UAA 30.x versions prior to 30.6 45.x versions prior to 45.4 52.x versions prior to 52.1 Description In some cases, the UAA allows an authenticated user for a particul...
CVE-2017-8038: Credentials readable from CredHub endpoint | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Versions Affected Credhub-release version 1.1.0 only Description CredHub access control lists ACLs enforce whether an authenticated user can perform an operation on a credential. For installations using ACLs, the ACL was bypassed for the CredHub...
USN-3246-1: Eject vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Ilja Van Sprundel discovered that dmcrypt-get-device incorrectly checked setuid and setgid return values. A local attacker could use this issue to execute code as an administrator. Affected Cloud Foundry...
USN-3085-1 GDK-PixBuf vulnerabilities | Cloud Foundry
USN-3085-1 GDK-PixBuf vulnerabilities Medium Vendor Canonical Ubuntu, gdk-pixbuf Versions Affected Canonical Ubuntu 14.04 LTS Description It was discovered that the GDK-PixBuf library did not properly handle specially crafted bmp images, leading to a heap-based buffer overflow. If a user or...
USN-3033-1 libarchive vulnerability | Cloud Foundry
USN-3033-1 libarchive vulnerability Medium Vendor Canonical Ubuntu, libarchive Versions Affected Canonical Ubuntu 14.04 LTS Description Hanno Böck discovered that libarchive contained multiple security issues when processing certain malformed archive files. A remote attacker could use this issue ...
CVE-2016-4468 UAA SQL Injection | Cloud Foundry
High Vendor Cloud Foundry Foundation Versions Affected Cloud Foundry release v237 and earlier versions UAA release v3.4.0 and earlier versions UAA release V12 and earlier versions Description There is the potential for a SQL injection attack in UAA for authenticated users. Mitigation OSS users ar...
USN-2957-1 Libtasn1 vulnerability | Cloud Foundry
USN-2957-1 Libtasn1 vulnerability Medium Vendor Canonical Ubuntu, Libtasn1 Versions Affected Ubuntu 14.04 LTS Description Pascal Cuoq and Miod Vallat discovered that Libtasn1 incorrectly handled certain malformed DER certificates. A remote attacker could possibly use this issue to cause...
CVE-2016-0708 Remote Information Disclosure | Cloud Foundry
CVE-2016-0708 Remote Information Disclosure Critical Vendor Cloud Foundry Foundation Versions Affected Cloud Foundry v166 through v227 Cloud Foundry Java Buildpack v2.0 through v3.4 Description Applications deployed to Cloud Foundry may be vulnerable to a remote disclosure of information,...
CVE-2015-3190 - Open redirect on Login | Cloud Foundry
CVE-2015-3190 – Open redirect on Login Low Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v210 UAA versions prior to 2.3.0 Description The UAA logout link is susceptible to an open redirect which allows an attacker to insert malicious web page as a redirect...
USN-6737-1: GNU C Library vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description Charles Fol discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of...
USN-6286-1: Intel Microcode vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Daniel Moghimi discovered that some IntelR Processors did not properly clear microarchitectural state after speculative execution of various instructions. A...
USN-5900-1: tar vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that tar incorrectly handled certain files. An attacker could possibly use this issue to expose sensitive information or cause a crash. Upda...
USN-5855-1: ImageMagick vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that ImageMagick incorrectly handled certain PNG images. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause...
USN-5871-1: Git vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that Git incorrectly handled certain repositories. An attacker could use this issue to make Git uses its local clone optimization even when...
USN-5759-1: LibBPF vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that LibBPF incorrectly handled certain memory operations under certain circumstances. An attacker could possibly use this issue to cause LibBPF to crash, resulting in a denial of servic...
USN-5613-1: Vim vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that Vim was not properly performing bounds checks when executing spell suggestion commands. An attacker could possibly use this issue to cause a denial of service or execute arbitrary...
USN-5573-1: rsync vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Evgeny Legerov discovered that zlib incorrectly handled memory when performing certain inflate operations. An attacker could use this issue to cause rsync to crash, resulting in a...
USN-5397-1: curl vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Patrick Monnerat discovered that curl incorrectly handled certain OAUTH2. An attacker could possibly use this issue to access sensitive information. CVE-2022-22576 Harry Sintonen discovered that curl...
USN-5341-1: GNU binutils vulnerabilities | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description It was discovered that GNU binutils incorrectly handled checks for memory allocation when parsing relocs in a corrupt file. An attacker could possibly use this issue to cause a denial of service...
USN-5358-1: Linux kernel vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that the network traffic control implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or...
USN-5116-1: Linux kernel vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Several security issues were fixed in the Linux kernel. CVEs contained in this USN include: CVE-2021-38198, CVE-2021-38205, CVE-2021-3732, CVE-2021-40490, CVE-2020-3702. Affected Cloud Foundry Products an...
USN-4431-1: FFmpeg vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that FFmpeg incorrectly verified empty audio packets or HEVC data. An attacker could possibly use this issue to cause a denial of service via a crafted file. This issue only affected...
USN-4316-1: GD Graphics Library vulnerabilities | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that GD Graphics Library incorrectly handled cloning an image. An attacker could possibly use this issue to cause GD Graphics Library to crash, resulting in a denial ...
USN-4274-1: libxml2 vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service. CVE-2019-19956,...
USN-4243-1: libbsd vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that libbsd incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affecte...
CVE-2019-11279: Privilege Escalation via Scope Manipulation in UAA | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions UAA Release All versions prior to v74.1.0 Description CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn’t be allowed by submitting an array of requested scopes. A remote malicious...
USN-4049-2: GLib vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-4049-1 fixed a vulnerability in GLib. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that GLib created directorie...
USN-3643-1: Wget vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Affected Cloud Foundry Products and Versions Severity is medium unless otherwise noted. Cloud Foundry BOSH stemcells are vulnerable, including: 3363.x versions prior to 3363.62 3421.x versions prior to...
CVE-2018-1265: Diego does not properly sanitize file paths in tar/zip files | Cloud Foundry
Severity Critical Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using diego-release versions prior to 2.8.0 You are using cf-deployment versions prior to v1.37.0 Description Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize fil...
USN-3584-1: sensible-utils vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Affected Cloud Foundry Products and Versions Severity is medium unless otherwise noted. Cloud Foundry BOSH stemcells are vulnerable, including: 3363.x versions prior to 3363.51 3421.x versions prior to...
USN-3554-1: curl vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that curl incorrectly handled certain data. An attacker could possibly use this to cause a denial of service or even to get access to sensitive data. This issue only affected Ubuntu 16.0...
CVE-2017-8036: Cloud Controller API regression | Cloud Foundry
Severity Critical Vendor Cloud Foundry Foundation Versions Affected CAPI-release version 1.33.0 only Description The original fix for CVE-2017-8033 included in CAPI-release 1.33.0 introduces a regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing...
USN-3309-1: Libtasn1 vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Jakub Jirasek discovered that GnuTLS incorrectly handled certain assignments files. If a user were tricked into processing a specially crafted assignments file, a remote attacker could possibly execute...
USN-3304-1: Sudo vulnerability | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that Sudo did not properly parse the contents of /proc/pid/stat when attempting to determine its controlling tty. A local attacker in some configurations could possibly use this to overwri...
CVE-2017-4960: UAA OAuth DOS via lockout feature | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Versions Affected Cloud Foundry release v247 – v252 UAA stand-alone release v3.9.0 – v3.11.0 UAA Bosh Release v21 – v26 Description There is a potential to subject the UAA OAuth clients to a denial of service attack. Mitigation OSS users are strongly...
USN-3067-1: HarfBuzz vulnerabilities | Cloud Foundry
USN-3067-1: HarfBuzz vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected Ubuntu 14.04 LTS Description Kostya Serebryany discovered that HarfBuzz incorrectly handled memory. A remote attacker could use this issue to cause HarfBuzz to crash, resulting in a denial of service, or possibl...
CVE-2016-6655 Utility Script Command Injection | Cloud Foundry
CVE-2016-6655 Utility Script Command Injection Critical Vendor Cloud Foundry Foundation Versions Affected Cloud Foundry release versions prior to v245 cf-mysql-release versions prior to v31 Description A command injection vulnerability was discovered in a common script used by many Cloud Foundry...
USN-3012-1 Wget vulnerability | Cloud Foundry
USN-3012-1 Wget vulnerability Medium Vendor Canonical Ubuntu, wget Versions Affected Canonical Ubuntu 14.04 LTS Description Dawid Golunski discovered that Wget incorrectly handled filenames when being redirected from an HTTP to an FTP URL. A malicious server could possibly use this issue to...
CVE-2015-1330 Unattended-Upgrades Vulnerability | Cloud Foundry
CVE-2015-1330 Unattended-Upgrades Vulnerability Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description It was found that for some configurations, unattended-upgrades would not properly perform authentication checks on packages prior to installation. An attacker...
CVE-2015-3189 - Expire old reset password links | Cloud Foundry
CVE-2015-3189 – Expire old reset password links Low Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v209 UAA versions prior to 2.2.6 Description Old Password Reset Links are not expired after the user changes their current email address to a new one. This...
CVE-2015-1834 - Path Traversal Vulnerability | Cloud Foundry
CVE-2015-1834 – Path Traversal Vulnerability Moderate Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v208 Description A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller. Path traversal is the ‘outbreak’ of a given director...
CVE-2015-0282 Multiple GnuTLS Vulnerabilities | Cloud Foundry
CVE-2015-0282 Multiple GnuTLS Vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 10.04 LTS and 14.04 LTS Description Several security issues were fixed in GnuTLS. This issue only affects versions of GnuTLS prior to 3.1.0 released in 2012. These versions don’t verify...
CVE-2014-5119 glib_gconv_translit_find() exploit | Cloud Foundry
CVE-2014-5119 glibgconvtranslitfind exploit Important Vendor Canonical Ubuntu Versions Affected Ubuntu 14.04 LTS Ubuntu 12.04 LTS Ubuntu 10.04 LTS Description Certain applications could be made to crash or run programs as an administrator. Off-by-one error in the gconvtranslitfind function in...
USN-6592-1: libssh vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that libssh incorrectly handled the ProxyCommand and the ProxyJump features. A remote attacker could possibly use this issue to inject malicious code into the command of the features...
USN-6421-1: Bind vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that Bind incorrectly handled certain control channel messages. A remote attacker with access to the control channel could possibly use this issue to cause Bind to...
USN-6485-1: Intel Microcode vulnerability | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Benoit Morgan, Paul Grosen, Thais Moreira Hamasaki, Ke Sun, Alyssa Milburn, Hisham Shafi, Nir Shlomovich, Tavis Ormandy, Daniel Moghimi, Josh Eads, Salman Qazi,...