1111 matches found
CVE-2016-4468 UAA SQL Injection | Cloud Foundry
High Vendor Cloud Foundry Foundation Versions Affected Cloud Foundry release v237 and earlier versions UAA release v3.4.0 and earlier versions UAA release V12 and earlier versions Description There is the potential for a SQL injection attack in UAA for authenticated users. Mitigation OSS users ar...
USN-2957-1 Libtasn1 vulnerability | Cloud Foundry
USN-2957-1 Libtasn1 vulnerability Medium Vendor Canonical Ubuntu, Libtasn1 Versions Affected Ubuntu 14.04 LTS Description Pascal Cuoq and Miod Vallat discovered that Libtasn1 incorrectly handled certain malformed DER certificates. A remote attacker could possibly use this issue to cause...
CVE-2015-3190 - Open redirect on Login | Cloud Foundry
CVE-2015-3190 – Open redirect on Login Low Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v210 UAA versions prior to 2.3.0 Description The UAA logout link is susceptible to an open redirect which allows an attacker to insert malicious web page as a redirect...
CVE-2015-1855 Ruby OpenSSL Hostname Verification | Cloud Foundry
CVE-2015-1855 Ruby OpenSSL Hostname Verification Moderate Vendor N/A Versions Affected Ruby OpenSSL Hostname Verification Description Ruby’s OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames, which can lead to similar bugs such as CVE-2014-1492. This...
USN-6737-1: GNU C Library vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description Charles Fol discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of...
USN-6593-1: GnuTLS vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that GnuTLS had a timing side-channel when processing malformed ciphertexts in RSA-PSK ClientKeyExchange. A remote attacker could possibly use this issue to recover sensitive information...
USN-6407-1: libx11 vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description Gregory James Duck discovered that libx11 incorrectly handled certain keyboard symbols. If a user were tricked into connecting to a malicious X server, a remote attacker could use this issue to cause libx...
USN-5810-2: Git regression | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description USN-5810-1 fixed vulnerabilities in Git. This update introduced a regression as it was missing some commit lines. This update fixes the problem. Original advisory details: Markus Vervier and Eric...
USN-5341-1: GNU binutils vulnerabilities | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description It was discovered that GNU binutils incorrectly handled checks for memory allocation when parsing relocs in a corrupt file. An attacker could possibly use this issue to cause a denial of service...
USN-5358-1: Linux kernel vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that the network traffic control implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or...
USN-5270-1: MySQL vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.28 in Ubuntu 20.04 LTS and Ubuntu 21.10. Ubuntu...
USN-5093-1: Vim vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Several security issues were fixed in Vim. CVEs contained in this USN include: CVE-2021-3770, CVE-2021-3778, CVE-2021-3796. Affected Cloud Foundry Products and Versions Severity is...
USN-5064-1: GNU cpio vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled certain pattern files. A remote attacker could use this issue to cause cpio to crash, resulting in a denial of service, or possibly...
USN-4466-1: curl vulnerability | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPTCONNECTONLY option. This could result in data being sent to the wrong destination, possibly exposing sensitive...
USN-4431-1: FFmpeg vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that FFmpeg incorrectly verified empty audio packets or HEVC data. An attacker could possibly use this issue to cause a denial of service via a crafted file. This issue only affected...
USN-4305-1: ICU vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description André Bargull discovered that ICU incorrectly handled certain strings. An attacker could possibly use this issue to execute arbitrary code. CVEs contained in...
USN-4243-1: libbsd vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that libbsd incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affecte...
CVE-2019-11279: Privilege Escalation via Scope Manipulation in UAA | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions UAA Release All versions prior to v74.1.0 Description CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn’t be allowed by submitting an array of requested scopes. A remote malicious...
CVE-2019-9893: Dependency on vulnerable version of libseccomp | Cloud Foundry
Severity Critical Vendor The libseccomp Project Affected Cloud Foundry Products and Versions cf-deployment All versions prior to v11.0.0 Bosh Process Manager BPM All versions prior to v1.1.1 Garden-runC All versions prior to v1.19.5 Description cf-deployment has dependencies on Garden-runC and BP...
USN-3675-1: GnuPG vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft...
CVE-2018-1265: Diego does not properly sanitize file paths in tar/zip files | Cloud Foundry
Severity Critical Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using diego-release versions prior to 2.8.0 You are using cf-deployment versions prior to v1.37.0 Description Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize fil...
USN-3643-1: Wget vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Affected Cloud Foundry Products and Versions Severity is medium unless otherwise noted. Cloud Foundry BOSH stemcells are vulnerable, including: 3363.x versions prior to 3363.62 3421.x versions prior to...
CVE-2018-1276: Windows2012R2 stemcell exposes IaaS metadata on vSphere | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using Windows 2012R2 stemcells versions prior to 1200.17 Description Windows 2012R2 stemcells, versions prior to 1200.17, contain an information exposure vulnerability on vSphere. A remote user wi...
USN-3478-1: Perl vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Jakub Wilk discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary...
CVE-2017-8038: Credentials readable from CredHub endpoint | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Versions Affected Credhub-release version 1.1.0 only Description CredHub access control lists ACLs enforce whether an authenticated user can perform an operation on a credential. For installations using ACLs, the ACL was bypassed for the CredHub...
CVE-2017-8036: Cloud Controller API regression | Cloud Foundry
Severity Critical Vendor Cloud Foundry Foundation Versions Affected CAPI-release version 1.33.0 only Description The original fix for CVE-2017-8033 included in CAPI-release 1.33.0 introduces a regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing...
USN-3309-1: Libtasn1 vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Jakub Jirasek discovered that GnuTLS incorrectly handled certain assignments files. If a user were tricked into processing a specially crafted assignments file, a remote attacker could possibly execute...
CVE-2017-4960: UAA OAuth DOS via lockout feature | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Versions Affected Cloud Foundry release v247 – v252 UAA stand-alone release v3.9.0 – v3.11.0 UAA Bosh Release v21 – v26 Description There is a potential to subject the UAA OAuth clients to a denial of service attack. Mitigation OSS users are strongly...
CVE-2016-6655 Utility Script Command Injection | Cloud Foundry
CVE-2016-6655 Utility Script Command Injection Critical Vendor Cloud Foundry Foundation Versions Affected Cloud Foundry release versions prior to v245 cf-mysql-release versions prior to v31 Description A command injection vulnerability was discovered in a common script used by many Cloud Foundry...
USN-3085-1 GDK-PixBuf vulnerabilities | Cloud Foundry
USN-3085-1 GDK-PixBuf vulnerabilities Medium Vendor Canonical Ubuntu, gdk-pixbuf Versions Affected Canonical Ubuntu 14.04 LTS Description It was discovered that the GDK-PixBuf library did not properly handle specially crafted bmp images, leading to a heap-based buffer overflow. If a user or...
CVE-2016-0708 Remote Information Disclosure | Cloud Foundry
CVE-2016-0708 Remote Information Disclosure Critical Vendor Cloud Foundry Foundation Versions Affected Cloud Foundry v166 through v227 Cloud Foundry Java Buildpack v2.0 through v3.4 Description Applications deployed to Cloud Foundry may be vulnerable to a remote disclosure of information,...
CVE-2015-3189 - Expire old reset password links | Cloud Foundry
CVE-2015-3189 – Expire old reset password links Low Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v209 UAA versions prior to 2.2.6 Description Old Password Reset Links are not expired after the user changes their current email address to a new one. This...
CVE-2015-1834 - Path Traversal Vulnerability | Cloud Foundry
CVE-2015-1834 – Path Traversal Vulnerability Moderate Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v208 Description A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller. Path traversal is the ‘outbreak’ of a given director...
CVE-2015-0282 Multiple GnuTLS Vulnerabilities | Cloud Foundry
CVE-2015-0282 Multiple GnuTLS Vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 10.04 LTS and 14.04 LTS Description Several security issues were fixed in GnuTLS. This issue only affects versions of GnuTLS prior to 3.1.0 released in 2012. These versions don’t verify...
USN-6485-1: Intel Microcode vulnerability | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Benoit Morgan, Paul Grosen, Thais Moreira Hamasaki, Ke Sun, Alyssa Milburn, Hisham Shafi, Nir Shlomovich, Tavis Ormandy, Daniel Moghimi, Josh Eads, Salman Qazi,...
USN-6286-1: Intel Microcode vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Daniel Moghimi discovered that some IntelR Processors did not properly clear microarchitectural state after speculative execution of various instructions. A...
USN-6238-1: Samba vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that Samba incorrectly handled Winbind NTLM authentication responses. An attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. CVE-2022-2127...
USN-6112-1: Perl vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that Perl was not properly verifying TLS certificates when using CPAN together with HTTP::Tiny to download modules over HTTPS. If a remote attacker were able to...
USN-5871-1: Git vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that Git incorrectly handled certain repositories. An attacker could use this issue to make Git uses its local clone optimization even when...
USN-5759-1: LibBPF vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that LibBPF incorrectly handled certain memory operations under certain circumstances. An attacker could possibly use this issue to cause LibBPF to crash, resulting in a denial of servic...
USN-5638-2: Expat vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description USN-5638-1 fixed a vulnerability in Expat. This update provides the corresponding updates for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Original advisory details:...
USN-5613-1: Vim vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that Vim was not properly performing bounds checks when executing spell suggestion commands. An attacker could possibly use this issue to cause a denial of service or execute arbitrary...
USN-5573-1: rsync vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Evgeny Legerov discovered that zlib incorrectly handled memory when performing certain inflate operations. An attacker could use this issue to cause rsync to crash, resulting in a...
USN-5332-1: Bind vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Xiang Li, Baojun Liu, Chaoyi Lu, and Changgen Zou discovered that Bind incorrectly handled certain bogus NS records when using forwarders. A remote attacker could possibly use this issue to manipulate cac...
USN-5397-1: curl vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Patrick Monnerat discovered that curl incorrectly handled certain OAUTH2. An attacker could possibly use this issue to access sensitive information. CVE-2022-22576 Harry Sintonen discovered that curl...
USN-4316-1: GD Graphics Library vulnerabilities | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that GD Graphics Library incorrectly handled cloning an image. An attacker could possibly use this issue to cause GD Graphics Library to crash, resulting in a denial ...
USN-4274-1: libxml2 vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service. CVE-2019-19956,...
USN-4049-2: GLib vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-4049-1 fixed a vulnerability in GLib. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that GLib created directorie...
CVE-2019-11270: UAA clients.write vulnerability | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Description Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the ‘clients.write’ authority or scope can bypass the restrictions imposed on clients created via ‘clients.write’ and create clients wi...
USN-3554-1: curl vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that curl incorrectly handled certain data. An attacker could possibly use this to cause a denial of service or even to get access to sensitive data. This issue only affected Ubuntu 16.0...