1109 matches found
USN-5959-1: Kerberos vulnerabilities Severity | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that Kerberos incorrectly handled memory when processing KDC data, which could lead to a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service ...
USN-5612-1: Intel Microcode vulnerability | Cloud Foundry
usn-5612-1 Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Pietro Borrello, Andreas Kogler, Martin Schwarzl, Daniel Gruss, Michael Schwarz and Moritz Lipp discovered that some Intel processors did not properly clear data between subsequent xAPIC MMIO...
USN-5502-1: OpenSSL vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Alex Chernyakhovsky discovered that OpenSSL incorrectly handled AES OCB mode when using the AES-NI assembly optimized implementation on 32-bit x86 platforms. A remote attacker could possibly use this issu...
USN-5464-1: E2fsprogs vulnerability | Cloud Foundry
usn-5464-1 Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Nils Bars discovered that e2fsprogs incorrectly handled certain file systems. A local attacker could use this issue with a crafted file system image to possibly execute...
USN-5124-1: GNU binutils vulnerabilities | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Several security issues were fixed in GNU binutils. CVEs contained in this USN include: CVE-2020-16592, CVE-2021-3487. Affected Cloud Foundry Products and Versions Severity is low unless otherwise noted...
USN-4988-1: ImageMagick vulnerabilities | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could...
USN-4761-1: Git vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Matheus Tavares discovered that Git incorrectly handled delay-capable clean/smudge filters when being used on case-insensitive filesystems. A remote attacker could possibly use this...
USN-4158-1: LibTIFF vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker cou...
USN-4250-2: MariaDB vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that an unspecified vulnerability existed in the C API component of MariaDB. An attacker could use this to cause a denial of service for MariaDB clients. MariaDB has been updated to...
USN-4692-1: tar vulnerabilities | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Chris Siebenmann discovered that tar incorrectly handled extracting files resized during extraction when invoked with the –sparse flag. An attacker could possibl...
MySQL Security Updates - January 2020 | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Description Cloud Foundry Deployment, through its consumption of Percona XtraDB Cluster Release, is vulnerable to various MySQL vulnerabilites patched in the January 2020 Critical Patch Update, including: CVE-2020-2572 CVE-2020-2577 CVE-2020-2579...
USN-4247-1: python-apt vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be...
USN-4126-1: FreeType vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description It was discovered that FreeType incorrectly handled certain font files. An attacker could possibly use this issue to access sensitive information. CVEs contained in this USN include: CVE-2015-9383 Affecte...
USN-3999-1: GnuTLS vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Eyal Ronen, Kenneth G. Paterson, and Adi Shamir discovered that GnuTLS was vulnerable to a timing side-channel attack known as the “Lucky Thirteen” issue. A remote attacker could...
USN-3586-1: DHCP vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Konstantin Orekhov discovered that the DHCP server incorrectly handled a large number of concurrent TCP sessions. A remote attacker could possibly use this issue to cause a denial of service. This issue...
CVE-2017-8037: Incomplete fix for Cloud Controller API access to CC VM Contents | Cloud Foundry
Severity Critical Vendor Cloud Foundry Foundation Versions Affected CAPI-release versions after v1.6.0 and prior to v1.38.0 cf-release versions after v244 and prior to v270 Description This CVE is for an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should als...
USN-3318-1: GnuTLS vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Hubert Kario discovered that GnuTLS incorrectly handled decoding a status response TLS extension. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service...
CVE-2017-4992: Privilege escalation with user invitations | Cloud Foundry
Severity Critical Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v261 UAA release: 2.x versions prior to v2.7.4.17 3.6.x versions prior to v3.6.11 3.9.x versions prior to v3.9.13 Other versions prior to v4.2.0 UAA bosh release uaa-release: 13.x versions prior to...
USN-3259-1: Bind vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that the resolver in Bind made incorrect assumptions about ordering when processing responses containing a CNAME or DNAME. An attacker could use this cause a denial of service...
USN-3263-1: FreeType vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that a heap-based buffer overflow existed in the FreeType library. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash,...
USN-3241-1: audiofile vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Agostino Sarubbo discovered that audiofile incorrectly handled certain malformed audio files. If a user or automated system were tricked into processing a specially crafted audio file, a remote attacker...
USN-3247-1: AppArmor vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Stéphane Graber discovered that AppArmor incorrectly unloaded some profiles when restarted or upgraded, contrary to expected behavior. Affected Cloud Foundry Products and Versions Severity is medium unles...
CVE-2016-6659: UAA Privilege Escalation | Cloud Foundry
Critical Vendor Cloud Foundry Foundation Versions Affected Cloud Foundry release v247 and earlier versions UAA release v3.9.2 & earlier versions UAA bosh release uaa-release v23 & earlier versions Description This security update resolves vulnerabilities in UAA. The most severe of the...
USN-2981-1 libarchive vulnerabilities | Cloud Foundry
USN-2981-1 libarchive vulnerabilities Medium Vendor Libarchive, Canonical Ubuntu Versions Affected Ubuntu 14.04 LTS Description It was discovered that libarchive incorrectly handled certain entry-size values in ZIP archives. A remote attacker could use this issue to cause libarchive to crash,...
CVE-2016-0715 Remote Information Disclosure | Cloud Foundry
CVE-2016-0715 Remote Information Disclosure Critical Vendor Cloud Foundry Foundation Versions Affected Cloud Foundry v166 through v227 Cloud Foundry Java Buildpack v2.0 through v3.4 Description Original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and...
CVE-2015-5350 Garden Nstar vulnerability | Cloud Foundry
CVE-2015-5350 Garden Nstar vulnerability High Vendor Cloud Foundry Foundation Versions Affected Garden versions 0.22.0-0.329.0 Description A vulnerability has been discovered in the garden-linux nstar executable that allows access to files on the host system. By staging an application on Cloud...
USN-2788-1 and USN-2788-2 unzip vulnerability | Cloud Foundry
USN-2788-1 and USN-2788-2 unzip vulnerability Medium Vendor unzip Versions Affected Ubuntu 14.04 Description Gustavo Grieco discovered that unzip incorrectly handled certain password protected archives. If a user or automated system were tricked into processing a specially crafted zip archive, an...
USN-6842-1: gdb vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that gdb incorrectly handled certain memory operations when parsing an ELF file. An attacker could possibly use this issue to cause a denial...
USN-6244-1: AMD Microcode vulnerability | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could...
USN-6319-1: AMD Microcode vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Daniël Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow...
USN-5960-1: Python vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Yebo Cao discovered that Python incorrectly handled certain URLs. An attacker could possibly use this issue to bypass blocklisting methods by supplying a URL...
USN-5811-1: Sudo vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly handled user-specified editors when using the sudoedit command. A local attacker that has permission to use the...
USN-5760-1: libxml2 vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash. CVE-2022-2309 It was discovered that libxml2...
USN-5716-1: SQLite vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that SQLite incorrectly handled certain long string arguments. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or...
USN-5495-1: curl vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Harry Sintonen discovered that curl incorrectly handled certain cookies. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 21.1...
USN-5523-2: LibTIFF vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description USN-5523-1 fixed several vulnerabilities in LibTIFF. This update provides the fixes for CVE-2022-0907, CVE-2022-0908, CVE-2022-0909, CVE-2022-0924 and CVE-2022-22844 for Ubuntu 18.04 LTS and Ubuntu 20.04...
USN-5550-1: GnuTLS vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that GnuTLS incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only...
USN-5378-1: Gzip vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Cleemy Desu Wayo discovered that Gzip incorrectly handled certain filenames. If a user or automated system were tricked into performing zgrep operations with specially crafted filenames, a remote attacker...
USN-4996-1: OpenEXR vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or...
USN-4990-1: Nettle vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that Nettle incorrectly handled RSA decryption. A remote attacker could possibly use this issue to cause Nettle to crash, resulting in a denial of service. CVE-2021-3580 It was discovere...
USN-4882-1: Ruby vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that the Ruby JSON gem incorrectly handled certain JSON files. If a user or automated system were tricked into parsing a specially crafted JSON file, a remote attacker could use this iss...
USN-4764-1: GLib vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that GLib incorrectly handled certain symlinks when replacing files. If a user or automated system were tricked into extracting a specially crafted file with File...
USN-4358-1: libexif vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 18.04 Description It was discovered that libexif incorrectly handled certain tags. An attacker could possibly use this issue to cause a denial of service. CVE-2018-20030 It was discovered that libexi...
USN-4221-1: libpcap vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that libpcap did not properly validate PHB headers in some situations. An attacker could use this to cause a denial of service memory exhaustion. CVEs contained in...
CVE-2019-17596: x509 parsing in Golang can cause panic | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Description Various Cloud Foundry components are written in Go and are therefore vulnerable to a denial of service attack. Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public...
CVE-2019-11293: UAA logs all query parameters with debug logging level | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Description Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs clientsecret credentials when sent as a query param. A remote authenticated malicious user could gain access to user credentials via the uaa.log...
USN-3859-1: libarchive vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to cause a denial of service...
Kubernetes API Server acts as proxy for internal and external IPs | Cloud Foundry
Severity Unspecified Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions Cloud Foundry Container Runtime CFCR All versions prior to v0.26.0 Description Kubernetes API, versions 1.11.x prior to 1.11.6, 1.12.x prior to 1.12.4, contains an improper proxy. A remote...
CVE-2018-1268: Loggregator lacks app GUID validation | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using loggregator-release Version 89.x prior to 89.5 Version 96.x prior to 96.1 Version 99.x prior to 99.1 Version 101.x prior to 101.9 Version 102.x prior to 102.2 Description Cloud Foundry...
CVE-2017-14390: CF-deployment 0.35.0 syslog misconfiguration | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions cf-deployment v0.35.0 Description A misconfiguration with Loggregator and syslog-drain in cf-deployment causes logs to be drained to unintended locations. Mitigation Users of affected versions should appl...