1111 matches found
USN-5921-1: rsync vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Koen van Hove discovered that the rsync client incorrectly validated filenames returned by servers. If a user or automated system were tricked into connecting to a malicious server,...
USN-5811-1: Sudo vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly handled user-specified editors when using the sudoedit command. A local attacker that has permission to use the...
USN-5760-1: libxml2 vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash. CVE-2022-2309 It was discovered that libxml2...
USN-5550-1: GnuTLS vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that GnuTLS incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only...
USN-5422-1: libxml2 vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Shinji Sato discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly...
USN-5431-1: GnuPG vulnerability | Cloud Foundry
usn-5431-1 Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that GnuPG was not properly processing keys with large amounts of signatures. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run sud...
USN-5378-1: Gzip vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Cleemy Desu Wayo discovered that Gzip incorrectly handled certain filenames. If a user or automated system were tricked into performing zgrep operations with specially crafted filenames, a remote attacker...
USN-4996-1: OpenEXR vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or...
USN-4357-1: IPRoute vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that IPRoute incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. CVEs contained in this USN include: CVE-2019-20795. Affected Cloud...
USN-4221-1: libpcap vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that libpcap did not properly validate PHB headers in some situations. An attacker could use this to cause a denial of service memory exhaustion. CVEs contained in...
Kubernetes API Server acts as proxy for internal and external IPs | Cloud Foundry
Severity Unspecified Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions Cloud Foundry Container Runtime CFCR All versions prior to v0.26.0 Description Kubernetes API, versions 1.11.x prior to 1.11.6, 1.12.x prior to 1.12.4, contains an improper proxy. A remote...
USN-3836-2: Linux kernel (HWE) vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description USN-3836-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 LTS for Ubuntu 16.0...
CVE-2018-1268: Loggregator lacks app GUID validation | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using loggregator-release Version 89.x prior to 89.5 Version 96.x prior to 96.1 Version 99.x prior to 99.1 Version 101.x prior to 101.9 Version 102.x prior to 102.2 Description Cloud Foundry...
CVE-2018-1192: UAA SessionID present in Audit Event Logs | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions All cf-release versions prior to v285 All cf-deployment versions prior to v1.7 UAA 4.5.x versions prior to 4.5.5 4.8.x versions prior to 4.8.3 4.7.x versions prior to 4.7.4 UAA-release 45.7.x versions prior...
CVE-2017-14390: CF-deployment 0.35.0 syslog misconfiguration | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions cf-deployment v0.35.0 Description A misconfiguration with Loggregator and syslog-drain in cf-deployment causes logs to be drained to unintended locations. Mitigation Users of affected versions should appl...
CVE-2017-14388: GrootFS doesn't validate DiffIDs | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions GrootFS release 0.3.x versions prior to 0.30.0 Description GrootFS does not validate DiffIDs, allowing specially crafted images to poison the grootfs volume cache. For example, this could allow an attacker ...
USN-3454-1: libffi vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that libffi incorrectly enforced an executable stack. An attacker could possibly use this issue, in combination with another vulnerability, to facilitate executing arbitrary code. Affect...
USN-3323-1: GNU C Library vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that the GNU C library did not properly handle memory when processing environment variables for setuid programs. A local attacker could use this in combination with another vulnerability...
CVE-2017-4994: Forwarded Headers in UAA | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v263 UAA release: 2.x versions prior to v2.7.4.18 3.6.x versions prior to v3.6.12 3.9.x versions prior to v3.9.14 Other versions prior to v4.3.0 UAA bosh release uaa-release: 13.x versions prior to v13.16...
CVE-2017-4973: Privilege Escalation in UAA | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v257 UAA release: 2.x versions prior to v2.7.4.14 3.6.x versions prior to v3.6.8 3.9.x versions prior to v3.9.10 Other versions prior to v3.15.0 UAA bosh release uaa-release: 13.x versions prior to v13.12...
USN-3185-1: libXpm vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could use this issue to cause...
CVE-2016-0761 Docker Image Host Files Corruption | Cloud Foundry
CVE-2016-0761 Docker Image Host Files Corruption Critical Vendor Cloud Foundry Foundation Description Garden linux contains a flaw in managing container files during Docker image preparation that could be used to delete, corrupt or overwrite host files and directories, including other container...
USN-6655-1: GNU binutils vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that GNU binutils was not properly handling the logic behind certain memory management related operations, which could lead to an invalid memory access. An attacker could possibly use th...
USN-6517-1: Perl vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that Perl incorrectly handled printing certain warning messages. An attacker could possibly use this issue to cause Perl to consume resources, leading to a denial of service. This issue...
USN-6600-1: MariaDB vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues. MariaDB has been updated to 10.3.39 in Ubuntu 20.04 LTS, 10.6.16 in Ubuntu...
USN-6616-1: OpenLDAP vulnerability | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that OpenLDAP was not properly performing bounds checks when executing functions related to LDAP URLs. An attacker could possibly use this issue to cause a denial of service. Update...
USN-6452-1: Vim vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that Vim could be made to divide by zero. An attacker could possibly use this issue to cause a denial of service. This issue only affected...
USN-6062-1: FreeType vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that FreeType incorrectly handled certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, or...
USN-5952-1: OpenJPEG vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Sebastian Poeplau discovered that OpenJPEG incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly u...
USN-5886-1: Intel Microcode vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Erik C. Bjorge discovered that some IntelR Atom and Intel Xeon Scalable Processors did not properly implement access controls for out-of-band management. This...
USN-5923-1: LibTIFF vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that LibTIFF could be made to read out of bounds when processing certain malformed image files with the tiffcrop tool. If a user were tricke...
USN-5870-1: apr-util vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Ronald Crane discovered that APR-util did not properly handled memory when encoding or decoding certain input data. An attacker could possibly use this issue ...
USN-5587-1: curl vulnerability | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Axel Chong discovered that when curl accepted and sent back cookies containing control bytes that a HTTPS server might return a 400 Bad Request Error response. A malicious cookie host...
USN-5380-1: Bash vulnerability | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that Bash did not properly drop privileges when the binary had the setuid bit enabled. An attacker could possibly use this issue to escalate privileges. Update...
USN-5267-2: Linux kernel regression | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description USN-5267-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression that caused the kernel to freeze when accessing CIFS shares in some situations. This update fixes...
USN-5235-1: Ruby vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that Ruby incorrectly handled certain HTML files. An attacker could possibly use this issue to cause a crash. This issue only affected Ubuntu 20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10...
USN-4764-1: GLib vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that GLib incorrectly handled certain symlinks when replacing files. If a user or automated system were tricked into extracting a specially crafted file with File...
CVE-2020-5416: CF clusters with NGINX in front of them may be vulnerable to DoS | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Description Cloud Foundry Routing Gorouter, versions prior to 0.204.0, when used in a deployment with NGINX reverse proxies in front of the Gorouters, is potentially vulnerable to denial-of-service attacks in which an unauthenticated malicious attacke...
USN-4396-1: libexif vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 18.04 Description It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. CVE-2020-0093, CVE-2020-0182 It was...
USN-4360-4: json-c vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description USN-4360-1 fixed a vulnerability in json-c. The security fix introduced a memory leak that was reverted in USN-4360-2 and USN-4360-3. This update provides the...
USN-4360-1: json-c vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that json-c incorrectly handled certain JSON files. An attacker could possibly use this issue to execute arbitrary code. CVEs contained in...
USN-4263-1: Sudo vulnerability | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Joe Vennix discovered that Sudo incorrectly handled memory operations when the pwfeedback option is enabled. A local attacker could possibly use this issue to obtain unintended access ...
USN-4038-1: bzip2 vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Aladdin Mubaied discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.0...
CVE-2019-3794: UAA - Login app subject to clickjacking attack | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions Severity is medium unless otherwise noted. UAA Release OSS is vulnerable prior to v73.4.0 Description Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various...
USN-3847-2: Linux kernel (HWE) vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description USN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 LTS for Ubuntu 16.0...
USN-3839-1: WavPack vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that WavPack incorrectly handled certain WAV files. An attacker could possibly use this issue to cause a denial of service. CVE-2018-19840, CVE-2018-19841 CVEs contained in this USN...
CVE-2018-1191 - Garden may log Docker passwords | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using garden-runc-release prior to version 1.11.0 You are using cf-deployment prior to version 1.9.0 Description Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure...
CVE-2018-1197: GCP Metadata Endpoint Accessible from Application Containers on Windows | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions Windows Stemcells All versions prior to 1200.14 Description Apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. A malicious developer could use this...
CVE-2017-7484, 7485, 7486: PostgreSQL vulnerabilities | Cloud Foundry
Severity High Vendor PostgreSQL Versions Affected PostGreSQL versions: All versions prior to 9.2.21 9.3.x versions prior to 9.3.17 9.4.x versions prior to 9.4.12 9.5.x versions prior to 9.5.7 9.6.x versions prior to 9.6.3 Description It was found that some selectivity estimation functions did not...
CVE-2017-4961: BOSH Director Shell Injection Vulnerabilities | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Versions Affected BOSH Release: 261.x versions prior to 261.3 All 260.x versions Description In certain cases an authenticated Director user can provide a malicious checksum that could allow them to escalate their privileges on the Director VM...