1111 matches found
USN-3139-1: Vim vulnerability | Cloud Foundry
USN-3139-1: Vim vulnerability Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description Florian Larysch discovered that the Vim text editor did not properly validate values for the ‘filetype’, ‘syntax’, and ‘keymap’ options. An attacker could trick a user into openin...
CVE-2016-5016 UAA accepts expired certificates | Cloud Foundry
CVE-2016-5016 UAA accepts expired certificates High Vendor Cloud Foundry Foundation Versions Affected Cloud Foundry release v239 and earlier versions UAA release v3.4.1 and earlier versions UAA release V12.2 and earlier versions Description UAA uses the OpenJDK Java Runtime Environment TrustManag...
USN-2961-1 Little CMS vulnerability | Cloud Foundry
USN-2961-1 Little CMS vulnerability Medium Vendor Little CMS, Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description It was discovered that a double free could occur when the intent handling code in the Little CMS library detected an error. An attacker could use this to special...
USN-6428-1: LibTIFF vulnerability | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that LibTIFF could be made to read out of bounds when processing certain malformed image files with the tiffcrop utility. If a user were tricke...
USN-6166-1: libcap2 vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description David Gstir discovered that libcap2 incorrectly handled certain return codes. An attacker could possibly use this issue to cause libcap2 to consume memory, leading to a denial of service. CVE-2023-2602...
USN-5906-1: PostgreSQL vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description Jacob Champion discovered that the PostgreSQL client incorrectly handled Kerberos authentication. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could...
USN-5801-1: Vim vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that Vim makes illegal memory calls when pasting brackets in Ex mode. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitra...
USN-5731-1: multipath-tools vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that multipath-tools incorrectly handled symlinks. A local attacker could possibly use this issue, in combination with other issues, to escalate privileges. This issue only affected Ubun...
USN-5743-2: LibTIFF vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description USN-5743-1 fixed a vulnerability in LibTIFF. This update provides the corresponding updates for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. Original advisory details: It was...
USN-5259-3: Cron regression | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description USN-5259-1 and USN-5259-2 fixed vulnerabilities in Cron. Unfortunately that update was incomplete and could introduce a regression. This update fixes the problem. We apologize for the...
USN-5366-1: FriBidi vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that FriBidi incorrectly handled processing of input strings resulting in memory corruption. An attacker could use this issue to cause FriBidi to crash, resulting in a denial of service,...
USN-5352-1: Libtasn1 vulnerability | Cloud Foundry
Severity Negligible Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description It was discovered that Libtasn1 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. CVEs contained in this USN include: CVE-2018-1000654. Affecte...
USN-5076-1: Git vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Git incorrectly handled certain repository paths. CVEs contained in this USN include: CVE-2021-40330. Affected Cloud Foundry Products and Versions Severity is medium unless otherwis...
USN-5020-1: Ruby vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. CVE-2021-31799 It was discovered that Ruby incorrectly handled certain...
CVE-2020-5422: UAA password may appear in BOSH System Metrics Server process arguments | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Description BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA password as a flag to a process running on the BOSH director. It exposed the password to any user or process with access to the same VM through ps or looking at process...
USN-4418-1: OpenEXR vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or...
CVE-2018-15754: UAA issues tokens across identity providers if users with matching usernames exist | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions UAA all versions in v60.x, v61.x, v62.x, v63.x, v64.x Description Cloud Foundry UAA, all versions in v60.x, v61.x, v62.x, v63.x, and v64.x contain an authorization logic error. In environments with multip...
CVE-2018-15800: Timing attack allows extraction of signing key in Bits Service | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions Bits Service release versions prior to 2.18.0 Description Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing...
CVE-2014-9130: LibYAML vulnerability | Cloud Foundry
CVE-2014-9130: LibYAML vulnerability Medium Vendor LibYAML Versions Affected Cloud Foundry Ruby Buildpack versions prior to 1.6.25 Description Stanisław Pitucha and Jonathan Gray discovered that LibYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data ...
USN-3063-1 Fontconfig vulnerability | Cloud Foundry
USN-3063-1 Fontconfig vulnerability Medium Vendor Canonical Ubuntu, fontconfig Versions Affected Canonical Ubuntu 14.04 LTS Description Tobias Stoeckmann discovered that Fontconfig incorrectly handled cache files. A local attacker could possibly use this issue with a specially crafted cache file ...
USN-6853-1: Ruby vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that Ruby incorrectly handled the ungetbyte and ungetc methods. A remote attacker could use this issue to cause Ruby to crash, resulting in a denial of service, or possibly obtain...
USN-6666-1: libuv vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that libuv incorrectly truncated certain hostnames. A remote attacker could possibly use this issue with specially crafted hostnames to bypass certain checks. Update Instructions: Run su...
USN-6359-1: file vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that file incorrectly handled certain malformed files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run sudo pr...
USN-6145-1: Sysstat vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that Sysstat incorrectly handled certain arithmetic multiplications. An attacker could use this issue to cause Sysstat to crash, resulting i...
CVE-2023-20881: CAs for syslog-drain mtls feature can be overwritten | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Description Users on cf may override other users syslog drain credentials if they’re aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This would allow the user to override the private key and...
USN-5825-1: PAM vulnerability | Cloud Foundry
Severity Negligible Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that PAM did not correctly restrict login from an IP address that is not resolvable via DNS. An attacker could possibly use this issue t...
USN-5744-1: libICE vulnerability | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that libICE was using a weak mechanism to generate the session cookies. A local attacker could possibly use this issue to perform a privilege escalation attack. Updat...
USN-5733-1: FLAC vulnerabilities | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that FLAC was not properly performing memory management operations, which could result in a memory leak. An attacker could possibly use this issue to cause FLAC to...
USN-5569-1: Unbound vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Xiang Li discovered that Unbound incorrectly handled delegation caching. A remote attacker could use this issue to keep rogue domain names resolvable long after they have been revoked. Update Instructions...
USN-5403-1: SQLite vulnerability | Cloud Foundry
Severity Negligible Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that SQLite command-line component incorrectly handled certain queries. An attacker could possibly use this issue to cause a crash or possibly execute arbitrary code. Update...
CVE-2021-22101: Cloud Controller is vulnerable to unauthenticated denial of service | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Description Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of ServiceDoS vulnerability. An attacker can leverage this vulnerability to cause denial of service by using REST HTTP requests with labelselectors on...
CVE-2021-22115: CAPI logs service broker credentials | Cloud Foundry
Severity Critical Vendor Cloud Foundry Foundation Description Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config field is changed. CAPI database logs service broker password in plain text whenever a job to clean up orphaned ite...
USN-4360-2: json-c regression | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description USN-4360-1 fixed a vulnerability in json-c. The security fix introduced a memory leak in some scenarios. This update reverts the security fix pending further investigation. We...
USN-4172-1: file vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that file incorrectly handled certain malformed files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. CVEs...
USN-4038-4: bzip2 regression | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-4038-1 fixed a vulnerability in bzip2. The update introduced a regression causing bzip2 to incorrect raises CRC errors for some files. This update provides the corresponding update for Ubuntu 12.04 ES...
USN-3353-1: Heimdal vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Heimdal clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate...
USN-3346-1: bind9 vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Clément Berthaux discovered that Bind did not correctly check TSIG authentication for zone update requests. An attacker could use this to improperly perform zone updates. CVE-2017-3143 Clément Berthaux...
CVE-2016-3084 UAA Password Reset Vulnerability | Cloud Foundry
CVE-2016-3084 UAA Password Reset Vulnerability Low Vendor Cloud Foundry Foundation Versions Affected Cloud Foundry release v236 and earlier versions UAA release v3.3.0 and earlier versions All versions of Login-server UAA release v10 and earlier versions Description The UAA reset password flow is...
USN-6797-1: Intel Microcode vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that some 3rd and 4th Generation Intel® Xeon® Processors did not properly restrict access to certain hardware features when using Intel® SGX...
USN-6698-1: Vim vulnerability | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Zhen Zhou discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a denial of service Update Instructions: Run sud...
USN-6499-1: GnuTLS vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that GnuTLS had a timing side-channel when handling certain RSA-PSK key exchanges. A remote attacker could possibly use this issue to recover sensitive information. Update Instructions:...
USN-6588-1: PAM vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description Matthias Gerstner discovered that the PAM pamnamespace module incorrectly handled special files when performing directory checks. A local attacker could possibly use this issue to cause PAM to stop...
USN-6627-1: libde265 vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that libde265 could be made to read out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a...
USN-5704-1: DBus vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that DBus incorrectly handled messages with invalid type signatures. A local attacker could possibly use this issue to cause DBus to crash,...
USN-5446-1: dpkg vulnerability | Cloud Foundry
usn-5446-1 Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Max Justicz discovered that dpkg incorrectly handled unpacking certain source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote...
USN-5189-1: GLib vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that GLib incorrectly handled certain environment variables. An attacker could possibly use this issue to escalate privileges. CVEs contained in this USN include:...
USN-4512-1: util-linux vulnerability | Cloud Foundry
Severity Negligible Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that the umount bash completion script shipped in util-linux incorrectly handled certain mountpoints. If a local attacker were able to create arbitrary mountpoints, another user coul...
USN-4487-1: libx11 vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Todd Carson discovered that libx11 incorrectly handled certain memory operations. A local attacker could possibly use this issue to escalate privileges. CVE-2020-14344 Jayden Rivers...
USN-3911-2: file regression | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description USN-3911-1 fixed vulnerabilities in file. One of the backported security fixes introduced a regression that caused the interpreter string to be truncated. This update fixes the...
USN-4359-1: APT vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that APT incorrectly handled certain filenames during package installation. If an attacker could provide a specially crafted package to be installed by the system...