1109 matches found
USN-6168-1: libx11 vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description Gregory James Duck discovered that libx11 incorrectly handled certain Request, Event, or Error IDs. If a user were tricked into connecting to a malicious X Server, a remote attacker could possibly use thi...
CVE-2023-20885: CF workflows leak credentials in system audit logs | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Description Cloud foundry team found that the kernel audit logging is enabled on some components due to which various lifecycle workflows in the platform that use admin or service credentials in invocations of binaries are picked up by the audit...
USN-5745-1: shadow vulnerability | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Florian Weimer discovered that shadow was not properly copying and removing user directory trees, which could lead to a race condition. A local attacker could...
USN-5244-2: DBus vulnerability | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description USN-5244-1 fixed a vulnerability in DBus. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: Daniel Onaca discovered that DBus contained a...
CVE-2021-22098: Open redirect vulnerability in UAA server | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Description UAA server versions prior to 75.4.0 are vulnerable to an open redirect vulnerability. A malicious user can exploit the open redirect vulnerability by social engineering leading to take over of victims’ accounts in certain cases along wit...
USN-4957-1: DjVuLibre vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, a remote attacker could cause...
USN-6806-1: GDK-PixBuf vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Pedro Ribeiro and Vitor Pedreira discovered that the GDK-PixBuf library did not properly handle certain ANI files. An attacker could use this flaw to cause...
USN-6827-1: LibTIFF vulnerability | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that LibTIFF incorrectly handled memory when performing certain cropping operations, leading to a heap buffer overflow. An attacker could use...
USN-6296-1: PostgreSQL vulnerabilities | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that PostgreSQL incorrectly handled certain extension script substitutions. An attacker having database-level CREATE privileges can use this issue to execute arbitrary code as the...
USN-6105-1: ca-certificates update | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.60 version of the Mozilla certificate...
USN-5885-1: APR vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description Ronald Crane discovered integer overflow vulnerabilities in the Apache Portable Runtime APR that could potentially result in memory corruption. A remote attacker could possibly use these issues to cause a...
USN-5806-2: Ruby vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description USN-5806-1 fixed vulnerabilities in Ruby. This update fixes the problem for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.10. Original advisory details: Hiroshi Tokumaru...
USN-4668-1: python-apt vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could possibly use this issue to cause python-apt to consume resources, leading to a denial of service. CVEs...
USN-4233-2: GnuTLS update | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description USN-4233-1 disabled SHA1 being used for digital signature operations in GnuTLS. In certain network environments, certificates using SHA1 may still be in use. This update adds the...
USN-3843-1: pixman vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that pixman incorrectly handled the generalcompositerect function. A remote attacker could use this issue to cause pixman to crash, resulting in a denial of service, or possibly execute...
USN-6814-1: libvpx vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description Xiantong Hou discovered that libvpx did not properly handle certain malformed media files. If an application using libvpx opened a specially crafted file, a remote attacker could cause a denial of service...
CVE-2024-37082 - mTLS bypass | Cloud Foundry
Severity CRITICAL Vendor CloudFoundry Foundation Versions Affected Routing Release 10.6.0 Description When deploying Cloud Foundry together with the haproxy-boshrelease and using a non default configuration, it might be possible to craft HTTP requests that bypass mTLS authentication to Cloud...
USN-6360-1: FLAC vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that FLAC incorrectly handled encoding certain files. A remote attacker could use this issue to cause FLAC to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-5089-1: ca-certificates update | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description A certificate about to expire was removed from ca-certificates. Affected Cloud Foundry Products and Versions Severity is unknown unless otherwise noted. Bionic Stemcells 1.x versions prior to 1.33 All...
CVE-2021-22001: Sensitive info leakage in UAA during Identity Provider deletion | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Description In UAA versions prior to 75.3.0, sensitive information like relaying secret of the provider was revealed in response when deletion request of an identity provider IdP of type “oauth 1.0” was sent to UAA server. An attacker can gain acces...
USN-4457-1: Software Properties vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description Jason A. Donenfeld discovered that Software Properties incorrectly filtered certain escape sequences when displaying PPA descriptions. If a user were tricked into adding an arbitrary PPA, a remote attacke...
USN-2837-1 bind9 vulnerability | Cloud Foundry
USN-2837-1 bind9 vulnerability Medium Vendor bind9 Versions Affected Ubuntu 14.04 Description It was discovered that Bind incorrectly handled responses with malformed class attributes. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service. The Cloud Found...
USN-2718-1 Address Configuration Change Vulnerabilities | Cloud Foundry
USN-2718-1 Address Configuration Change Vulnerabilities Medium Vendor Vivid Versions Affected Ubuntu 14.04 Description Marcelo Ricardo Leitner discovered a race condition in the Linux kernel’s SCTP address configuration lists when using Address Configuration Change ASCONF options on a socket. An...
USN-6802-1: PostgreSQL vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description Lukas Fittl discovered that PostgreSQL incorrectly performed authorization in the built-in pgstatsext and pgstatsextexprs views. An unprivileged database user can use this issue to read most common values...
USN-5376-3: Git regression | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description USN-5376-1 fixed vulnerabilities in Git, some patches were missing to properly fix the issue. This update fixes the problem. Original advisory details: 俞晨东 discovered that Git incorrectly handled certain...
CVE-2021-22099: Server Side Request Forgery in Cloud Controller | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Description Cloud Foundry Cloud Controller component is vulnerable to a Server-Side Request Forgery SSRF vulnerability. A malicious user can use this vulnerability to send HTTP GET requests to any internal component in the CF environment, and also t...
VU#475445: SAML Authentication Bypass | Cloud Foundry
Severity Medium/Advisory Vendor Duo Security Description Multiple SAML libraries may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the...
USN-2806-1 Linux kernel vulnerability | Cloud Foundry
USN-2806-1 Linux kernel vulnerability High Vendor Vivid Versions Affected Ubuntu 14.04 Description Ben Serebrin discovered that the KVM hypervisor implementation in the Linux kernel did not properly catch Alignment Check exceptions. An attacker in a guest virtual machine could use this to cause a...
USN-6755-1: GNU cpio vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description Ingo Brückl discovered that cpio contained a path traversal vulnerability. If a user or automated system were tricked into extracting a specially crafted cpio archive, an attacker could possibly use this...
USN-6719-1: util-linux vulnerability | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description Skyler Ferrante discovered that the util-linux wall command did not filter escape sequences from command line arguments. A local attacker could possibly use this issue to obtain sensitive information...
cflinuxfs3 Removal | Cloud Foundry
cflinuxfs3 Removal Please be advised that starting with release v30.0.0 of cf-deployment the platform now comes without the cflinuxfs3 stack and the cflinuxfs3 buildpacks 1. The stack is based on Ubuntu Bionic and has reached end of life. The new cflinuxfs4 stack with Ubuntu Jammy buildpacks are...
USN-5855-3: ImageMagick regression | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description USN-5855-2 fixed vulnerabilities in ImageMagick. Unfortunately an additional mitigation caused a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: ...
USN-5742-1: JBIG-KIT vulnerability | Cloud Foundry
Severity Negligible Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that JBIG-KIT incorrectly handled decoding certain large image files. If a user or automated system using JBIG-KIT were tricked into opening a specially crafte...
USN-5086-1: Linux kernel vulnerability | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description IBM s390x systems could be made to crash or run programs as an administrator. Affected Cloud Foundry Products and Versions Severity is unknown unless otherwise noted. Bionic...
USN-4668-3: python-apt regression | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description USN-4668-1 fixed vulnerabilities in python-apt. The update caused a regression when using certain APIs with a file handle. This update fixes the problem. We apologize for the inconvenience. Original...
CVE-2020-5418: Cloud Controller allows users with no roles to list droplets | Cloud Foundry
Severity Low Vendor Cloud Foundry Foundation Description Cloud Foundry CAPI Cloud Controller versions prior to 1.98.0 allow authenticated users having only the “cloudcontroller.read” scope, but no roles in any spaces, to list all droplets in all spaces whereas they should see none. Affected Cloud...
CVE-2018-15754: UAA issues tokens across identity providers if users with matching usernames exist | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions UAA release: versions v60 prior to v66.0 Description Cloud Foundry UAA, versions v60 prior to v66.0, contain an authorization logic error. In environments with multiple identity providers that contain...
MS-ISAC: 2018-046 - Multiple Vulnerabilities in PHP | Cloud Foundry
Severity Critical Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using php-buildpack prior to version 4.3.53 Description Multiple upstream vulnerabilities have been discovered in all supported PHP versions in the PHP buildpack. MS-ISAC reports that the most...
CVE-2016-6660: Cloud Controller logs application environment variables | Cloud Foundry
CVE-2016-6660: Cloud Controller logs application environment variables Low Vendor Cloud Foundry Foundation Versions Affected Cloud Foundry Release versions prior to 250 CAPI versions prior to 1.12.0 Description The Cloud Foundry Cloud Controller /v2/apps endpoint logs environment variables in...
USN-2900-1 GNU libc vulnerability | Cloud Foundry
USN-2900-1 GNU libc vulnerability High Vendor glibc Versions Affected Ubuntu 14.04 Description It was discovered that the GNU C Library incorrectly handled receiving responses while performing DNS resolution. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in...
USN-2820-1 dpkg vulnerability | Cloud Foundry
USN-2820-1 dpkg vulnerability Medium Vendor dpkg Versions Affected Ubuntu 14.04 Description Hanno Boeck discovered that the dpkg-deb tool incorrectly handled certain old style Debian binary packages. If a user or an automated system were tricked into unpacking a specially crafted binary package, ...
CVE-2025-22246 - UAA Private Key Exposure | Cloud Foundry
Severity LOW Vendor CloudFoundry Foundation Versions Affected UAA Release: v77.21.0 to v77.31.0 CF Deployment: v45.1.0 to v48.11.0 Description Cloud Foundry UAA release versions from v77.21.0 to v7.31.0 are vulnerable to a private key exposure in logs. Affected Cloud Foundry Products and Versions...
USN-6266-1: librsvg vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description Zac Sims discovered that librsvg incorrectly handled decoding URLs. A remote attacker could possibly use this issue to read arbitrary files by using an include element. Update Instructions: Run sudo pro f...
USN-5745-2: shadow regression | Cloud Foundry
usn-5745-2 Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description USN-5745-1 fixed vulnerabilities in shadow. Unfortunately that update introduced a regression that caused useradd to behave incorrectly in Ubuntu 14.04 ESM, Ubuntu 16.04...
USN-3432-1: ca-certificates update | Cloud Foundry
Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20170717 package. Affected Cloud Foundry Products and Versions Cloud Foundry BOSH...
USN-3212-2: LibTIFF regression | Cloud Foundry
Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3212-1 fixed vulnerabilities in LibTIFF. Unfortunately, some of the security patches were misapplied, which caused a regression when processing certain images. This update fixes the problem. We apologize for the...
USN-3131-1: ImageMagick vulnerabilities | Cloud Foundry
USN-3131-1: ImageMagick vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a special...
USN-2810-1 Kerberos vulnerability | Cloud Foundry
USN-2810-1 Kerberos vulnerability Medium Vendor Kerberos Versions Affected Ubuntu 14.04 Description It was discovered that Kerberos incorrectly handled null bytes in certain data fields. A remote attacker could possibly use this issue to cause a denial of service. It was discovered that the...
USN-2787-1 audiofile vulnerability | Cloud Foundry
USN-2787-1 audiofile vulnerability Medium Vendor audiofile Versions Affected Ubuntu 14.04 Description Fabrizio Gennari discovered that audiofile incorrectly handled changing both the sample format and the number of channels. If a user or automated system were tricked into processing a specially...
USN-6621-1: ImageMagick vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that ImageMagick incorrectly handled certain values when processing BMP files. An attacker could exploit this to cause a denial of service. Update Instructions: Ru...