1109 matches found
CVE-2023-34041-Abuse of HTTP Hop-by-Hop Headers in Cloud Foundry Gorouter | Cloud Foundry
Severity Medium Vendor Cloud Foundry Description Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the...
USN-5473-1: ca-certificates update | Cloud Foundry
usn-5473-1 Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.50 version of the Mozilla certificate authority...
USN-5326-1: FUSE vulnerabilities | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description It was discovered that FUSE is susceptible to a restriction bypass flaw on a system that has SELinux active. A local attacker with non-root privileges could mount a FUSE file system that is accessible to...
USN-3363-2: ImageMagick regression | Cloud Foundry
Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3363-1 fixed vulnerabilities in ImageMagick. The update caused a regression for certain users when processing images. The problematic patch has been reverted pending further investigation. We apologize for the...
USN-3156-1: APT vulnerability | Cloud Foundry
USN-3156-1: APT vulnerability High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description Jann Horn discovered that APT incorrectly handled InRelease files. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to insta...
USN-2927-1 Graphite2 vulnerabilities | Cloud Foundry
USN-2927-1 Graphite2 vulnerabilities Medium Vendor Graphite2 Versions Affected Ubuntu 14.04 Description Graphite2 could be made to crash or run programs as your login if it opened a specially crafted font. It was discovered that graphite2 incorrectly handled certain malformed fonts. If a user or...
USN-2868-1 DHCP vulnerability | Cloud Foundry
USN-2868-1 DHCP vulnerability Medium Vendor DHCP Versions Affected Ubuntu 14.04 Description Sebastian Poehn discovered that the DHCP server, client, and relay incorrectly handled certain malformed UDP packets. A remote attacker could use this issue to cause the DHCP server, client, or relay to st...
USN-2812-1 libxml2 vulnerability | Cloud Foundry
USN-2812-1 libxml2 vulnerability Medium Vendor libxml2 Versions Affected Ubuntu 14.04 Description Florian Weimer discovered that libxml2 incorrectly handled certain XML data. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause...
USN-5144-1: OpenEXR vulnerability | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description OpenEXR could be made to crash or execute arbitrary code if it received a specially crafted EXR file. Affected Cloud Foundry Products and Versions Severity is unknown unless otherwise noted. cflinuxfs3 A...
USN-5079-3: curl vulnerabilities | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description USN-5079-1 introduced a regression in curl. Affected Cloud Foundry Products and Versions Severity is unknown unless otherwise noted. Bionic Stemcells 1.x versions prior to 1.31 All other stemcells not...
USN-5123-1: MySQL vulnerabilities | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Several security issues were fixed in MySQL. Affected Cloud Foundry Products and Versions Severity is unknown unless otherwise noted. cflinuxfs3 All versions prior to 0.8.0 CF Deployment All versions pri...
Security Advisory Update: Transitioning from Xenial to Bionic Stemcells | Cloud Foundry
The Cloud Foundry Foundation Security Working Group would like to provide a brief update with regard to security advisories. As you may know, Ubuntu Xenial 16.04 has transitioned from free long-term support LTS status to paid extended security maintenance ESM. Accordingly, the Cloud Foundry...
USN-4608-1: ca-certificates update | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.44 version of the Mozilla certificate...
USN-4049-4: GLib regression | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-4049-1 fixed a vulnerability in GLib. The update introduced a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that GLib...
USN-2943-1 PCRE vulnerabilities | Cloud Foundry
USN-2943-1 PCRE vulnerabilities Low/Medium Vendor Canonical Ubuntu Versions Affected Ubuntu 14.04 LTS Description It was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of...
Warning about NPM modules | Cloud Foundry
Warning about NPM modules Advisory Vendor Node Package Manager NPM Versions Affected Cloud Foundry NodeJS Buildpack Description If your app developers deploy Node applications, we’d like to alert you to recent developments with NPM and module ownership in the Node community. A blog post was...
USN-2869-1 OpenSSH vulnerability | Cloud Foundry
USN-2869-1 OpenSSH vulnerability High Vendor OpenSSH Versions Affected Ubuntu 14.04 Description It was discovered that the OpenSSH client experimental support for resuming connections contained multiple security issues. A malicious server could use this issue to leak client memory to the server,...
USN-2722-1 GDK-PixBuf Vulnerabilities | Cloud Foundry
USN-2722-1 GDK-PixBuf Vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected libgdk-pixbuf2.0-0 2.30.7-0ubuntu1.1 Description It was discovered that GDK-PixBuf incorrectly handled scaling bitmap images. If a user or automated system were tricked into opening a BMP image file, a remote...
USN-2756-1 rpcbind Vulnerability | Cloud Foundry
USN-2756-1 rpcbind Vulnerability Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description rpcbind could be made to crash or run programs if it received specially crafted network traffic. It was discovered that rpcbind incorrectly handled certain memory structures. A...
USN-4719-1: ca-certificates update | Cloud Foundry
Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.46 version of the Mozilla certificate authority bundle...
USN-2871-1 Linux kernel vulnerability | Cloud Foundry
USN-2871-1 Linux kernel vulnerability High Vendor Ubuntu Versions Affected Ubuntu 14.04 Description Yevgeny Pats discovered that the session keyring implementation in the Linux kernel did not properly reference count when joining an existing session keyring. A local attacker could use this to cau...
USN-2815-1 PNG vulnerability | Cloud Foundry
USN-2815-1 PNG vulnerability Medium Vendor PNG Versions Affected Ubuntu 14.04 Description Qixue Xiao discovered that libpng incorrectly handled certain time values. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to...
CVE-2025-22216 - UAA Missing Zone Validation | Cloud Foundry
Severity MED Overall CVSS Score: 5.0 CVSS v3.1 Vector: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C Vendor CloudFoundry Foundation Versions Affected Affected thru UAA Releases 77.20.1, 77.24.0 including 77.21.0, 77.22.0, 77.23.0 Unaffected from UAA Release 77.20.2 Unaffected from UAA Release...
CVE-2024-38826 Cloud Controller Denial of Service Attack | Cloud Foundry
Severity MEDIUM Vendor CloudFoundry Foundation Versions Affected Capi Release version 1.194 Description Authenticated users can upload specifically crafted files to leak server resources. This behavior can potentially be used to run a denial of service attack against Cloud Controller. Mitigation...
CVE-2024-38806 - UAA Failure to Remove Shadow User's Access | Cloud Foundry
Severity LOW Vendor CloudFoundry Foundation Versions Affected UAA Release v77.10.0 or below Description Expected behavior: When UAA is configured to proxy to an external OIDC or SAML provider, and when UAA is configured using the UAA group mapping feature to convert the external provider user...
USN-6258-1: LLVM Toolchain vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that LLVM Toolchain did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted MLIR file, an attacker could possibly use this iss...
USN-5145-1: PostgreSQL vulnerabilities | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description PostgreSQL could allow unintended access to network services. Affected Cloud Foundry Products and Versions Severity is unknown unless otherwise noted. cflinuxfs3 All versions prior to 0.266.0 CF Deployme...
USN-2865-1 GnuTLS vulnerability | Cloud Foundry
USN-2865-1 GnuTLS vulnerability Medium Vendor GnuTLS Versions Affected Ubuntu 14.04 Description Karthikeyan Bhargavan and Gaetan Leurent discovered that GnuTLS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a man-in-the-middle attack, this fl...
USN-2765-1 Linux Kernel (Vivid HWE) Vulnerability | Cloud Foundry
USN-2765-1 Linux Kernel Vivid HWE Vulnerability High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description It was discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their...
USN-2739-1 FreeType Vulnerabilities | Cloud Foundry
USN-2739-1 FreeType Vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected libfreetype6 2.5.2-1ubuntu2.5 – FreeType 2 is a font engine library Description It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially...
USN-2694-1 PCRE Vulnerabilities | Cloud Foundry
USN-2694-1 PCRE Vulnerabilities Medium Vendor Perl 5 Versions Affected Ubuntu 14.04 Description Michele Spagnuolo discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of servic...
USN-2696-1 OpenJDK 7 Vulnerabilities | Cloud Foundry
USN-2696-1 OpenJDK 7 Vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected openjdk-7 – Open Source Java implementation Description Several security issues were fixed in OpenJDK 7. Affected Products and Versions Severity is medium unless otherwise noted. Ruby buildpack versions 1.6.1 an...
USN-2639-1 OpenSSL vulnerabilities | Cloud Foundry
USN-2639-1 OpenSSL vulnerabilities Medium Vendor OpenSSL Versions Affected Ubuntu 14.04 Description It was discovered that OpenSSL incorrectly handled memory when buffering DTLS data. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly...
Redis LUA Exploit | Cloud Foundry
Redis LUA Exploit High Vendor Redis Versions Affected Redis 3.0.1 or older Redis 2.8.20 or older Redis 2.6.x Description It was discovered that it is possible to break out of the LUA sandbox in Redis and execute arbitrary code. The user must have access to the Redis process to connect and execute...
USN-6851-1: Netplan vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description Andreas Hasenack discovered that netplan incorrectly handled the permissions for netdev files containing wireguard configuration. An attacker could use this to obtain wireguard secret keys. It was...
USN-4377-1: ca-certificates update | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description The ca-certificates package contained an expired CA certificate that caused connectivity issues. This update removes the “AddTrust External Root” CA. In addition, on Ubuntu 16.04 L...
USN-3411-1: Bazaar vulnerability | Cloud Foundry
Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Adam Collard discovered that Bazaar did not properly handle host names in ‘bzr+ssh://’ URLs. A remote attacker could use this to construct a bazaar repository URL that when accessed could run arbitrary code with the...
USN-3142-2: ImageMagick regression | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description USN-3142-1 fixed vulnerabilities in ImageMagick. The security fixes introduced a regression with text labels and a regression with the textcoder. This update fixes the problem. It was discovered that...
USN-2836-1 grub2 vulnerability | Cloud Foundry
USN-2836-1 grub2 vulnerability Medium Vendor grub2 Versions Affected Ubuntu 14.04 Description Hector Marco and Ismael Ripoll discovered that GRUB incorrectly handled the backspace key when configured to use authentication. A local attacker could use this issue to bypass GRUB password protection...
USN-2698-1 SQLite Vulnerabilities | Cloud Foundry
USN-2698-1 SQLite Vulnerabilities Medium Vendor SQLite Versions Affected Ubuntu 14.04 Description It was discovered that SQLite incorrectly handled skip-scan optimization. An attacker could use this issue to cause applications using SQLite to crash, resulting in a denial of service, or possibly...
USN-5761-1: ca-certificates update | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Due to security concerns, the TrustCor certificate authority has been marked as distrusted in Mozilla’s root store. This update removes the TrustCor CA certificates from the...
USN-2857-1 Linux kernel vulnerability | Cloud Foundry
USN-2857-1 Linux kernel vulnerability High Vendor Linux kernel Versions Affected Ubuntu 14.04 Description Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permissi...
USN-6851-2: Netplan regression | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description USN-6851-1 fixed vulnerabilities in Netplan. The update lead to the discovery of a regression in netplan which caused systemctl enable to fail on systems where systemd is not running. This update fixes t...
USN-2820-1 GnuTLS vulnerability | Cloud Foundry
USN-2820-1 GnuTLS vulnerability High Vendor GnuTLS Versions Affected Ubuntu 14.04 Description It was discovered that GnuTLS incorrectly validated the first byte of padding in CBC modes. A remote attacker could possibly use this issue to perform a padding oracle attack. The Cloud Foundry project...
USN-5126-1: Bind vulnerability | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Bind could be made to consume resources if it received specially crafted network traffic. Affected Cloud Foundry Products and Versions Severity is unknown unless otherwise noted. Bionic Stemcells 1.x...
CVE-2026-22723 - UAA User Token Revocation | Cloud Foundry
Severity MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y Vendor CloudFoundry Foundation Versions Affected UAA Release: v77.30.0 to v78.7.0 CF Deployment: v48.7.0 to v54.10.0 Description Cloud Foundry UAA release versions fro...
CVE-2026-41010 - Release Job Name Command Injection on BOSH Director | Cloud Foundry
CVSSv4: High 8.7 CVSS:4.0:/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVSSv3: High 8.2 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Vendor Cloud Foundry Foundation Versions Affected Severity is HIGH unless otherwise noted. BOSH Director – All versions prior to v282.1.12 Description...
CVE-2026-41011 - Package Name Command Injection | Cloud Foundry
CVSSv4: High 8.7 CVSS:4.0: /AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVSSv3: High 8.2 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Vendor Cloud Foundry Foundation Versions Affected Severity is HIGH unless otherwise noted. BOSH – All versions prior to v282.1.12 Description...
CVE-2026-41858 - Brute forceable windows admin creds | Cloud Foundry
CVSS score: 6.5 Medium CVSS:3/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Vendor CloudFoundry Foundation Versions Affected Severity is HIGH unless otherwise noted. windows-utilities-release – All versions prior to v0.23.0 Description Weak Randomness / Insecure Cryptographic Primitive CWE-338 in...
CVE-2026-41859 - Missing TLS in NATS sync | Cloud Foundry
CVSS Score: High 7.1 CVSSv4: High 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:H/SA:H CVSSv3: High 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Vendor Cloudfoundry Foundation / BOSH Versions Affected Severity is High unless otherwise noted. BOSH – All versions prior to v282.1....