1111 matches found
USN-2810-1 Kerberos vulnerability | Cloud Foundry
USN-2810-1 Kerberos vulnerability Medium Vendor Kerberos Versions Affected Ubuntu 14.04 Description It was discovered that Kerberos incorrectly handled null bytes in certain data fields. A remote attacker could possibly use this issue to cause a denial of service. It was discovered that the...
USN-2787-1 audiofile vulnerability | Cloud Foundry
USN-2787-1 audiofile vulnerability Medium Vendor audiofile Versions Affected Ubuntu 14.04 Description Fabrizio Gennari discovered that audiofile incorrectly handled changing both the sample format and the number of channels. If a user or automated system were tricked into processing a specially...
USN-5473-1: ca-certificates update | Cloud Foundry
usn-5473-1 Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.50 version of the Mozilla certificate authority...
USN-5326-1: FUSE vulnerabilities | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description It was discovered that FUSE is susceptible to a restriction bypass flaw on a system that has SELinux active. A local attacker with non-root privileges could mount a FUSE file system that is accessible to...
USN-5123-1: MySQL vulnerabilities | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Several security issues were fixed in MySQL. Affected Cloud Foundry Products and Versions Severity is unknown unless otherwise noted. cflinuxfs3 All versions prior to 0.8.0 CF Deployment All versions pri...
Security Advisory Update: Transitioning from Xenial to Bionic Stemcells | Cloud Foundry
The Cloud Foundry Foundation Security Working Group would like to provide a brief update with regard to security advisories. As you may know, Ubuntu Xenial 16.04 has transitioned from free long-term support LTS status to paid extended security maintenance ESM. Accordingly, the Cloud Foundry...
USN-3363-2: ImageMagick regression | Cloud Foundry
Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3363-1 fixed vulnerabilities in ImageMagick. The update caused a regression for certain users when processing images. The problematic patch has been reverted pending further investigation. We apologize for the...
USN-3156-1: APT vulnerability | Cloud Foundry
USN-3156-1: APT vulnerability High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description Jann Horn discovered that APT incorrectly handled InRelease files. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to insta...
USN-2927-1 Graphite2 vulnerabilities | Cloud Foundry
USN-2927-1 Graphite2 vulnerabilities Medium Vendor Graphite2 Versions Affected Ubuntu 14.04 Description Graphite2 could be made to crash or run programs as your login if it opened a specially crafted font. It was discovered that graphite2 incorrectly handled certain malformed fonts. If a user or...
USN-2812-1 libxml2 vulnerability | Cloud Foundry
USN-2812-1 libxml2 vulnerability Medium Vendor libxml2 Versions Affected Ubuntu 14.04 Description Florian Weimer discovered that libxml2 incorrectly handled certain XML data. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause...
USN-2722-1 GDK-PixBuf Vulnerabilities | Cloud Foundry
USN-2722-1 GDK-PixBuf Vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected libgdk-pixbuf2.0-0 2.30.7-0ubuntu1.1 Description It was discovered that GDK-PixBuf incorrectly handled scaling bitmap images. If a user or automated system were tricked into opening a BMP image file, a remote...
CVE-2025-22216 - UAA Missing Zone Validation | Cloud Foundry
Severity MED Overall CVSS Score: 5.0 CVSS v3.1 Vector: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C Vendor CloudFoundry Foundation Versions Affected Affected thru UAA Releases 77.20.1, 77.24.0 including 77.21.0, 77.22.0, 77.23.0 Unaffected from UAA Release 77.20.2 Unaffected from UAA Release...
CVE-2024-38826 Cloud Controller Denial of Service Attack | Cloud Foundry
Severity MEDIUM Vendor CloudFoundry Foundation Versions Affected Capi Release version 1.194 Description Authenticated users can upload specifically crafted files to leak server resources. This behavior can potentially be used to run a denial of service attack against Cloud Controller. Mitigation...
USN-6851-1: Netplan vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description Andreas Hasenack discovered that netplan incorrectly handled the permissions for netdev files containing wireguard configuration. An attacker could use this to obtain wireguard secret keys. It was...
USN-5144-1: OpenEXR vulnerability | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description OpenEXR could be made to crash or execute arbitrary code if it received a specially crafted EXR file. Affected Cloud Foundry Products and Versions Severity is unknown unless otherwise noted. cflinuxfs3 A...
USN-5079-3: curl vulnerabilities | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description USN-5079-1 introduced a regression in curl. Affected Cloud Foundry Products and Versions Severity is unknown unless otherwise noted. Bionic Stemcells 1.x versions prior to 1.31 All other stemcells not...
USN-4608-1: ca-certificates update | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.44 version of the Mozilla certificate...
USN-4049-4: GLib regression | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-4049-1 fixed a vulnerability in GLib. The update introduced a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that GLib...
USN-2943-1 PCRE vulnerabilities | Cloud Foundry
USN-2943-1 PCRE vulnerabilities Low/Medium Vendor Canonical Ubuntu Versions Affected Ubuntu 14.04 LTS Description It was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of...
Warning about NPM modules | Cloud Foundry
Warning about NPM modules Advisory Vendor Node Package Manager NPM Versions Affected Cloud Foundry NodeJS Buildpack Description If your app developers deploy Node applications, we’d like to alert you to recent developments with NPM and module ownership in the Node community. A blog post was...
USN-2869-1 OpenSSH vulnerability | Cloud Foundry
USN-2869-1 OpenSSH vulnerability High Vendor OpenSSH Versions Affected Ubuntu 14.04 Description It was discovered that the OpenSSH client experimental support for resuming connections contained multiple security issues. A malicious server could use this issue to leak client memory to the server,...
USN-2756-1 rpcbind Vulnerability | Cloud Foundry
USN-2756-1 rpcbind Vulnerability Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description rpcbind could be made to crash or run programs if it received specially crafted network traffic. It was discovered that rpcbind incorrectly handled certain memory structures. A...
USN-5145-1: PostgreSQL vulnerabilities | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description PostgreSQL could allow unintended access to network services. Affected Cloud Foundry Products and Versions Severity is unknown unless otherwise noted. cflinuxfs3 All versions prior to 0.266.0 CF Deployme...
USN-4719-1: ca-certificates update | Cloud Foundry
Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.46 version of the Mozilla certificate authority bundle...
USN-2871-1 Linux kernel vulnerability | Cloud Foundry
USN-2871-1 Linux kernel vulnerability High Vendor Ubuntu Versions Affected Ubuntu 14.04 Description Yevgeny Pats discovered that the session keyring implementation in the Linux kernel did not properly reference count when joining an existing session keyring. A local attacker could use this to cau...
USN-2815-1 PNG vulnerability | Cloud Foundry
USN-2815-1 PNG vulnerability Medium Vendor PNG Versions Affected Ubuntu 14.04 Description Qixue Xiao discovered that libpng incorrectly handled certain time values. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to...
CVE-2024-38806 - UAA Failure to Remove Shadow User's Access | Cloud Foundry
Severity LOW Vendor CloudFoundry Foundation Versions Affected UAA Release v77.10.0 or below Description Expected behavior: When UAA is configured to proxy to an external OIDC or SAML provider, and when UAA is configured using the UAA group mapping feature to convert the external provider user...
USN-6258-1: LLVM Toolchain vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that LLVM Toolchain did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted MLIR file, an attacker could possibly use this iss...
USN-2865-1 GnuTLS vulnerability | Cloud Foundry
USN-2865-1 GnuTLS vulnerability Medium Vendor GnuTLS Versions Affected Ubuntu 14.04 Description Karthikeyan Bhargavan and Gaetan Leurent discovered that GnuTLS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a man-in-the-middle attack, this fl...
USN-2836-1 grub2 vulnerability | Cloud Foundry
USN-2836-1 grub2 vulnerability Medium Vendor grub2 Versions Affected Ubuntu 14.04 Description Hector Marco and Ismael Ripoll discovered that GRUB incorrectly handled the backspace key when configured to use authentication. A local attacker could use this issue to bypass GRUB password protection...
USN-2739-1 FreeType Vulnerabilities | Cloud Foundry
USN-2739-1 FreeType Vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected libfreetype6 2.5.2-1ubuntu2.5 – FreeType 2 is a font engine library Description It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially...
USN-2765-1 Linux Kernel (Vivid HWE) Vulnerability | Cloud Foundry
USN-2765-1 Linux Kernel Vivid HWE Vulnerability High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description It was discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their...
USN-2694-1 PCRE Vulnerabilities | Cloud Foundry
USN-2694-1 PCRE Vulnerabilities Medium Vendor Perl 5 Versions Affected Ubuntu 14.04 Description Michele Spagnuolo discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of servic...
USN-2696-1 OpenJDK 7 Vulnerabilities | Cloud Foundry
USN-2696-1 OpenJDK 7 Vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected openjdk-7 – Open Source Java implementation Description Several security issues were fixed in OpenJDK 7. Affected Products and Versions Severity is medium unless otherwise noted. Ruby buildpack versions 1.6.1 an...
USN-2639-1 OpenSSL vulnerabilities | Cloud Foundry
USN-2639-1 OpenSSL vulnerabilities Medium Vendor OpenSSL Versions Affected Ubuntu 14.04 Description It was discovered that OpenSSL incorrectly handled memory when buffering DTLS data. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly...
Redis LUA Exploit | Cloud Foundry
Redis LUA Exploit High Vendor Redis Versions Affected Redis 3.0.1 or older Redis 2.8.20 or older Redis 2.6.x Description It was discovered that it is possible to break out of the LUA sandbox in Redis and execute arbitrary code. The user must have access to the Redis process to connect and execute...
USN-4377-1: ca-certificates update | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description The ca-certificates package contained an expired CA certificate that caused connectivity issues. This update removes the “AddTrust External Root” CA. In addition, on Ubuntu 16.04 L...
USN-3411-1: Bazaar vulnerability | Cloud Foundry
Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Adam Collard discovered that Bazaar did not properly handle host names in ‘bzr+ssh://’ URLs. A remote attacker could use this to construct a bazaar repository URL that when accessed could run arbitrary code with the...
USN-3142-2: ImageMagick regression | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description USN-3142-1 fixed vulnerabilities in ImageMagick. The security fixes introduced a regression with text labels and a regression with the textcoder. This update fixes the problem. It was discovered that...
USN-2698-1 SQLite Vulnerabilities | Cloud Foundry
USN-2698-1 SQLite Vulnerabilities Medium Vendor SQLite Versions Affected Ubuntu 14.04 Description It was discovered that SQLite incorrectly handled skip-scan optimization. An attacker could use this issue to cause applications using SQLite to crash, resulting in a denial of service, or possibly...
CVE-2026-41005 - UAA accepts SAML Encrypted Assertions authentication bypass | Cloud Foundry
Severity CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 9.0 / Critical CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H 9.5 / Critical Vendor CloudFoundry Foundation Description Cloud Foundry UAA versions v2.0.0 through v78.13.0 incorrectly treated XML encryption to the Service...
CVE-2026-22723 - UAA User Token Revocation | Cloud Foundry
Severity MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y Vendor CloudFoundry Foundation Versions Affected UAA Release: v77.30.0 to v78.7.0 CF Deployment: v48.7.0 to v54.10.0 Description Cloud Foundry UAA release versions fro...
USN-6851-2: Netplan regression | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description USN-6851-1 fixed vulnerabilities in Netplan. The update lead to the discovery of a regression in netplan which caused systemctl enable to fail on systems where systemd is not running. This update fixes t...
USN-5761-1: ca-certificates update | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Due to security concerns, the TrustCor certificate authority has been marked as distrusted in Mozilla’s root store. This update removes the TrustCor CA certificates from the...
USN-2820-1 GnuTLS vulnerability | Cloud Foundry
USN-2820-1 GnuTLS vulnerability High Vendor GnuTLS Versions Affected Ubuntu 14.04 Description It was discovered that GnuTLS incorrectly validated the first byte of padding in CBC modes. A remote attacker could possibly use this issue to perform a padding oracle attack. The Cloud Foundry project...
USN-5126-1: Bind vulnerability | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Bind could be made to consume resources if it received specially crafted network traffic. Affected Cloud Foundry Products and Versions Severity is unknown unless otherwise noted. Bionic Stemcells 1.x...
USN-2857-1 Linux kernel vulnerability | Cloud Foundry
USN-2857-1 Linux kernel vulnerability High Vendor Linux kernel Versions Affected Ubuntu 14.04 Description Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permissi...
CVE-2026-22734 - UAA SAML 2.0 Signature Bypass | Cloud Foundry
Severity 8.8 / High CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N 8.6 / HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Vendor CloudFoundry Foundation Description Cloud Foundry UAA versions v77.21.0 through v78.8.0 are vulnerable to a bypass that allows an attacker to obtain a...
CVE-2026-47833 - Symlink vulnerability in setupBpmLogs allows container-to-host privilege escalation via /etc/shadow | Cloud Foundry
Medium CVSS score: 6.8 Medium CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/S:U/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N Vendor Cloud Foundry Foundation Versions Affected Severity is Medium unless otherwise noted. bpm-release – All versions prior to v1.4.30 Description setupBpmLogs follows symlink for bpm.log open and...
CVE-2026-41010 - Release Job Name Command Injection on BOSH Director | Cloud Foundry
CVSSv4: High 8.7 CVSS:4.0:/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVSSv3: High 8.2 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Vendor Cloud Foundry Foundation Versions Affected Severity is HIGH unless otherwise noted. BOSH Director – All versions prior to v282.1.12 Description...