1111 matches found
CVE-2019-3782: CredHub CLI writes environment variable credentials to disk | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions CredHub CLI All versions prior to 2.2.1 Description Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent...
USN-3540-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
Severity Critical Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3540-1 addressed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubunt...
USN-3505-1: Linux firmware vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Mathy Vanhoef discovered that the firmware for several Intel WLAN devices incorrectly handled WPA2 in relation to Wake on WLAN. A remote attacker could use this issue with key reinstallation attacks to obta...
USN-3119-1: Bind vulnerability | Cloud Foundry
USN-3119-1: Bind vulnerability Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description Bind could be made to crash if it received specially crafted network traffic. Tony Finch and Marco Davids discovered that Bind incorrectly handled certain responses containing a...
CVE-2016-0800 & CVE-2016-0703 OpenSSL vulnerabilities | Cloud Foundry
CVE-2016-0800 & CVE-2016-0703 OpenSSL vulnerabilities High Vendor OpenSSL Versions Affected SSLv2 Description The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possess...
USN-4198-1: DjVuLibre vulnerabilities | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, a remote attacker could cause...
USN-4162-1: Linux kernel vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description It was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not handle detach operations correctly, leading to a use-after-free vulnerability. A physically proximate attacker could use this to...
USN-3181-1: OpenSSL vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of...
USN-4318-1: Linux kernel vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly expose sensitive...
USN-4298-1: SQLite vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly...
USN-4135-1: Linux kernel vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description Peter Pi discovered a buffer overflow in the virtio network backend vhostnet implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service host OS crash or...
USN-4068-2: Linux kernel (HWE) vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description USN-4068-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 for Ubuntu 16.04 LT...
USN-3522-4: Linux kernel (Xenial HWE) regression | Cloud Foundry
Severity Critical Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3522-2 fixed a vulnerability in the Linux Hardware Enablement kernel for Ubuntu 14.04 LTS to address Meltdown CVE-2017-5754. Unfortunately, that update introduced a regression where a few systems...
USN-3405-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3405-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.0...
Multiple CVEs: httpoxy | Cloud Foundry
Multiple CVEs: httpoxy Low Vendor Cloud Foundry Versions Affected Go Buildpack versions prior to 1.7.10 PHP Buildpack versions prior to 4.3.17 Description httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. It involves to a namespace conflict...
USN-3134-1: Python vulnerabilities | Cloud Foundry
USN-3134-1: Python vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description It was discovered that the smtplib library in Python did not return an error when StartTLS fails. A remote attacker could possibly use this to expose sensitive information...
USN-2987-1 GD library vulnerabilities | Cloud Foundry
USN-2987-1 GD library vulnerabilities Medium Vendor libgd2, Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description It was discovered that the GD library incorrectly handled certain color tables in XPM images. If a user or automated system were tricked into processing a speciall...
USN-2914-1 OpenSSL vulnerabilities | Cloud Foundry
USN-2914-1 OpenSSL vulnerabilities Low Vendor Ubuntu, OpenSSL Versions Affected Ubuntu 14.04 LTS SSLv1 Description Several security issues were fixed in OpenSSL. Yuval Yarom, Daniel Genkin, and Nadia Heninger discovered that OpenSSL was vulnerable to a side-channel attack on modular exponentiatio...
USN-3485-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3485-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.0...
USN-3334-1: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerabili...
USN-3183-1: GnuTLS Vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description Stefan Buehler discovered that GnuTLS incorrectly verified the serial length of OCSP responses. A remote attacker could possibly use this issue to bypass certain certificate validation measures. This...
USN-3087-2 OpenSSL Regression | Cloud Foundry
USN-3087-2 OpenSSL Regression High Vendor Canonical Ubuntu, OpenSSL Versions Affected Canonical Ubuntu 14.04 LTS, OpenSSLv1 Description USN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the...
CVE-2016-4450 Nginx Vulnerabilities | Cloud Foundry
CVE-2016-4450 Nginx Vulnerabilities Medium Vendor nginx, Cloud Foundry Versions Affected nginx before 1.10.1 and 1.11.x versions before 1.11.1 Cloud Foundry staticfile buildpack prior to version 1.3.9 Cloud Foundry cf-release prior to version 238 Description os/unix/ngxfiles.c in nginx before...
USN-6565-1: OpenSSH vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that OpenSSH incorrectly handled supplemental groups when running helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand as a different user. An attacker could possibl...
USN-5000-1: Linux kernel vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute...
MySQL Security Updates - Oct 2019 | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Description Cloud Foundry Deployment, through its consumption of Percona XtraDB Cluster Release, is vulnerable to various MySQL vulnerabilites patched in the October 2019 Critical Patch Update, including: CVE-2019-2910 CVE-2019-2911 CVE-2019-2914...
CVE-2019-3787: UAA defaults email address to an insecure domain | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions UAA Release OSS All versions prior to v73.0.0 Description Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user’s email address when one is not provided and the user...
USN-3534-1: GNU C Library vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that the GNU C library did not properly handle all of the possible return values from the kernel getcwd2 syscall. A local attacker could potentially exploit this to execute arbitrary code ...
USN-6505-1: nghttp2 vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that nghttp2 incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. Update...
USN-5114-1: Linux kernel vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Several security issues were fixed in the Linux kernel. CVEs contained in this USN include: CVE-2021-38198, CVE-2021-40490, CVE-2020-3702. Affected Cloud Foundry Products and Versio...
USN-3256-2: Linux kernel (HWE) vulnerability | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3256-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel for...
CVE-2015-1328 - overlayfs privilege escalation | Cloud Foundry
CVE-2015-1328 – overlayfs privilege escalation High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS with 3.16 kernel Description Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to...
USN-4115-1: Linux kernel vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this ...
USN-4034-1: ImageMagick vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could...
USN-3061-1 OpenSSH vulnerability | Cloud Foundry
USN-3061-1 OpenSSH vulnerability Medium Vendor Canonical Ubuntu, openssh Versions Affected Canonical Ubuntu 14.04 LTS Description Eddie Harari discovered that OpenSSH incorrectly handled password hashing when authenticating non-existing users. A remote attacker could perform a timing attack and...
USN-2842-1/USN-2842-2 Linux kernel vulnerability | Cloud Foundry
USN-2842-1/USN-2842-2 Linux kernel vulnerability Medium Vendor Linux kernel Versions Affected Ubuntu 14.04 Description Jan Beulich discovered that the KVM svm hypervisor implementation in the Linux kernel did not properly catch Debug exceptions on AMD processors. An attacker in a guest virtual...
USN-2710-1 OpenSSH Vulnerabilities | Cloud Foundry
USN-2710-1 OpenSSH Vulnerabilities Medium Vendor OpenSSH Versions Affected Ubuntu 14.04 Description Moritz Jodeit discovered that OpenSSH incorrectly handled usernames when using PAM authentication. If an additional vulnerability were discovered in the OpenSSH unprivileged child process, this iss...
CVE-2014-3153 Futex requeue exploit | Cloud Foundry
CVE-2014-3153 Futex requeue exploit Important to Low Vendor Canonical Ubuntu Versions Affected Linux kernel through 3.14.5 Description The futexrequeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local...
USN-6099-1: ncurses vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that ncurses was incorrectly performing bounds checks when processing invalid hashcodes. An attacker could possibly use this issue to cause ...
USN-4971-1: libwebp vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that libwebp incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue ...
USN-4578-1: Linux kernel vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial...
USN-4385-1: Intel Microcode vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Description It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3...
Various MySQL Security Updates from July 2018 through January 2019 | Cloud Foundry
Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions Percona Xtradb Cluster release versions prior to 0.15.0 Description Percona Xtradb Cluster release contains several vulnerabilities through its consumption of MySQL. Mitigation Users of affected products are strongly...
USN-5339-1: Linux kernel vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 releaseagent feature. A local attacker could...
CVE-2021-22100: Cloud Controller is vulnerable to denial of service due to misbehaving service brokers | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Description Cloud Controller CAPI is vulnerable to a denial-of-service attack in which a developer can push a service broker that accidentally or maliciously causes CC instances to timeout and fail. An attacker can leverage this vulnerability to cau...
USN-4660-2: Linux kernel regression | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description USN-4660-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression in the software raid10 driver when used with fstrim that could lead to data corruption. This updat...
USN-2994-1 libxml2 vulnerabilities | Cloud Foundry
USN-2994-1 libxml2 vulnerabilities Medium Vendor GNOME XML library, Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description Multiple researchers discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a...
USN-2990-1 ImageMagick vulnerability (a.k.a. ImageTragick) | Cloud Foundry
USN-2990-1 ImageMagick vulnerability a.k.a. ImageTragick Medium Vendor Imagemagick, Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description Nikolay Ermishkin and Stewie discovered that ImageMagick incorrectly sanitized untrusted input. A remote attacker could use these issues to...
USN-2949-1 Linux kernel (Vivid HWE) vulnerabilities | Cloud Foundry
USN-2949-1 Linux kernel Vivid HWE vulnerabilities Low/Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel’s CXGB3 driver. A local attacker could use this to cause a denial of service...
USN-2798-1 Linux kernel vulnerability | Cloud Foundry
USN-2798-1 Linux kernel vulnerability Medium Vendor Vivid Versions Affected Ubuntu 14.04 Description It was discovered that in certain situations, a directory could be renamed outside of a bind mounted location. An attacker could use this to escape bind mount containment and gain access to...