1111 matches found
USN-3312-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3312-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.0...
CVE-2016-8218: Unauthenticated JWT signing algorithm in routing | Cloud Foundry
CVE-2016-8218: Unauthenticated JWT signing algorithm in routing Critical Vendor Cloud Foundry Foundation Versions Affected routing-release versions prior to 0.142.0 cf-release versions 203 to 231 Description Incomplete validation logic in JSON Web Token JWT libraries can allow unprivileged...
USN-3083-1 Linux kernel vulnerabilities | Cloud Foundry
USN-3083-1 Linux kernel vulnerabilities High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description Dmitry Vyukov discovered that the IPv6 implementation in the Linux kernel did not properly handle options data, including a use-after-free. A local attacker could use this...
USN-3064-1 GnuPG vulnerability | Cloud Foundry
USN-3064-1 GnuPG vulnerability High Vendor Canonical Ubuntu, gnupg Versions Affected Canonical Ubuntu 14.04 LTS Description Felix Dörre and Vladimir Klebanov discovered that GnuPG incorrectly handled mixing functions in the random number generator. An attacker able to obtain 4640 bits from the RN...
USN-2983-1 Expat vulnerability | Cloud Foundry
USN-2983-1 Expat vulnerability Medium Vendor Expat, Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description Gustavo Grieco discovered that Expat incorrectly handled malformed XML data. If a user or application linked against Expat were tricked into opening a crafted XML file, an...
USN-2932-1 Linux kernel vulnerabilities | Cloud Foundry
USN-2932-1 Linux kernel vulnerabilities High Vendor Ubuntu Description Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPTSOSETREPLACE events. A local unprivileged attacker could use this to cause a denial of service system crash or...
CVE-2016-0732 Privilege Escalation | Cloud Foundry
CVE-2016-0732 Privilege Escalation Critical Vendor Cloud Foundry Foundation Versions Affected Cloud Foundry v208 through v229 UAA v2.0.0 – v2.7.3 & v3.0.0 UAA-Release v2 through v4 Description A privilege elevation vulnerability has been identified with the identity zones feature of UAA. Users wi...
USN-2537-1: OpenSSL vulnerabilities | Cloud Foundry
USN-2537-1: OpenSSL vulnerabilities Low to High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.10, 10.04 LTS and 14.04 LTS Description Several Low-to-High severity vulnerabilities impacting the versions of Ubuntu Linux included in the Cloud Foundry Stemcell and Runtime have been...
USN-6665-1: Unbound vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Unbound incorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue to cause Unbound to...
USN-5958-1: FFmpeg vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that FFmpeg could be made to dereference a null pointer. An attacker could possibly use this to cause a denial of service via application crash. These issues only...
USN-5736-1: ImageMagick vulnerabilities | Cloud Foundry
Medium Vendor Canonical Ubuntu Versions Affected • Canonical Ubuntu 18.04 Description It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacke...
USN-5410-1: NSS vulnerability | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Lenny Wang discovered that NSS incorrectly handled certain messages. A remote attacker could possibly use this issue to cause servers compiled with NSS to stop responding, resulting in a denial of service...
USN-5319-1: Linux kernel vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida discovered that hardware mitigations added by Intel to their processors to address Spectre-BTI were insufficient. A local...
USN-5294-2: Linux kernel vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that the Packet network protocol implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service system crash or...
USN-4945-1: Linux kernel vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that the Nouveau GPU driver in the Linux kernel did not properly handle error conditions in some situations. A local attacker could use this to cause a denial of service system crash...
USN-3604-1: libvorbis vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Affected Cloud Foundry Products and Versions Severity is medium unless otherwise noted. All versions of Cloud Foundry cflinuxfs2 prior to 1.194.0 Mitigation OSS users are strongly encouraged to follow one...
CVE-2018-1266: Cloud Controller file modification via malicious application | Cloud Foundry
Severity Critical Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using Cloud Controller version prior to 1.52.0 You are using cf-deployment version prior to 1.21.0 Description Cloud Foundry Cloud Controller, versions prior to 1.52.0, contains information...
USN-3464-1: Wget vulnerabilities | Cloud Foundry
USN-3464-1: Wget vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Antti Levomäki, Christian Jalio, and Joonas Pihlaja discovered that Wget incorrectly handled certain HTTP responses. A remote attacker could use this issue to cause Wget to crash,...
USN-3142-1: ImageMagick vulnerabilities | Cloud Foundry
USN-3142-1: ImageMagick vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a special...
USN-2767-1 GDK-Pixbuf library vulnerability | Cloud Foundry
USN-2767-1 GDK-Pixbuf library vulnerability Medium Vendor GDK Pixbuf Versions Affected Ubuntu 14.04 Description Gustavo Grieco discovered that the GDK-PixBuf library did not properly handle scaling tga image files, leading to a heap overflow. If a user or automated system were tricked into openin...
USN-6673-1: python-cryptography vulnerabilities | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing incorrect padding in RSA PKCS1 v1.5. A remote attacker could...
USN-6539-1: python-cryptography vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that the python-cryptography Cipher.updateinto function would incorrectly accept objects with immutable buffers. This would result in corrupted output, contrary to expectations. This iss...
USN-6429-1: curl vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description Jay Satiro discovered that curl incorrectly handled hostnames when using a SOCKS5 proxy. In environments where curl is configured to use a SOCKS5 proxy, a remote attacker could possibly use this issue to...
USN-6408-1: libXpm vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description Yair Mizrahi discovered that libXpm incorrectly handled certain malformed XPM image files. If a user were tricked into opening a specially crafted XPM image file, a remote attacker could possibly use this...
USN-5631-1: libjpeg-turbo vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that libjpeg-turbo incorrectly handled certain EOF characters. An attacker could possibly use this issue to cause libjpeg-turbo to consume resource, leading to a denial of service. This...
USN-5486-1: Intel Microcode vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that some Intel processors did not implement sufficient control flow management. A local attacker could use this to cause a denial of service. CVE-2021-0127 Joseph Nuzman discovered that...
USN-5391-1: libsepol vulnerabilities | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Nicolas Iooss discovered that libsepol incorrectly handled memory when handling policies. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, ...
USN-5328-2: OpenSSL vulnerabilityUSN-5328-2: OpenSSL vulnerability | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description USN-5328-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Tavis Ormandy discovered that OpenSSL...
USN-5136-1: Linux kernel vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Several security issues were fixed in the Linux kernel. CVEs contained in this USN include: CVE-2021-38199, CVE-2021-3743, CVE-2021-3753, CVE-2021-3759, CVE-2019-19449,...
USN-4883-1: Linux kernel vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description Adam Nichols discovered that heap overflows existed in the iSCSI subsystem in the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...
USN-4672-1: unzip vulnerabilities | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Rene Freingruber discovered that unzip incorrectly handled certain specially crafted password protected ZIP archives. If a user or automated system using unzip...
CVE-2019-11247: Kubernetes API Server Vulnerability | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Description The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and ro...
USN-3891-1: systemd vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that systemd incorrectly handled certain D-Bus messages. A local unprivileged attacker could exploit this in order to crash the init process, resulting in a system...
USN-3424-1: libxml2 vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that a type confusion error existed in libxml2. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code...
USN-3349-1: NTP vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Yihan Lian discovered that NTP incorrectly handled certain large request data values. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue on...
Multiple Node.js Vulnerabilities | Cloud Foundry
Severity High Vendor Node.js Versions Affected Node.js: 4.x versions prior to 4.8.4 6.x versions prior to 6.11.1 7.x versions prior to 7.10.1 8.x versions prior to 8.1.4 Description All current versions of v4.x through to v8.x inclusive are vulnerable to an issue that can be used by an external...
USN-3276-2: shadow regression | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3276-1 intended to fix a vulnerability in su. The solution introduced a regression in su signal handling. This update modifies the security fix. We apologize for the inconvenience. Original advisory...
CVE-2016-6662 - Multiple MySQL Vulnerabilities | Cloud Foundry
CVE-2016-6662 – Multiple MySQL Vulnerabilities Medium Vendor Cloud Foundry Foundation, MariaDB Versions Affected MariaDB versions prior to 10.1.17 cf-mysql versions prior to v29 Description The Cloud Foundry MySQL team recently completed an upgrade of MariaDB to 10.1.17, which includes a large...
USN 3020-1 Linux kernel (Vivid HWE) vulnerabilities | Cloud Foundry
USN 3020-1 Linux kernel Vivid HWE vulnerabilities Low – High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility...
CVE-2016-4435 BOSH Agent Anonymous Endpoint | Cloud Foundry
CVE-2016-4435 BOSH Agent Anonymous Endpoint Medium Vendor Cloud Foundry Foundation Versions Affected BOSH stemcell versions prior to 3232.6 and 3146.13 Description An endpoint of the Agent running on the BOSH Director VM may allow unauthenticated clients to read or write blobs or cause a denial o...
USN-2711-1 Net-SNMP Vulnerabilities | Cloud Foundry
USN-2711-1 Net-SNMP Vulnerabilities Low to Medium Vendor Canonical Ubuntu Versions Affected libsnmp30 5.7.2dfsg-8.1ubuntu3.1 Description Net-SNMP could be made to crash or run programs if it received specially crafted network traffic. It was discovered that Net-SNMP incorrectly handled certain tr...
CVE-2014-8159 - Linux Kernel Infiniband Vulnerability | Cloud Foundry
CVE-2014-8159 – Linux Kernel Infiniband Vulnerability High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 10.04 LTS and 14.04 LTS Description It was found that the Linux kernel’s Infiniband subsystem did not properly sanitize input parameters while registering memory regions from the...
USN-6302-1: Vim vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to cras...
USN-5696-1: MySQL vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.31 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Ubunt...
USN-5051-3: OpenSSL vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description USN-5051-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for the openssl1.0 package in Ubuntu 18.04 LTS. Original advisory details: Ingo Schwarze discovered that OpenSSL...
USN-4985-1: Intel Microcode vulnerabilities | Cloud Foundry
Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that some Intel processors may not properly invalidate cache entries used by Intel Virtualization Technology for Directed I/O VT-d. This may...
USN-4982-1: Linux kernel vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Kiyin 尹亮 discovered that the NFC LLCP protocol implementation in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service system crash...
USN-4877-1: Linux kernel vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description It was discovered that the Marvell WiFi-Ex device driver in the Linux kernel did not properly validate ad-hoc SSIDs. A local attacker could use this to cause a denial of service system crash or possibly...
USN-4385-2: Intel Microcode regression | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Description USN-4385-1 provided updated Intel Processor Microcode. Unfortunately, that update prevented certain processors in the Intel Skylake family 064EH from booting successfully...
USN-4164-1: Libxslt vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that Libxslt incorrectly handled certain documents. An attacker could possibly use this issue to access sensitive information. This issue no...