2293 matches found
Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center
Overview Multiple vulnerabilities have been found in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center. CVE-2026-22007, CVE-2026-22013, CVE-2026-22016, CVE-2026-22018, CVE-2026-22021, CVE-2026-23865,...
Cloud Foundry BOSH Director 安全漏洞
Cloud Foundry BOSH Director is a cloud infrastructure deployment and lifecycle management platform developed by the US Cloud Foundry company. There is a security vulnerability in Cloud Foundry BOSH Director. This vulnerability stems from the AgentClient failing to normalize the strings provided b...
Cloud Foundry BOSH Director 安全漏洞
Cloud Foundry BOSH Director is a cloud infrastructure deployment and lifecycle management platform developed by the US Cloud Foundry company. Versions of Cloud Foundry BOSH Director prior to v282.1.12 contained security vulnerabilities. These vulnerabilities stemmed from AgentClient not performin...
PT-2026-43566
Name of the Vulnerable Software and Affected Versions BOSH Director versions prior to v282.1.12 Description When the director sends a long-running request, such as compile package, the agent's reply JSON is processed by AgentClient. The functions inject compile log and format exception read the...
PT-2026-43567
Name of the Vulnerable Software and Affected Versions BOSH Director versions prior to 282.1.12 Description The AgentClienthandle method processes NATS replies and invokes inject compile log for every response, which reads the compile log id from response'value''result''compile log id' and passes ...
CVE-2026-41009 - Local Blobstore may allow arbitrary reads/deletes | Cloud Foundry
MEDIUM CVSSv4: Medium 4.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:L CVSSv3: Medium 5.8 CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:L Vendor Cloud Foundry Foundation Versions Affected Severity is MEDIUM unless otherwise noted. BOSH Director – All versions prior to v282.1.12...
CVE-2026-41704 - Compromised VM can make arbitrary blobstore deletes | Cloud Foundry
MEDIUM CVSS 4.0 Score: 6.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:H CVSS 3.1 Score: 5.0 CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N Vendor Cloud Foundry Foundation Versions Affected Severity is MEDIUM unless otherwise noted. BOSH Director – All versions prior to v282.1.12...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: i40e: Fixed queue reservation for XDP When XDP was configured on a system with a large number of CPUs and X722 NIC, there was a call trace involving a NULL pointer dereference. i40e 0000:87:00.0: Failed to obtain tracking for...
Astra Linux – Vulnerability in Bacula
In Bareos Director versions 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow vulnerability allows a malicious client to corrupt the director’s memory by sending overly large digest strings during the initialization of a verify job. Disabling verify jobs can mitigate this problem. This issue h...
CVE-2026-39825
ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery...
UBUNTU-CVE-2026-39825
ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery...
CVE-2026-39825 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil
ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery...
Information Exposure
Overview std/net/http/httputil is a Go standard library package std/net/http/httputil Affected versions of this package are vulnerable to Information Exposure. Go Vulnerability Report: ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrit...
EUVD-2026-27851
A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to retrieve files that they do not have permission to access. This vulnerability is due to insufficient file access checks. An attacker could...
EUVD-2026-27854
A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to access files and execute commands on a remote router. This vulnerability is due to insufficient input validation of user-supplied data. An...
EUVD-2026-27850
A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to cause a DoS condition on a remotely managed router. This vulnerability is due to improper error handling. An attacker could exploit this...
CVE-2026-20167
A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to cause a DoS condition on a remotely managed router. This vulnerability is due to improper error handling. An attacker could exploit this...
CVE-2026-20168
A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to retrieve files that they do not have permission to access. This vulnerability is due to insufficient file access checks. An attacker could...
CVE-2026-20169
A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to access files and execute commands on a remote router. This vulnerability is due to insufficient input validation of user-supplied data. An...
CVE-2026-20167 Cisco IoT Field Network Director Remote Device Denial of Service Vulnerability
A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to cause a DoS condition on a remotely managed router. This vulnerability is due to improper error handling. An attacker could exploit this...