Lucene search
+L

439 matches found

EUVD
EUVD
added 2026/06/04 1:40 a.m.21 views

EUVD-2026-34192

CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM. HttpRequestHelpercreateasyncendpoint and sendhttpgetrequestsynchronous hard-code OpenSSL::SSL::VERIFYNONE, enabling an attacker to intercept traffic between bosh-monitor and the BOSH...

8.8CVSS5.8AI score0.00074EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.22 views

PT-2026-46131

PackagePersister.validate tgz builds "tar -tf tgz 2&1" where tgz = File.joinrelease dir, 'packages', "name.tgz" and name = package meta'name' comes directly from release.MF inside the uploaded tarball. The string is passed to Bosh::Common::Exec.sh, which executes via %x — i.e., /bin/sh -c. No...

8.7CVSS5.8AI score0.00116EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.18 views

PT-2026-46133

A network man-in-the-middle between nats-sync and the BOSH director can steal the director credentials Basic auth header or UAA client secret and can tamper with the VM list that is written into the NATS authorization file. Stolen credentials grant administrative director access. UsersSyncbosh ap...

7.8CVSS5.8AI score0.00098EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.16 views

PT-2026-46134

Name of the Vulnerable Software and Affected Versions BOSH versions prior to 282.1.9 Description An issue in BOSH allows a local attacker to perform Man-in-the-Middle MITM attacks to steal Basic-auth credentials or redirect UAA token requests. This occurs because the create async endpoint and sen...

8.8CVSS5.5AI score0.00074EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.10 views

Cloud Foundry BOSH Director 安全漏洞

Cloud Foundry BOSH Director is a cloud infrastructure deployment and lifecycle management platform developed by the US Cloud Foundry company. All versions of Cloud Foundry BOSH Director, as well as previous versions, have security vulnerabilities. These vulnerabilities stem from the use of the na...

8.7CVSS5.5AI score0.00122EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.12 views

Cloud Foundry BOSH 安全漏洞

Cloud Foundry BOSH is a cloud infrastructure automation platform developed by the US-based Cloud Foundry company. All versions of Cloud Foundry BOSH, as well as previous versions, have security vulnerabilities. These vulnerabilities stem from the name parameter in PackagePersister.validatetgz bei...

8.7CVSS5.5AI score0.00116EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.12 views

Cloud Foundry BOSH 安全漏洞

Cloud Foundry BOSH is a cloud infrastructure automation platform developed by the American Cloud Foundry company. All versions of Cloud Foundry BOSH, as well as previous versions, have security vulnerabilities. These vulnerabilities stem from the hardcoded SSL verification disabled in...

8.8CVSS5.4AI score0.00074EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.18 views

PT-2026-46136

ReleaseJobunpack builds job dir = File.join@release dir, 'jobs', name and job tgz = File.join@release dir, 'jobs', "name.tgz" where name returns @job meta'name', a value taken verbatim from the jobs: array of the attacker-supplied release.MF inside the uploaded tarball. These paths are then...

8.7CVSS5.9AI score0.00122EPSS
Exploits0References2
Cloud Foundry
Cloud Foundry
added 2026/06/02 12:0 a.m.10 views

CVE-2026-41010 - Release Job Name Command Injection on BOSH Director | Cloud Foundry

CVSSv4: High 8.7 CVSS:4.0:/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVSSv3: High 8.2 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Vendor Cloud Foundry Foundation Versions Affected Severity is HIGH unless otherwise noted. BOSH Director – All versions prior to v282.1.12 Description...

8.7CVSS6AI score0.00122EPSS
Exploits0
Cloud Foundry
Cloud Foundry
added 2026/06/02 12:0 a.m.9 views

CVE-2026-41011 - Package Name Command Injection | Cloud Foundry

CVSSv4: High 8.7 CVSS:4.0: /AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVSSv3: High 8.2 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Vendor Cloud Foundry Foundation Versions Affected Severity is HIGH unless otherwise noted. BOSH – All versions prior to v282.1.12 Description...

8.7CVSS5.8AI score0.00116EPSS
Exploits0
Cloud Foundry
Cloud Foundry
added 2026/06/01 12:0 a.m.11 views

CVE-2026-41860 - Missing tls-verify on bosh-monitor | Cloud Foundry

High CVSS Score: High 7.1 CVSSv4: High 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:H/SA:H CVSSv3: High 8.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HVendor Cloud Foundry Foundation / BOSH Versions Affected Severity is High unless otherwise noted. BOSH – All versions prior to...

8.8CVSS5.8AI score0.00074EPSS
Exploits0
Cloud Foundry
Cloud Foundry
added 2026/06/01 12:0 a.m.10 views

CVE-2026-41858 - Brute forceable windows admin creds | Cloud Foundry

CVSS score: 6.5 Medium CVSS:3/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Vendor CloudFoundry Foundation Versions Affected Severity is HIGH unless otherwise noted. windows-utilities-release – All versions prior to v0.23.0 Description Weak Randomness / Insecure Cryptographic Primitive CWE-338 in...

7.5CVSS5.8AI score0.00245EPSS
Exploits0
Cloud Foundry
Cloud Foundry
added 2026/06/01 12:0 a.m.13 views

CVE-2026-41859 - Missing TLS in NATS sync | Cloud Foundry

CVSS Score: High 7.1 CVSSv4: High 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:H/SA:H CVSSv3: High 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Vendor Cloudfoundry Foundation / BOSH Versions Affected Severity is High unless otherwise noted. BOSH – All versions prior to v282.1....

7.8CVSS5.8AI score0.00098EPSS
Exploits0
NVD
NVD
added 2026/05/27 8:16 a.m.23 views

CVE-2026-41009

When the director sends a long-running request e.g. compilepackage, the agent's reply JSON is consumed by AgentClient. injectcompilelog line 332-339 reads response'value''result''compilelogid' and formatexception line 318-325 reads exception'blobstoreid'; both pass the agent-supplied string...

5.8CVSS0.00099EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 6:45 a.m.9 views

CVE-2026-41009 Local Blobstore may allow arbitrary reads/deletes

When the director sends a long-running request e.g. compilepackage, the agent's reply JSON is consumed by AgentClient. injectcompilelog line 332-339 reads response'value''result''compilelogid' and formatexception line 318-325 reads exception'blobstoreid'; both pass the agent-supplied string...

5.8CVSS5.8AI score0.00099EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.13 views

Cloud Foundry BOSH Director 安全漏洞

Cloud Foundry BOSH Director is a cloud infrastructure deployment and lifecycle management platform developed by the US Cloud Foundry company. There is a security vulnerability in Cloud Foundry BOSH Director. This vulnerability stems from the AgentClient failing to normalize the strings provided b...

5.8CVSS5.8AI score0.00099EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.17 views

PT-2026-43566

Name of the Vulnerable Software and Affected Versions BOSH Director versions prior to v282.1.12 Description When the director sends a long-running request, such as compile package, the agent's reply JSON is processed by AgentClient. The functions inject compile log and format exception read the...

5.8CVSS5.5AI score0.00099EPSS
Exploits0References3
Cloud Foundry
Cloud Foundry
added 2026/05/26 12:0 a.m.13 views

CVE-2026-41009 - Local Blobstore may allow arbitrary reads/deletes | Cloud Foundry

MEDIUM CVSSv4: Medium 4.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:L CVSSv3: Medium 5.8 CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:L Vendor Cloud Foundry Foundation Versions Affected Severity is MEDIUM unless otherwise noted. BOSH Director – All versions prior to v282.1.12...

5.8CVSS6.2AI score0.00099EPSS
Exploits0
Cloud Foundry
Cloud Foundry
added 2026/05/26 12:0 a.m.11 views

CVE-2026-41704 - Compromised VM can make arbitrary blobstore deletes | Cloud Foundry

MEDIUM CVSS 4.0 Score: 6.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:H CVSS 3.1 Score: 5.0 CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N Vendor Cloud Foundry Foundation Versions Affected Severity is MEDIUM unless otherwise noted. BOSH Director – All versions prior to v282.1.12...

6.8CVSS6AI score0.00083EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-13417

Malware in sbrugna...

7.7CVSS7.2AI score0.00592EPSS
Exploits0References2
Rows per page
Query Builder