41 matches found
EUVD-2018-11894
Malware in sbrugna...
EUVD-2016-3254
Malware in sbrugna...
EUVD-2018-11893
Malware in sbrugna...
EUVD-2017-5893
Malware in sbrugna...
EUVD-2023-25053
Malicious code in bioql PyPI...
CVE-2023-20881
Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This would allow the user ...
CVE-2023-20881
Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This would allow the user ...
CVE-2023-20881
Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This would allow the user ...
CVE-2023-20881
Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This would allow the user ...
Code injection
Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This would allow the user ...
PT-2023-17685 · Unknown · Loggregator-Agent +1
Name of the Vulnerable Software and Affected Versions: Cloud Foundry versions 1.140 through 1.152.0 loggregator-agent version 7 and later Description: The issue allows users to override other users' syslog drain credentials if they are aware of the client certificate used for that syslog drain...
Cloud Foundry CAPI 信任管理问题漏洞
Cloud Foundry CAPI is a cloud controller from the Cloud Foundry Foundation in the United States. A security vulnerability exists in Cloud Foundry CAPI versions 1.140 through 1.152.0, Loggregator-agent v7+, and CF Deployment versions 24.7.0 through 29.0.0, which originates in Cloud foundry instanc...
CVE-2023-20881
CVE-2023-20881 affects Cloud Foundry CAPI versions 1.140–1.152.0 and Loggregator-agent v7+. The issue allows a user who knows the syslog drain client certificate to override other users’ syslog drain credentials, potentially altering the private key or adding/modifying a Certificate Authority use...
CVE-2023-20881
Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This would allow the user ...
CVE-2019-17596: x509 parsing in Golang can cause panic | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Description Various Cloud Foundry components are written in Go and are therefore vulnerable to a denial of service attack. Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public...
CVE-2016-2183: Birthday attacks against TLS ciphers with 64bit block size | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Description Cloud Foundry BOSH System Metrics Server, all versions prior to v0.0.24 and Cloud Foundry Loggregator, 105.x versions prior to v105.6, support block ciphers with 64 bit block size. A remote unauthenticated malicious user can obtain clearte...
Cloud Foundry Loggregator Unauthorized Operation Vulnerability
Cloud Foundry Loggregator is a logging system used in the Cloud Foundry cloud computing platform from the Cloud Foundry Foundation in the United States. A security vulnerability exists in Cloud Foundry Loggregator that stems from the program failing to adequately validate the app GUID structure. ...
Cloud Foundry Loggregator Denial of Service Vulnerability
Cloud Foundry Loggregator is a logging system from the U.S. Cloud Foundry Foundation for use in the Cloud Foundry cloud computing platform. A security vulnerability exists in Cloud Foundry Loggregator, which arises from the program failing to properly close a TCP connection. A remote attacker cou...
Code injection
Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not validate app GUID structure in requests. A remote authenticated malicious user knowing the GUID of an app may construct malicious requests t...
Denial of service
Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not handle errors thrown while constructing certain http requests. A remote authenticated user may construct malicious requests to cause the...