171 matches found
CVE-2026-44371
Open OnDemand is an open-source high-performance computing portal. Prior to 4.0.11, 4.1.5, and 4.2.2, specially crafted filenames can execute javascript in the file browser This vulnerability is fixed in 4.0.11, 4.1.5, and 4.2.2...
CVE-2026-44371
Open OnDemand is an open-source high-performance computing portal. Prior to 4.0.11, 4.1.5, and 4.2.2, specially crafted filenames can execute javascript in the file browser This vulnerability is fixed in 4.0.11, 4.1.5, and 4.2.2...
CVE-2026-44371
Open OnDemand is an open-source high-performance computing portal. Prior to 4.0.11, 4.1.5, and 4.2.2, specially crafted filenames can execute javascript in the file browser This vulnerability is fixed in 4.0.11, 4.1.5, and 4.2.2...
CVE-2026-26002 OnDemand susceptible to malicious input when navigating to a directory.
Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory. This has been patched in versions 4.0.9 and 4.1.3. Versions below this remain susceptible...
CVE-2026-26002 OnDemand susceptible to malicious input when navigating to a directory.
Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory. This has been patched in versions 4.0.9 and 4.1.3. Versions below this remain susceptible...
EUVD-2026-9500
Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory. This has been patched in versions 4.0.9 and 4.1.3. Versions below this remain susceptible...
CVE-2026-26002
Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory. This has been patched in versions 4.0.9 and 4.1.3. Versions below this remain susceptible...
CVE-2026-26002 OnDemand susceptible to malicious input when navigating to a directory.
Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory. This has been patched in versions 4.0.9 and 4.1.3. Versions below this remain susceptible...
CVE-2026-26002
CVE-2026-26002 affects the Open OnDemand Files application. Versions prior to 4.0.9 and 4.1.3 are susceptible to malicious input when navigating to a directory. This issue has been patched in 4.0.9 and 4.1.3; versions below these remain vulnerable. Remediation: upgrade to 4.0.9 or 4.1.3 or later ...
Open OnDemand 注入漏洞
Open OnDemand is an open-source software developed by the Ohio Supercomputer Center, designed for open-ended interactive HPC through web-based interfaces. Versions of Open OnDemand prior to 4.0.9 and 4.1.3 contained a vulnerability due to improper handling of malicious inputs by the Files...
ROS-20260113-7395
A vulnerability in the interface.c and ondemand.c components of the Linux kernel is related to pointer dereferencing errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20260112-7350
A vulnerability in the ondemand.c component of the Linux operating system kernel is related to improper control of resource identifiers. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
CVE-2025-66029
Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin servers. This means malicious users can create an origin server on a compute node that record these headers when unsuspecting users connect to...
CVE-2025-66029
Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin servers. This means malicious users can create an origin server on a compute node that record these headers when unsuspecting users connect to...
CVE-2025-66029 Open OnDemand affected by Apache proxy passing sensitive headers
Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin servers. This means malicious users can create an origin server on a compute node that record these headers when unsuspecting users connect to...
EUVD-2025-204011
Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin servers. This means malicious users can create an origin server on a compute node that record these headers when unsuspecting users connect to...
CVE-2025-66029 Open OnDemand affected by Apache proxy passing sensitive headers
Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin servers. This means malicious users can create an origin server on a compute node that record these headers when unsuspecting users connect to...
CVE-2025-66029
Open OnDemand (prior to 4.1) is affected: the Apache proxy in 4.0.8 and earlier may pass sensitive headers to origin servers, enabling an attacker to set up an origin server on a compute node that records headers when users connect. A fix is expected in the 4.1 release; for 4.0.x workarounds exis...
Open OnDemand 安全漏洞
Open OnDemand is an open source implementation of Open Interactive HPC over the Web from Ohio Supercomputer Center. A security vulnerability exists in Open OnDemand 4.0.8 and earlier versions, which originates when the Apache proxy passes sensitive headers to the origin server, potentially leadin...
PT-2025-51973
Name of the Vulnerable Software and Affected Versions Open OnDemand versions prior to 4.1 Description Open OnDemand provides remote web access to supercomputers. The Apache proxy in versions 4.0.8 and earlier allows sensitive headers to be passed to origin servers. This could allow malicious user...