Lucene search
K

36 matches found

NVD
NVD
added 3 days ago8 views

CVE-2026-47830

Incorrect Permission Assignment in BOSH.Utils.psm1 in BOSH-Ecosystem bosh-windows-stemcell-builder allows low-privilege authenticated users to overwrite C:\bosh\servicewrapper.exe or C:\bosh\bosh-agent.exe and gain NT AUTHORITY\SYSTEM on the next service restart or reboot. This can lead to full...

8.8CVSS0.001EPSS
Exploits0References1
NVD
NVD
added 3 days ago7 views

CVE-2026-47831

Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via TCP/22. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98...

7.7CVSS0.00191EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago9 views

EUVD-2026-42517

Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via TCP/22. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98...

7.7CVSS7.1AI score0.00191EPSS
Exploits0References1
CVE
CVE
added 3 days ago13 views

CVE-2026-47831

The vulnerability affects bosh-windows-stemcell-builder. The GenerateRandomPassword function uses a cryptographically weak RNG, enabling a remote attacker to brute-force SSH logins over TCP/22. Affected versions are prior to v2019.98. Mitigation: upgrade to v2019.98 or later. CVSS metrics indicat...

7.7CVSS7.1AI score0.00191EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago37 views

CVE-2026-47831 Cryptographically Weak Password Generation in bosh-windows-stemcell-builder Allows Remote SSH Brute-Force Attacks

Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via TCP/22. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98...

7.7CVSS0.00191EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-42516

Incorrect Permission Assignment in BOSH.Utils.psm1 in BOSH-Ecosystem bosh-windows-stemcell-builder allows low-privilege authenticated users to overwrite C:\bosh\servicewrapper.exe or C:\bosh\bosh-agent.exe and gain NT AUTHORITY\SYSTEM on the next service restart or reboot. This can lead to full...

8.8CVSS7.2AI score0.001EPSS
Exploits0References1
CVE
CVE
added 3 days ago11 views

CVE-2026-47830

CVE-2026-47830 affects bosh-windows-stemcell-builder (Cloud Foundry Foundation). The issue is Incorrect Permission Assignment in BOSH.Utils.psm1 that lets low-privileged authenticated users overwrite C:\bosh\service_wrapper.exe or C:\bosh\bosh-agent.exe, enabling them to gain NT AUTHORITY\SYSTEM ...

8.8CVSS7.2AI score0.001EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-47830

Incorrect Permission Assignment in BOSH.Utils.psm1 in BOSH-Ecosystem bosh-windows-stemcell-builder allows low-privilege authenticated users to overwrite C:\bosh\servicewrapper.exe or C:\bosh\bosh-agent.exe and gain NT AUTHORITY\SYSTEM on the next service restart or reboot. This can lead to full...

8.8CVSS7.2AI score0.001EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-47830 Incorrect Permission Assignment Allows Local Privilege Escalation to SYSTEM via Executable Overwrite

Incorrect Permission Assignment in BOSH.Utils.psm1 in BOSH-Ecosystem bosh-windows-stemcell-builder allows low-privilege authenticated users to overwrite C:\bosh\servicewrapper.exe or C:\bosh\bosh-agent.exe and gain NT AUTHORITY\SYSTEM on the next service restart or reboot. This can lead to full...

8.8CVSS0.001EPSS
Exploits0References1
Cloud Foundry
Cloud Foundry
added 4 days ago5 views

CVE-2026-47830 - Incorrect Permission Assignment Allows Local Privilege Escalation to SYSTEM via Executable Overwrite | Cloud Foundry

High CVSSv4: High 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSSv3: High 8.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Vendor Cloud Foundry Foundation Versions Affected Severity is High unless otherwise noted. bosh-windows-stemcell-builder – All versions prior to...

8.8CVSS6AI score0.001EPSS
Exploits0
Cloud Foundry
Cloud Foundry
added 4 days ago5 views

CVE-2026-47831 - Cryptographically Weak Password Generation in bosh-windows-stemcell-builder Allows Remote SSH Brute-Force Attacks | Cloud Foundry

High CVSSv4: High 7.7 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSSv3: High 7.5 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Vendor Cloud Foundry Foundation Versions Affected Severity is High unless otherwise noted. bosh-windows-stemcell-builder – All versions prior to...

7.7CVSS6AI score0.00191EPSS
Exploits0
Cloud Foundry
Cloud Foundry
added 2020/05/14 12:0 a.m.70 views

USN-4318-1: Linux kernel vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly expose sensitive...

7.1CVSS6.8AI score0.00655EPSS
Exploits1Affected Software1
Prion
Prion
added 2017/05/25 5:29 p.m.23 views

Code injection

An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM. This vulnerability requires that the unauthenticated clients guess or find a...

6.8CVSS7.2AI score0.00876EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2017/05/25 5:29 p.m.20 views

CVE-2016-4435

An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM. This vulnerability requires that the unauthenticated clients guess or find a...

9CVSS8.9AI score0.00876EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/05/25 5:0 p.m.27 views

CVE-2016-4435

An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM. This vulnerability requires that the unauthenticated clients guess or find a...

9AI score0.00876EPSS
Exploits0References1
CNVD
CNVD
added 2017/04/26 12:0 a.m.5 views

Pivotal Software Cloud Foundry Foundation BOSH Azure CPI Code Injection Vulnerability

Pivotal Software Cloud Foundry Foundation BOSH Azure CPI is a set of open source tools for deployment and lifecycle management of distributed systems from Pivotal Software, USA. A code injection vulnerability exists in version v22 of Pivotal Software Cloud Foundry Foundation BOSH Azure CPI. An...

8.8CVSS8.1AI score0.00462EPSS
Exploits0References1
Cloud Foundry
Cloud Foundry
added 2016/03/24 12:0 a.m.71 views

USN-2914-1 OpenSSL vulnerabilities | Cloud Foundry

USN-2914-1 OpenSSL vulnerabilities Low Vendor Ubuntu, OpenSSL Versions Affected Ubuntu 14.04 LTS SSLv1 Description Several security issues were fixed in OpenSSL. Yuval Yarom, Daniel Genkin, and Nadia Heninger discovered that OpenSSL was vulnerable to a side-channel attack on modular exponentiatio...

10CVSS8.9AI score0.32414EPSS
Exploits1
Cloud Foundry
Cloud Foundry
added 2016/01/22 12:0 a.m.13 views

USN-2871-1 Linux kernel vulnerability | Cloud Foundry

USN-2871-1 Linux kernel vulnerability High Vendor Ubuntu Versions Affected Ubuntu 14.04 Description Yevgeny Pats discovered that the session keyring implementation in the Linux kernel did not properly reference count when joining an existing session keyring. A local attacker could use this to cau...

8.2AI score
Exploits0
Cloud Foundry
Cloud Foundry
added 2016/01/19 12:0 a.m.13 views

USN-2869-1 OpenSSH vulnerability | Cloud Foundry

USN-2869-1 OpenSSH vulnerability High Vendor OpenSSH Versions Affected Ubuntu 14.04 Description It was discovered that the OpenSSH client experimental support for resuming connections contained multiple security issues. A malicious server could use this issue to leak client memory to the server,...

7.2AI score
Exploits0
Cloud Foundry
Cloud Foundry
added 2016/01/19 12:0 a.m.11 views

USN-2865-1 GnuTLS vulnerability | Cloud Foundry

USN-2865-1 GnuTLS vulnerability Medium Vendor GnuTLS Versions Affected Ubuntu 14.04 Description Karthikeyan Bhargavan and Gaetan Leurent discovered that GnuTLS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a man-in-the-middle attack, this fl...

6.9AI score
Exploits0
Rows per page
Query Builder