Search
Total
13 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27561 | 3 Debian, Linuxfoundation, Redhat | 4 Debian Linux, Runc, Enterprise Linux and 1 more | 2023-08-16 | N/A | 7.0 HIGH |
| runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression. | |||||
| CVE-2019-19921 | 5 Canonical, Debian, Linuxfoundation and 2 more | 5 Ubuntu Linux, Debian Linux, Runc and 2 more | 2023-08-16 | 4.4 MEDIUM | 7.0 HIGH |
| runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.) | |||||
| CVE-2022-27778 | 1 Haxx | 1 Curl | 2022-07-29 | 5.8 MEDIUM | 8.1 HIGH |
| A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`. | |||||
| CVE-2021-27306 | 1 Konghq | 1 Kong Gateway | 2022-07-12 | 4.3 MEDIUM | 7.5 HIGH |
| An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT. | |||||
| CVE-2021-40856 | 1 Auerswald | 6 Comfortel 1400 Ip, Comfortel 1400 Ip Firmware, Comfortel 2600 Ip and 3 more | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the /about/../ substring. | |||||
| CVE-2022-31089 | 1 Parseplatform | 1 Parse-server | 2022-07-07 | 5.0 MEDIUM | 7.5 HIGH |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions certain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a cluster, the availability impact may be low; if you are running Parse Server as single instance without redundancy, the availability impact may be high. This issue has been addressed in versions 4.10.12 and 5.2.3. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-29445 | 1 Wow-estore | 1 Popup Box | 2022-05-26 | 6.5 MEDIUM | 7.2 HIGH |
| Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Popup Box plugin <= 2.1.2 at WordPress. | |||||
| CVE-2018-12020 | 4 Canonical, Debian, Gnupg and 1 more | 9 Ubuntu Linux, Debian Linux, Gnupg and 6 more | 2021-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes. | |||||
| CVE-2020-26233 | 1 Microsoft | 1 Git Credential Manager Core | 2021-02-18 | 3.6 LOW | 7.3 HIGH |
| Git Credential Manager Core (GCM Core) is a secure Git credential helper built on .NET Core that runs on Windows and macOS. In Git Credential Manager Core before version 2.0.289, when recursively cloning a Git repository on Windows with submodules, Git will first clone the top-level repository and then recursively clone all submodules by starting new Git processes from the top-level working directory. If a malicious git.exe executable is present in the top-level repository then this binary will be started by Git Credential Manager Core when attempting to read configuration, and not git.exe as found on the %PATH%. This only affects GCM Core on Windows, not macOS or Linux-based distributions. GCM Core version 2.0.289 contains the fix for this vulnerability, and is available from the project's GitHub releases page. GCM Core 2.0.289 is also bundled in the latest Git for Windows release; version 2.29.2(3). As a workaround, users should avoid recursively cloning untrusted repositories with the --recurse-submodules option. | |||||
| CVE-2020-35894 | 1 Obstack Project | 1 Obstack | 2021-01-07 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the obstack crate before 0.1.4 for Rust. Unaligned references can occur. | |||||
| CVE-2019-0571 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0572, CVE-2019-0573, CVE-2019-0574. | |||||
| CVE-2019-1351 | 2 Microsoft, Opensuse | 3 Visual Studio 2017, Visual Studio 2019, Leap | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'. | |||||
| CVE-2019-9616 | 1 Ofcms Project | 1 Ofcms | 2020-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadScrawl URI. | |||||