Total
46 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-27561 | 2 Linuxfoundation, Redhat | 3 Runc, Enterprise Linux, Openshift Container Platform | 2023-03-10 | N/A | 7.0 HIGH |
runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression. | |||||
CVE-2019-19921 | 5 Canonical, Debian, Linuxfoundation and 2 more | 5 Ubuntu Linux, Debian Linux, Runc and 2 more | 2023-03-01 | 4.4 MEDIUM | 7.0 HIGH |
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.) | |||||
CVE-2022-27778 | 3 Haxx, Netapp, Oracle | 18 Curl, Active Iq Unified Manager, Bh500s Firmware and 15 more | 2023-02-28 | 5.8 MEDIUM | 8.1 HIGH |
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`. | |||||
CVE-2020-12279 | 2 Debian, Libgit2 | 2 Debian Linux, Libgit2 | 2023-02-23 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353. | |||||
CVE-2020-12278 | 2 Debian, Libgit2 | 2 Debian Linux, Libgit2 | 2023-02-23 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352. | |||||
CVE-2020-35566 | 2 Helmholz, Mbconnectline | 4 Myrex24, Myrex24.virtual, Mbconnect24 and 1 more | 2023-02-15 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion. | |||||
CVE-2020-15505 | 1 Mobileiron | 4 Core, Enterprise Connector, Monitor And Reporting Database and 1 more | 2023-01-27 | 7.5 HIGH | 9.8 CRITICAL |
A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2022-30257 | 1 Technitium | 1 Dns Server | 2022-11-28 | N/A | 9.8 CRITICAL |
An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because the exploitation conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for "Ghost" domain names. | |||||
CVE-2022-30258 | 1 Technitium | 1 Dns Server | 2022-11-28 | N/A | 9.8 CRITICAL |
An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because the exploitation conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for "Ghost" domain names. | |||||
CVE-2022-41874 | 1 Tauri | 1 Tauri | 2022-11-15 | N/A | 4.7 MEDIUM |
Tauri is a framework for building binaries for all major desktop platforms. In versions prior to 1.0.7 and 1.1.2, Tauri is vulnerable to an Incorrectly-Resolved Name. Due to incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionality, it is possible to partially bypass the `fs` scope definition. It is not possible to traverse into arbitrary paths, as the issue is limited to neighboring files and sub folders of already allowed paths. The impact differs on Windows, MacOS and Linux due to different specifications of valid path characters. This bypass depends on the file picker dialog or dragged files, as user selected paths are automatically added to the allow list at runtime. A successful bypass requires the user to select a pre-existing malicious file or directory during the file picker dialog and an adversary controlled logic to access these files. The issue has been patched in versions 1.0.7, 1.1.2 and 1.2.0. As a workaround, disable the dialog and fileDropEnabled component inside the tauri.conf.json. | |||||
CVE-2021-24122 | 3 Apache, Debian, Oracle | 3 Tomcat, Debian Linux, Agile Plm | 2022-10-24 | 4.3 MEDIUM | 5.9 MEDIUM |
When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances. | |||||
CVE-2021-22924 | 6 Debian, Fedoraproject, Haxx and 3 more | 52 Debian Linux, Fedora, Libcurl and 49 more | 2022-08-28 | 4.3 MEDIUM | 3.7 LOW |
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate. | |||||
CVE-2021-39156 | 1 Istio | 1 Istio | 2022-08-12 | 5.0 MEDIUM | 7.5 HIGH |
Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio 1.11.0, 1.10.3 and below, and 1.9.7 and below contain a remotely exploitable vulnerability where an HTTP request with `#fragment` in the path may bypass Istio’s URI path based authorization policies. Patches are available in Istio 1.11.1, Istio 1.10.4 and Istio 1.9.8. As a work around a Lua filter may be written to normalize the path. | |||||
CVE-2019-0220 | 5 Apache, Canonical, Debian and 2 more | 5 Http Server, Ubuntu Linux, Debian Linux and 2 more | 2022-07-25 | 5.0 MEDIUM | 5.3 MEDIUM |
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them. | |||||
CVE-2022-30621 | 1 Cellinx | 2 Cellinx Nvt - Ip Ptz Camera, Cellinx Nvt - Ip Ptz Camera Firmware | 2022-07-22 | N/A | 6.5 MEDIUM |
Allows a remote user to read files on the camera's OS "GetFileContent.cgi". Reading arbitrary files on the camera's OS as root user. | |||||
CVE-2021-27306 | 1 Konghq | 1 Kong Gateway | 2022-07-12 | 4.3 MEDIUM | 7.5 HIGH |
An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT. | |||||
CVE-2021-31920 | 1 Istio | 1 Istio | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used. | |||||
CVE-2021-40856 | 1 Auerswald | 6 Comfortel 1400 Ip, Comfortel 1400 Ip Firmware, Comfortel 2600 Ip and 3 more | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the /about/../ substring. | |||||
CVE-2022-31089 | 1 Parseplatform | 1 Parse-server | 2022-07-07 | 5.0 MEDIUM | 7.5 HIGH |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions certain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a cluster, the availability impact may be low; if you are running Parse Server as single instance without redundancy, the availability impact may be high. This issue has been addressed in versions 4.10.12 and 5.2.3. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
CVE-2022-29448 | 1 Wow-estore | 1 Herd Effects | 2022-05-26 | 4.0 MEDIUM | 4.9 MEDIUM |
Authenticated (admin or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Herd Effects plugin <= 5.2 at WordPress. |