Filtered by vendor Linuxfoundation
Subscribe
Total
187 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-3567 | 1 Linuxfoundation | 1 Osquery | 2020-03-06 | 9.3 HIGH | 8.1 HIGH |
| In some configurations an attacker can inject a new executable path into the extensions.load file for osquery and hard link a parent folder of a malicious binary to a folder with known 'safe' permissions. Under those circumstances osquery will load said malicious executable with SYSTEM permissions. The solution is to migrate installations to the 'Program Files' directory on Windows which restricts unprivileged write access. This issue affects osquery prior to v3.4.0. | |||||
| CVE-2019-16302 | 1 Linuxfoundation | 1 Open Network Operating System | 2020-02-25 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Open Network Operating System (ONOS) 1.14. In the Ethernet VPN application (org.onosproject.evpnopenflow), the host event listener does not handle the following event types: HOST_MOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | |||||
| CVE-2019-16301 | 1 Linuxfoundation | 1 Open Network Operating System | 2020-02-25 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual tenant network application (org.onosproject.vtn), the host event listener does not handle the following event types: HOST_MOVED. In combination with other applications, this could lead to the absence of intended code execution. | |||||
| CVE-2019-16299 | 1 Linuxfoundation | 1 Open Network Operating System | 2020-02-25 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Open Network Operating System (ONOS) 1.14. In the mobility application (org.onosproject.mobility), the host event listener does not handle the following event types: HOST_ADDED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | |||||
| CVE-2019-16300 | 1 Linuxfoundation | 1 Open Network Operating System | 2020-02-25 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Open Network Operating System (ONOS) 1.14. In the access control application (org.onosproject.acl), the host event listener does not handle the following event types: HOST_REMOVED. In combination with other applications, this could lead to the absence of intended code execution. | |||||
| CVE-2019-16298 | 1 Linuxfoundation | 1 Open Network Operating System | 2020-02-25 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual broadband network gateway application (org.onosproject.virtualbng), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | |||||
| CVE-2019-16297 | 1 Linuxfoundation | 1 Open Network Operating System | 2020-02-25 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Open Network Operating System (ONOS) 1.14. In the P4 tutorial application (org.onosproject.p4tutorial), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | |||||
| CVE-2020-6174 | 1 Linuxfoundation | 1 The Update Framework | 2020-02-07 | 7.5 HIGH | 9.8 CRITICAL |
| TUF (aka The Update Framework) through 0.12.1 has Improper Verification of a Cryptographic Signature. | |||||
| CVE-2020-6173 | 1 Linuxfoundation | 1 The Update Framework | 2020-01-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows Uncontrolled Resource Consumption. | |||||
| CVE-2010-5325 | 3 Linuxfoundation, Oracle, Redhat | 8 Foomatic-filters, Linux, Enterprise Linux and 5 more | 2019-12-27 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a long job title. | |||||
| CVE-2019-1010252 | 1 Linuxfoundation | 1 Open Network Operating System | 2019-07-29 | 5.5 MEDIUM | 4.9 MEDIUM |
| The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: applyFlowRules() and apply() functions in FlowRuleManager.java. The attack vector is: network management and connectivity. | |||||
| CVE-2019-1010234 | 1 Linuxfoundation | 1 Open Network Operating System | 2019-07-25 | 7.5 HIGH | 9.8 CRITICAL |
| The Linux Foundation ONOS 1.15.0 and ealier is affected by: Improper Input Validation. The impact is: The attacker can remotely execute any commands by sending malicious http request to the controller. The component is: Method runJavaCompiler in YangLiveCompilerManager.java. The attack vector is: network connectivity. | |||||
| CVE-2019-1010250 | 1 Linuxfoundation | 1 Open Network Operating System | 2019-07-25 | 5.5 MEDIUM | 4.9 MEDIUM |
| The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity. | |||||
| CVE-2019-1010249 | 1 Linuxfoundation | 1 Open Network Operating System | 2019-07-24 | 5.5 MEDIUM | 4.9 MEDIUM |
| The Linux Foundation ONOS 2.0.0 and earlier is affected by: Integer Overflow. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity. | |||||
| CVE-2015-8560 | 3 Canonical, Debian, Linuxfoundation | 4 Ubuntu Linux, Debian Linux, Cups-filters and 1 more | 2018-10-30 | 7.5 HIGH | 7.3 HIGH |
| Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327. | |||||
| CVE-2015-8327 | 4 Canonical, Debian, Linuxfoundation and 1 more | 9 Ubuntu Linux, Debian Linux, Cups-filters and 6 more | 2018-10-30 | 7.5 HIGH | N/A |
| Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job. | |||||
| CVE-2014-4337 | 1 Linuxfoundation | 1 Cups-filters | 2018-01-08 | 4.3 MEDIUM | N/A |
| The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data. | |||||
| CVE-2014-4338 | 1 Linuxfoundation | 1 Cups-filters | 2018-01-08 | 4.0 MEDIUM | N/A |
| cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses. | |||||
| CVE-2014-4336 | 1 Linuxfoundation | 1 Cups-filters | 2018-01-03 | 5.8 MEDIUM | N/A |
| The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. | |||||
| CVE-2011-2964 | 1 Linuxfoundation | 1 Foomatic | 2017-08-28 | 6.8 MEDIUM | N/A |
| foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file, a different vulnerability than CVE-2011-2697. | |||||