Total
63 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-39173 | 1 Jetbrains | 1 Teamcity | 2024-02-28 | N/A | 8.8 HIGH |
In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access | |||||
CVE-2022-4272 | 1 Warehouse Management System Project | 1 Warehouse Management System | 2024-02-28 | N/A | 9.8 CRITICAL |
A vulnerability, which was classified as critical, has been found in FeMiner wms. Affected by this issue is some unknown functionality of the file /product/savenewproduct.php?flag=1. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214760. | |||||
CVE-2022-2626 | 1 Hestiacp | 1 Control Panel | 2024-02-28 | N/A | 7.2 HIGH |
Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6. | |||||
CVE-2022-3826 | 1 Huaxiaerp | 1 Huaxia Erp | 2024-02-28 | N/A | 6.5 MEDIUM |
A vulnerability was found in Huaxia ERP. It has been classified as problematic. This affects an unknown part of the file /depotHead/list of the component Retail Management. The manipulation of the argument search leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212793 was assigned to this vulnerability. | |||||
CVE-2022-3770 | 1 Xjyunjing | 1 Yunjing Content Management System | 2024-02-28 | N/A | 8.8 HIGH |
A vulnerability classified as critical was found in Yunjing CMS. This vulnerability affects unknown code of the file /index/user/upload_img.html. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212500. | |||||
CVE-2022-1225 | 1 Phpipam | 1 Phpipam | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6. | |||||
CVE-2020-35514 | 1 Redhat | 1 Openshift | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own node to the OpenShift cluster. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects versions before openshift4/ose-machine-config-operator v4.7.0-202105111858.p0. | |||||
CVE-2020-10695 | 1 Redhat | 1 Single Sign-on | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
An insecure modification flaw in the /etc/passwd file was found in the redhat-sso-7 container. An attacker with access to the container can use this flaw to modify the /etc/passwd and escalate their privileges. | |||||
CVE-2019-19353 | 1 Redhat | 1 Openshift Container Platform | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hive as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | |||||
CVE-2019-19350 | 1 Redhat | 1 Openshift | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | |||||
CVE-2021-1303 | 1 Cisco | 1 Dna Center | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device. The vulnerability is due to improper enforcement of actions for assigned user roles. An attacker could exploit this vulnerability by authenticating as a user with an Observer role and executing commands on the affected device. A successful exploit could allow a user with the Observer role to execute commands to view diagnostic information of the devices that Cisco DNA Center manages. | |||||
CVE-2021-1412 | 1 Cisco | 1 Identity Services Engine | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only administrator access to the Admin portal could exploit these vulnerabilities by browsing to one of the pages that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2019-19354 | 1 Redhat | 2 Enterprise Linux, Openshift Container Platform | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | |||||
CVE-2019-19352 | 1 Redhat | 1 Openshift Container Platform | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | |||||
CVE-2019-19349 | 1 Redhat | 1 Openshift | 2024-02-28 | 4.4 MEDIUM | 7.8 HIGH |
An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | |||||
CVE-2021-1416 | 1 Cisco | 1 Identity Services Engine | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only administrator access to the Admin portal could exploit these vulnerabilities by browsing to one of the pages that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2020-1705 | 1 Redhat | 1 Template Service Broker Operator | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
A vulnerability was found in openshift/template-service-broker-operator in all 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/template-service-broker-operator. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | |||||
CVE-2019-19345 | 1 Redhat | 1 Openshift | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediawiki-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | |||||
CVE-2019-19355 | 1 Redhat | 1 Openshift | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-operator-container as shipped in Openshift 4. | |||||
CVE-2019-19351 | 1 Redhat | 1 Openshift | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera as shipped in Openshift 4 and 3.11. |