Filtered by vendor Linuxfoundation
Subscribe
Total
272 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-3567 | 1 Linuxfoundation | 1 Osquery | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| In some configurations an attacker can inject a new executable path into the extensions.load file for osquery and hard link a parent folder of a malicious binary to a folder with known 'safe' permissions. Under those circumstances osquery will load said malicious executable with SYSTEM permissions. The solution is to migrate installations to the 'Program Files' directory on Windows which restricts unprivileged write access. This issue affects osquery prior to v3.4.0. | |||||
| CVE-2019-19921 | 5 Canonical, Debian, Linuxfoundation and 2 more | 5 Ubuntu Linux, Debian Linux, Runc and 2 more | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.) | |||||
| CVE-2019-19030 | 1 Linuxfoundation | 1 Harbor | 2024-11-21 | N/A | 5.3 MEDIUM |
| Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal (via the HTTP status code) whether a resource exists. | |||||
| CVE-2019-19029 | 2 Linuxfoundation, Pivotal | 2 Harbor, Vmware Harbor Registry | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform. | |||||
| CVE-2019-19026 | 2 Linuxfoundation, Pivotal | 2 Harbor, Vmware Harbor Registry | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform. | |||||
| CVE-2019-19025 | 2 Linuxfoundation, Pivotal | 2 Harbor, Vmware Harbor Registry | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container Registry for the Pivotal Platform. | |||||
| CVE-2019-19023 | 2 Linuxfoundation, Pivotal | 2 Harbor, Vmware Harbor Registry | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 has a Privilege Escalation Vulnerability in the VMware Harbor Container Registry for the Pivotal Platform. | |||||
| CVE-2019-16919 | 2 Linuxfoundation, Vmware | 3 Harbor, Cloud Foundation, Harbor Container Registry | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper project permissions and project scope on the API request to create a new robot account. | |||||
| CVE-2019-16884 | 6 Canonical, Docker, Fedoraproject and 3 more | 10 Ubuntu Linux, Docker, Fedora and 7 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. | |||||
| CVE-2019-16302 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Open Network Operating System (ONOS) 1.14. In the Ethernet VPN application (org.onosproject.evpnopenflow), the host event listener does not handle the following event types: HOST_MOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | |||||
| CVE-2019-16301 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual tenant network application (org.onosproject.vtn), the host event listener does not handle the following event types: HOST_MOVED. In combination with other applications, this could lead to the absence of intended code execution. | |||||
| CVE-2019-16300 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Open Network Operating System (ONOS) 1.14. In the access control application (org.onosproject.acl), the host event listener does not handle the following event types: HOST_REMOVED. In combination with other applications, this could lead to the absence of intended code execution. | |||||
| CVE-2019-16299 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Open Network Operating System (ONOS) 1.14. In the mobility application (org.onosproject.mobility), the host event listener does not handle the following event types: HOST_ADDED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | |||||
| CVE-2019-16298 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual broadband network gateway application (org.onosproject.virtualbng), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | |||||
| CVE-2019-16297 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Open Network Operating System (ONOS) 1.14. In the P4 tutorial application (org.onosproject.p4tutorial), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | |||||
| CVE-2019-16097 | 1 Linuxfoundation | 1 Harbor | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix: configure Harbor to use non-DB authentication backend such as LDAP. | |||||
| CVE-2019-10785 | 2 Debian, Linuxfoundation | 2 Debian Linux, Dojox | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them. | |||||
| CVE-2019-1010252 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-11-21 | 5.5 MEDIUM | 4.9 MEDIUM |
| The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: applyFlowRules() and apply() functions in FlowRuleManager.java. The attack vector is: network management and connectivity. | |||||
| CVE-2019-1010250 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-11-21 | 5.5 MEDIUM | 4.9 MEDIUM |
| The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity. | |||||
| CVE-2019-1010249 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-11-21 | 5.5 MEDIUM | 4.9 MEDIUM |
| The Linux Foundation ONOS 2.0.0 and earlier is affected by: Integer Overflow. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity. | |||||