Filtered by vendor Linuxfoundation
Subscriptions
Total
267 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-19921 | 5 Canonical, Debian, Linuxfoundation and 2 more | 8 Ubuntu Linux, Debian Linux, Runc and 5 more | 2024-08-05 | 7.0 High |
| runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.) | ||||
| CVE-2019-19030 | 1 Linuxfoundation | 1 Harbor | 2024-08-05 | 5.3 Medium |
| Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal (via the HTTP status code) whether a resource exists. | ||||
| CVE-2019-19029 | 2 Linuxfoundation, Pivotal | 2 Harbor, Vmware Harbor Registry | 2024-08-05 | 7.2 High |
| Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform. | ||||
| CVE-2019-19026 | 2 Linuxfoundation, Pivotal | 2 Harbor, Vmware Harbor Registry | 2024-08-05 | 4.9 Medium |
| Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform. | ||||
| CVE-2019-19023 | 2 Linuxfoundation, Pivotal | 2 Harbor, Vmware Harbor Registry | 2024-08-05 | 8.8 High |
| Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 has a Privilege Escalation Vulnerability in the VMware Harbor Container Registry for the Pivotal Platform. | ||||
| CVE-2019-19025 | 2 Linuxfoundation, Pivotal | 2 Harbor, Vmware Harbor Registry | 2024-08-05 | 8.8 High |
| Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container Registry for the Pivotal Platform. | ||||
| CVE-2019-16919 | 2 Linuxfoundation, Vmware | 3 Harbor, Cloud Foundation, Harbor Container Registry | 2024-08-05 | 7.5 High |
| Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper project permissions and project scope on the API request to create a new robot account. | ||||
| CVE-2019-16884 | 6 Canonical, Docker, Fedoraproject and 3 more | 12 Ubuntu Linux, Docker, Fedora and 9 more | 2024-08-05 | 7.5 High |
| runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. | ||||
| CVE-2019-16298 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-08-05 | 7.5 High |
| An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual broadband network gateway application (org.onosproject.virtualbng), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | ||||
| CVE-2019-16299 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-08-05 | 7.5 High |
| An issue was discovered in Open Network Operating System (ONOS) 1.14. In the mobility application (org.onosproject.mobility), the host event listener does not handle the following event types: HOST_ADDED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | ||||
| CVE-2019-16297 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-08-05 | 7.5 High |
| An issue was discovered in Open Network Operating System (ONOS) 1.14. In the P4 tutorial application (org.onosproject.p4tutorial), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | ||||
| CVE-2019-16301 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-08-05 | 7.5 High |
| An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual tenant network application (org.onosproject.vtn), the host event listener does not handle the following event types: HOST_MOVED. In combination with other applications, this could lead to the absence of intended code execution. | ||||
| CVE-2019-16302 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-08-05 | 7.5 High |
| An issue was discovered in Open Network Operating System (ONOS) 1.14. In the Ethernet VPN application (org.onosproject.evpnopenflow), the host event listener does not handle the following event types: HOST_MOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | ||||
| CVE-2019-16300 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-08-05 | 7.5 High |
| An issue was discovered in Open Network Operating System (ONOS) 1.14. In the access control application (org.onosproject.acl), the host event listener does not handle the following event types: HOST_REMOVED. In combination with other applications, this could lead to the absence of intended code execution. | ||||
| CVE-2019-16097 | 1 Linuxfoundation | 1 Harbor | 2024-08-05 | 6.5 Medium |
| core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix: configure Harbor to use non-DB authentication backend such as LDAP. | ||||
| CVE-2019-10785 | 2 Debian, Linuxfoundation | 2 Debian Linux, Dojox | 2024-08-04 | 6.1 Medium |
| dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them. | ||||
| CVE-2019-5736 | 13 Apache, Canonical, D2iq and 10 more | 20 Mesos, Ubuntu Linux, Dc\/os and 17 more | 2024-08-04 | 8.6 High |
| runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe. | ||||
| CVE-2019-3990 | 1 Linuxfoundation | 1 Harbor | 2024-08-04 | 4.3 Medium |
| A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and information can be obtained about registered users can be obtained via the "search" functionality. | ||||
| CVE-2019-3567 | 1 Linuxfoundation | 1 Osquery | 2024-08-04 | N/A |
| In some configurations an attacker can inject a new executable path into the extensions.load file for osquery and hard link a parent folder of a malicious binary to a folder with known 'safe' permissions. Under those circumstances osquery will load said malicious executable with SYSTEM permissions. The solution is to migrate installations to the 'Program Files' directory on Windows which restricts unprivileged write access. This issue affects osquery prior to v3.4.0. | ||||
| CVE-2020-29662 | 1 Linuxfoundation | 1 Harbor | 2024-08-04 | 5.3 Medium |
| In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s registry API is exposed on an unauthenticated path. | ||||