Search Results (83123 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-11328 3 Fedoraproject, Opensuse, Sylabs 4 Fedora, Backports, Leap and 1 more 2024-11-21 8.8 High
An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within `/run/singularity/instances/sing/<user>/<instance>`. The manipulation of those files can change the behavior of the starter-suid program when instances are joined resulting in potential privilege escalation on the host.
CVE-2019-11322 1 Motorola 4 Cx2, Cx2 Firmware, M2 and 1 more 2024-11-21 N/A
An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function startRmtAssist in hnap, which leads to remote code execution via shell metacharacters in a JSON value.
CVE-2019-11319 1 Motorola 4 Cx2, Cx2 Firmware, M2 and 1 more 2024-11-21 N/A
An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function downloadFirmware in hnap, which leads to remote code execution via shell metacharacters in a JSON value.
CVE-2019-11318 1 Synacor 1 Zimbra Collaboration Server 2024-11-21 5.4 Medium
Zimbra Collaboration before 8.8.12 Patch 1 has persistent XSS.
CVE-2019-11282 2 Cloudfoundry, Pivotal Software 2 Cf-deployment, Cloud Foundry Uaa 2024-11-21 4.3 Medium
Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak information about users of the UAA.
CVE-2019-11281 4 Debian, Fedoraproject, Pivotal Software and 1 more 5 Debian Linux, Fedora, Rabbitmq and 2 more 2024-11-21 4.8 Medium
Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack that would gain access to virtual hosts and policy management information.
CVE-2019-11279 1 Cloudfoundry 1 Uaa Release 2024-11-21 8.8 High
CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes. A remote malicious user can escalate their own privileges to any scope, allowing them to take control of UAA and the resources it controls.
CVE-2019-11278 1 Cloudfoundry 1 User Account And Authentication 2024-11-21 8.8 High
CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with 'client.write' and 'groups.update' can craft a SCIM query, which leaks information that allows an escalation of privileges, ultimately allowing the malicious user to gain control of UAA scopes they should not have.
CVE-2019-11277 1 Cloudfoundry 2 Cf-deployment, Nfs Volume Release 2024-11-21 8.1 High
Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny service or perform a dictionary attack.
CVE-2019-11275 2 Pivotal, Pivotal Software 2 Apps Manager, Pivotal Application Service 2024-11-21 4.3 Medium
Pivotal Application Manager, versions 666.0.x prior to 666.0.36, versions 667.0.x prior to 667.0.22, versions 668.0.x prior to 668.0.21, versions 669.0.x prior to 669.0.13, and versions 670.0.x prior to 670.0.7, contain a vulnerability where a remote authenticated user can create an app with a name such that a csv program can interpret into a formula and gets executed. The malicious user can possibly gain access to a usage report that requires a higher privilege.
CVE-2019-11274 1 Cloudfoundry 1 User Account And Authentication 2024-11-21 6.1 Medium
Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS attack. A remote unauthenticated malicious attacker could craft a URL that contains a SCIM filter that contains malicious JavaScript, which older browsers may execute.
CVE-2019-11270 1 Pivotal Software 3 Application Service, Cloud Foundry Uaa, Operations Manager 2024-11-21 7.5 High
Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes that the creator does not possess.
CVE-2019-11245 1 Kubernetes 1 Kubernetes 2024-11-21 N/A
In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If the pod specified mustRunAsNonRoot: true, the kubelet will refuse to start the container as root. If the pod did not specify mustRunAsNonRoot: true, the kubelet will run the container as uid 0.
CVE-2019-11244 3 Kubernetes, Netapp, Redhat 4 Kubernetes, Trident, Openshift and 1 more 2024-11-21 5.0 Medium
In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation.
CVE-2019-11226 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 N/A
CMS Made Simple 2.2.10 has XSS via the m1_name parameter in "Add Article" under Content -> Content Manager -> News.
CVE-2019-11224 1 Harman 2 Amx Mvp5150, Amx Mvp5150 Firmware 2024-11-21 N/A
HARMAN AMX MVP5150 v2.87.13 devices allow remote OS Command Injection.
CVE-2019-11222 2 Debian, Gpac 2 Debian Linux, Gpac 2024-11-21 7.8 High
gf_bin128_parse in utils/os_divers.c in GPAC 0.7.1 has a buffer overflow issue for the crypt feature when encountering a crafted_drm_file.xml file.
CVE-2019-11221 2 Debian, Gpac 2 Debian Linux, Gpac 2024-11-21 N/A
GPAC 0.7.1 has a buffer overflow issue in gf_import_message() in media_import.c.
CVE-2019-11217 1 Bonobogitserver 1 Bonobo Git Server 2024-11-21 N/A
The GitController in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows execution of arbitrary commands in the context of the web server via a crafted http request.
CVE-2019-11215 1 Combodo 1 Itop 2024-11-21 8.1 High
In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. Many conditions can place the configuration file into a writable state: during installation; during upgrade; in certain cases, an error during modification of the file from the web interface leaves the file writable (can be triggered with XSS); a race condition can be triggered by the hub-connector module (community version only from 2.4.1 to 2.6.0); or editing the file in a CLI.