Total
317 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3770 | 1 Xjyunjing | 1 Yunjing Content Management System | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability classified as critical was found in Yunjing CMS. This vulnerability affects unknown code of the file /index/user/upload_img.html. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212500. | |||||
| CVE-2022-3458 | 1 Oretnom23 | 1 Human Resource Management System | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability has been found in SourceCodester Human Resource Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /employeeview.php of the component Image File Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-210559. | |||||
| CVE-2022-2626 | 1 Hestiacp | 1 Control Panel | 2024-11-21 | N/A | 7.2 HIGH |
| Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6. | |||||
| CVE-2022-1225 | 1 Phpipam | 1 Phpipam | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6. | |||||
| CVE-2021-1416 | 1 Cisco | 1 Identity Services Engine | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only administrator access to the Admin portal could exploit these vulnerabilities by browsing to one of the pages that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1412 | 1 Cisco | 1 Identity Services Engine | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only administrator access to the Admin portal could exploit these vulnerabilities by browsing to one of the pages that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1303 | 1 Cisco | 1 Dna Center | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device. The vulnerability is due to improper enforcement of actions for assigned user roles. An attacker could exploit this vulnerability by authenticating as a user with an Observer role and executing commands on the affected device. A successful exploit could allow a user with the Observer role to execute commands to view diagnostic information of the devices that Cisco DNA Center manages. | |||||
| CVE-2020-35514 | 1 Redhat | 1 Openshift | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own node to the OpenShift cluster. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects versions before openshift4/ose-machine-config-operator v4.7.0-202105111858.p0. | |||||
| CVE-2020-1708 | 1 Redhat | 1 Openshift Container Platform | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| It has been found in openshift-enterprise version 3.11 and all openshift-enterprise versions from 4.1 to, including 4.3, that multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privileges. This CVE is specific to the openshift/mysql-apb. | |||||
| CVE-2020-1705 | 1 Redhat | 1 Template Service Broker Operator | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| A vulnerability was found in openshift/template-service-broker-operator in all 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/template-service-broker-operator. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | |||||
| CVE-2020-14318 | 2 Redhat, Samba | 3 Enterprise Linux, Storage, Samba | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker. | |||||
| CVE-2020-10695 | 1 Redhat | 1 Single Sign-on | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An insecure modification flaw in the /etc/passwd file was found in the redhat-sso-7 container. An attacker with access to the container can use this flaw to modify the /etc/passwd and escalate their privileges. | |||||
| CVE-2019-19355 | 1 Redhat | 1 Openshift | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-operator-container as shipped in Openshift 4. | |||||
| CVE-2019-19354 | 1 Redhat | 2 Enterprise Linux, Openshift Container Platform | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | |||||
| CVE-2019-19353 | 1 Redhat | 1 Openshift Container Platform | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
| An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hive as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | |||||
| CVE-2019-19352 | 1 Redhat | 1 Openshift Container Platform | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | |||||
| CVE-2019-19351 | 1 Redhat | 1 Openshift | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera as shipped in Openshift 4 and 3.11. | |||||
| CVE-2019-19350 | 1 Redhat | 1 Openshift | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | |||||
| CVE-2019-19349 | 1 Redhat | 1 Openshift | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | |||||
| CVE-2019-19345 | 1 Redhat | 1 Openshift | 2024-11-21 | 4.6 MEDIUM | 7.0 HIGH |
| A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediawiki-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. | |||||