Filtered by vendor Linuxfoundation
Subscribe
Total
347 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-16919 | 2 Linuxfoundation, Vmware | 3 Harbor, Cloud Foundation, Harbor Container Registry | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper project permissions and project scope on the API request to create a new robot account. | |||||
CVE-2019-16884 | 6 Canonical, Docker, Fedoraproject and 3 more | 10 Ubuntu Linux, Docker, Fedora and 7 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. | |||||
CVE-2019-16302 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the Ethernet VPN application (org.onosproject.evpnopenflow), the host event listener does not handle the following event types: HOST_MOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | |||||
CVE-2019-16301 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual tenant network application (org.onosproject.vtn), the host event listener does not handle the following event types: HOST_MOVED. In combination with other applications, this could lead to the absence of intended code execution. | |||||
CVE-2019-16300 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the access control application (org.onosproject.acl), the host event listener does not handle the following event types: HOST_REMOVED. In combination with other applications, this could lead to the absence of intended code execution. | |||||
CVE-2019-16299 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the mobility application (org.onosproject.mobility), the host event listener does not handle the following event types: HOST_ADDED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | |||||
CVE-2019-16298 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual broadband network gateway application (org.onosproject.virtualbng), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | |||||
CVE-2019-16297 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the P4 tutorial application (org.onosproject.p4tutorial), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | |||||
CVE-2019-16097 | 1 Linuxfoundation | 1 Harbor | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix: configure Harbor to use non-DB authentication backend such as LDAP. | |||||
CVE-2019-10785 | 2 Debian, Linuxfoundation | 2 Debian Linux, Dojox | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them. | |||||
CVE-2019-1010252 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-11-21 | 5.5 MEDIUM | 4.9 MEDIUM |
The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: applyFlowRules() and apply() functions in FlowRuleManager.java. The attack vector is: network management and connectivity. | |||||
CVE-2019-1010250 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-11-21 | 5.5 MEDIUM | 4.9 MEDIUM |
The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity. | |||||
CVE-2019-1010249 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-11-21 | 5.5 MEDIUM | 4.9 MEDIUM |
The Linux Foundation ONOS 2.0.0 and earlier is affected by: Integer Overflow. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity. | |||||
CVE-2019-1010245 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is affected by: Improper Input Validation. The impact is: A remote attacker can execute arbitrary commands on the controller. The component is: apps/yang/src/main/java/org/onosproject/yang/impl/YangLiveCompilerManager.java. The attack vector is: network connectivity. The fixed version is: 1.15. | |||||
CVE-2019-1010234 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
The Linux Foundation ONOS 1.15.0 and ealier is affected by: Improper Input Validation. The impact is: The attacker can remotely execute any commands by sending malicious http request to the controller. The component is: Method runJavaCompiler in YangLiveCompilerManager.java. The attack vector is: network connectivity. | |||||
CVE-2015-1857 | 1 Linuxfoundation | 1 Opendaylight | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote attackers to obtain sensitive information by leveraging missing AAA restrictions. | |||||
CVE-2011-2924 | 3 Debian, Fedoraproject, Linuxfoundation | 3 Debian Linux, Fedora, Foomatic-filters | 2024-11-21 | 3.3 LOW | 5.5 MEDIUM |
foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter. | |||||
CVE-2011-2923 | 2 Debian, Linuxfoundation | 2 Debian Linux, Foomatic-filters | 2024-11-21 | 3.3 LOW | 5.5 MEDIUM |
foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter. | |||||
CVE-2022-31671 | 1 Linuxfoundation | 1 Harbor | 2024-11-19 | N/A | 7.4 HIGH |
Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious authenticated users could read all the job logs stored in the Harbor database. | |||||
CVE-2022-31667 | 1 Linuxfoundation | 1 Harbor | 2024-11-19 | N/A | 6.4 MEDIUM |
Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to. By sending a request that attempts to update a robot account, and specifying a robot account id and robot account name that belongs to a different project that the user doesn’t have access to, it was possible to revoke the robot account permissions. |