Page 4 of 40 results (0.006 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-37841

https://notcve.org/view.php?id=CVE-2021-37841

Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue leads an attacker with low privilege to read, write and possibly even execute code inside the containers. Docker Desktop versiones anteriores a 3.6.0, sufre de un control de acceso incorrecto. Si una cuenta poco privilegiada es capaz de acceder al servidor que ejecuta los contenedores de Windows, puede conllevar a un compromiso del contenedor completo en los modos de aislamiento de procesos y de aislamiento de Hyper-V. • https://docs.docker.com/docker-for-windows/release-notes • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 1

CVE-2021-22895

https://notcve.org/view.php?id=CVE-2021-22895

Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow. Nextcloud Desktop Client versiones anteriores a 3.3.1, es vulnerable a una comprobación inapropiada de certificados debido a una falta de comprobación de certificados SSL cuando se usa el flujo "Register with a Provider" • https://github.com/nextcloud/desktop/pull/2926 https://github.com/nextcloud/desktop/releases/tag/v3.1.3 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qpgp-vf4p-wcw5 https://hackerone.com/reports/903424 https://www.debian.org/security/2021/dsa-4974 • CWE-295: Improper Certificate Validation •

CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 1

CVE-2021-22879

https://notcve.org/view.php?id=CVE-2021-22879

Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation. Nextcloud Desktop Client versiones anteriores a 3.1.3, es vulnerable a una inyección de recursos debido a una falta de comprobación de las URL, permitiendo a un servidor malicioso ejecutar comandos remotos. Una interacción del usuario es necesaria para su explotación • https://github.com/nextcloud/desktop/pull/2906 https://hackerone.com/reports/1078002 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTWBJAS5DJJIK7LLVBZZQTSJASUVIRVE https://nextcloud.com/security/advisory/?id=NC-SA-2021-008 https://security.gentoo.org/glsa/202105-37 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •

CVSS: 8.1EPSS: 0%CPEs: 32EXPL: 0

CVE-2018-10861 – ceph: ceph-mon does not perform authorization on OSD pool ops

https://notcve.org/view.php?id=CVE-2018-10861

A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected. Se ha encontrado un error en la forma en la que ceph mon maneja las peticiones de usuario. Cualquier usuario de ceph autenticado que tenga acceso de lectura en ceph puede eliminar, crear pools de almacenamiento de ceph y corromper imágenes instantáneas. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html http://tracker.ceph.com/issues/24838 http://www.securityfocus.com/bid/104742 https://access.redhat.com/errata/RHSA-2018:2177 https://access.redhat.com/errata/RHSA-2018:2179 https://access.redhat.com/errata/RHSA-2018:2261 https://access.redhat.com/errata/RHSA-2018:2274 https://bugzilla.redhat.com/show_bug.cgi?id=1593308 https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc https://www.deb • CWE-285: Improper Authorization CWE-287: Improper Authentication •

CVSS: 6.5EPSS: 0%CPEs: 35EXPL: 0

CVE-2018-1129 – ceph: cephx uses weak signatures

https://notcve.org/view.php?id=CVE-2018-1129

A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable. Se ha encontrado un error en la forma en la que el cálculo de firmas es gestionado por el protocolo de autenticación cephx. Un atacante que tenga acceso a la red de clústers ceph y que pueda alterar la carga útil de los mensajes podría omitir las comprobaciones de firma realizadas por el protocolo cephx. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html http://tracker.ceph.com/issues/24837 https://access.redhat.com/errata/RHSA-2018:2177 https://access.redhat.com/errata/RHSA-2018:2179 https://access.redhat.com/errata/RHSA-2018:2261 https://access.redhat.com/errata/RHSA-2018:2274 https://bugzilla.redhat.com/show_bug.cgi?id=1576057 https://github.com/ceph/ceph/com • CWE-284: Improper Access Control CWE-287: Improper Authentication •