CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16299
https://notcve.org/view.php?id=CVE-2019-16299
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the mobility application (org.onosproject.mobility), the host event listener does not handle the following event types: HOST_ADDED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. Se detectó un problema en Open Network Operating System (ONOS) versión 1.14. En la aplicación mobility (org.onosproject.mobility), el listener de eventos del host no maneja los siguientes tipos de eventos: HOST_ADDED, HOST_REMOVED, HOST_UPDATED. • https://www.ndss-symposium.org/wp-content/uploads/2020/02/24080.pdf • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16298
https://notcve.org/view.php?id=CVE-2019-16298
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual broadband network gateway application (org.onosproject.virtualbng), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. Se detectó un problema en Open Network Operating System (ONOS) versión 1.14. En la aplicación virtual broadband network gateway (org.onosproject.virtualbng), el listener de eventos del host no maneja los siguientes tipos de eventos: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. • https://www.ndss-symposium.org/wp-content/uploads/2020/02/24080.pdf • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16297
https://notcve.org/view.php?id=CVE-2019-16297
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the P4 tutorial application (org.onosproject.p4tutorial), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. Se detectó un problema en Open Network Operating System (ONOS) versión 1.14. En la aplicación P4 tutorial (org.onosproject.p4tutorial), el listener de eventos del host no maneja los siguientes tipos de eventos: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. • https://www.ndss-symposium.org/wp-content/uploads/2020/02/24080.pdf • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 2CVE-2019-10785
https://notcve.org/view.php?id=CVE-2019-10785
dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them. dojox es vulnerable a un ataque de tipo Cross-site Scripting en todas las versiones anteriores a la versión 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 y 1.11.9. Esto es debido a que la función dojox.xmpp.util.xmlEncode solo codifica la primera aparición de cada carácter, no todos. • https://github.com/ossf-cve-benchmark/CVE-2019-10785 https://github.com/dojo/dojox/security/advisories/GHSA-pg97-ww7h-5mjr https://lists.debian.org/debian-lts-announce/2020/02/msg00033.html https://snyk.io/vuln/SNYK-JS-DOJOX-548257%2C • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.0EPSS: 0%CPEs: 17EXPL: 0CVE-2019-19921 – runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation
https://notcve.org/view.php?id=CVE-2019-19921
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.) runc versiones hasta 1.0.0-rc9, posee un Control de Acceso Incorrecto conllevando a una escalada de privilegios, relacionado con el archivo libcontainer/rootfs_linux.go. Para explotar esto, un atacante debe ser capaz de generar dos contenedores con configuraciones de montaje de volumen personalizadas y ser capaz de ejecutar imágenes personalizadas. (Esta vulnerabilidad no afecta a Docker debido a un detalle de implementación que bloquea el ataque). • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00018.html https://access.redhat.com/errata/RHSA-2020:0688 https://access.redhat.com/errata/RHSA-2020:0695 https://github.com/opencontainers/runc/issues/2197 https://github.com/opencontainers/runc/pull/2190 https://github.com/opencontainers/runc/releases https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3S • CWE-41: Improper Resolution of Path Equivalence CWE-706: Use of Incorrectly-Resolved Name or Reference •