CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-6336
https://notcve.org/view.php?id=CVE-2018-6336
An issue was discovered in osquery. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. This issue affects osquery prior to v3.2.7 Se ha descubierto un problema en osquery. Un binario universal/fat manipulado puede evadir las comprobaciones de firma de código de terceros. • https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks • CWE-254: 7PK - Security Features CWE-354: Improper Validation of Integrity Check Value •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1857
https://notcve.org/view.php?id=CVE-2015-1857
The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote attackers to obtain sensitive information by leveraging missing AAA restrictions. La característica odl-mdsal-apidocs en OpenDaylight Helium permite que atacantes remotos obtengan información sensible aprovechando la falta de restricciones AAA. • https://cloudrouter.org/security https://git.opendaylight.org/gerrit/#/c/17709 https://wiki.opendaylight.org/view/Security_Advisories • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.6EPSS: 0%CPEs: 6EXPL: 1CVE-2017-17697
https://notcve.org/view.php?id=CVE-2017-17697
The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping. La función Ping() en ui/api/target.go en Harbor hasta la versión 1.3.0-rc4 tiene SSRF mediante el parámetro endpoint en /api/targets/ping. • https://github.com/vmware/harbor/issues/3755 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-3697 – docker: privilege escalation via confusion of usernames and UIDs
https://notcve.org/view.php?id=CVE-2016-3697
libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container. libcontainer/user/user.go en runC en versiones anteriores a 0.1.0, tal como se utiliza en Docker en versiones anteriores a 1.11.2, trata indebidamente un UID numérico como un nombre de usuario potencial, lo que permite a usuarios locales obtener privilegios a través de un nombre de usuario numérico en el archivo password en un contenedor. It was found that Docker would launch containers under the specified UID instead of a username. An attacker able to launch a container could use this flaw to escalate their privileges to root within the launched container. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00111.html http://rhn.redhat.com/errata/RHSA-2016-1034.html http://rhn.redhat.com/errata/RHSA-2016-2634.html https://github.com/docker/docker/issues/21436 https://github.com/opencontainers/runc/commit/69af385de62ea68e2e608335cffbb0f4aa3db091 https://github.com/opencontainers/runc/pull/708 https://github.com/opencontainers/runc/releases/tag/v0.1.0 https://security.gentoo.org/glsa/201612-28 https://access.redhat.com/security/cve/CVE- • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 7%CPEs: 8EXPL: 0CVE-2010-5325 – foomatic: potential remote arbitrary code execution
https://notcve.org/view.php?id=CVE-2010-5325
Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a long job title. Desbordamiento de buffer basado en memoria dinámica en la función unhtmlify en foomatic-rip en foomatic-filters en versiones anteriores a 4.0.6 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída) o posiblemente ejecutar código arbitrario a través de un título de trabajo largo. It was discovered that the unhtmlify() function of foomatic-rip did not correctly calculate buffer sizes, possibly leading to a heap-based memory corruption. A malicious attacker could exploit this flaw to cause foomatic-rip to crash or, possibly, execute arbitrary code. • http://bzr.linuxfoundation.org/loggerhead/openprinting/foomatic-4.0/foomatic-filters/annotate/head:/ChangeLog http://rhn.redhat.com/errata/RHSA-2016-0491.html http://www.openwall.com/lists/oss-security/2016/02/15/1 http://www.openwall.com/lists/oss-security/2016/02/15/7 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html https://bugs.linuxfoundation.org/show_bug.cgi?id=515 https://bugzilla.redhat.com/show_bug.cgi?id=1218297 https://access.redhat.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •