Filtered by vendor Linuxfoundation
Subscriptions
Total
279 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-16297 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-11-21 | 7.5 High |
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the P4 tutorial application (org.onosproject.p4tutorial), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | ||||
CVE-2019-16097 | 1 Linuxfoundation | 1 Harbor | 2024-11-21 | 6.5 Medium |
core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix: configure Harbor to use non-DB authentication backend such as LDAP. | ||||
CVE-2019-10785 | 2 Debian, Linuxfoundation | 2 Debian Linux, Dojox | 2024-11-21 | 6.1 Medium |
dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them. | ||||
CVE-2019-1010252 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-11-21 | N/A |
The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: applyFlowRules() and apply() functions in FlowRuleManager.java. The attack vector is: network management and connectivity. | ||||
CVE-2019-1010250 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-11-21 | N/A |
The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity. | ||||
CVE-2019-1010249 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-11-21 | N/A |
The Linux Foundation ONOS 2.0.0 and earlier is affected by: Integer Overflow. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity. | ||||
CVE-2019-1010245 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-11-21 | N/A |
The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is affected by: Improper Input Validation. The impact is: A remote attacker can execute arbitrary commands on the controller. The component is: apps/yang/src/main/java/org/onosproject/yang/impl/YangLiveCompilerManager.java. The attack vector is: network connectivity. The fixed version is: 1.15. | ||||
CVE-2019-1010234 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-11-21 | N/A |
The Linux Foundation ONOS 1.15.0 and ealier is affected by: Improper Input Validation. The impact is: The attacker can remotely execute any commands by sending malicious http request to the controller. The component is: Method runJavaCompiler in YangLiveCompilerManager.java. The attack vector is: network connectivity. | ||||
CVE-2018-6336 | 1 Linuxfoundation | 1 Osquery | 2024-11-21 | 7.8 High |
An issue was discovered in osquery. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. This issue affects osquery prior to v3.2.7 | ||||
CVE-2017-17697 | 1 Linuxfoundation | 1 Harbor | 2024-11-21 | 8.6 High |
The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping. | ||||
CVE-2016-3697 | 4 Docker, Linuxfoundation, Opensuse and 1 more | 4 Docker, Runc, Opensuse and 1 more | 2024-11-21 | 7.8 High |
libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container. | ||||
CVE-2015-8560 | 4 Canonical, Debian, Linuxfoundation and 1 more | 5 Ubuntu Linux, Debian Linux, Cups-filters and 2 more | 2024-11-21 | N/A |
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327. | ||||
CVE-2015-8327 | 4 Canonical, Debian, Linuxfoundation and 1 more | 10 Ubuntu Linux, Debian Linux, Cups-filters and 7 more | 2024-11-21 | N/A |
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job. | ||||
CVE-2015-3279 | 4 Canonical, Debian, Linuxfoundation and 1 more | 4 Ubuntu Linux, Debian Linux, Cups-filters and 1 more | 2024-11-21 | N/A |
Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow. | ||||
CVE-2015-3258 | 4 Canonical, Debian, Linuxfoundation and 1 more | 4 Ubuntu Linux, Debian Linux, Cups-filters and 1 more | 2024-11-21 | N/A |
Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job. | ||||
CVE-2015-2265 | 2 Canonical, Linuxfoundation | 2 Ubuntu Linux, Cups-filters | 2024-11-21 | N/A |
The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. | ||||
CVE-2015-1857 | 1 Linuxfoundation | 1 Opendaylight | 2024-11-21 | 5.3 Medium |
The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote attackers to obtain sensitive information by leveraging missing AAA restrictions. | ||||
CVE-2014-4338 | 2 Linuxfoundation, Redhat | 2 Cups-filters, Enterprise Linux | 2024-11-21 | N/A |
cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses. | ||||
CVE-2014-4337 | 2 Linuxfoundation, Redhat | 2 Cups-filters, Enterprise Linux | 2024-11-21 | N/A |
The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data. | ||||
CVE-2014-4336 | 1 Linuxfoundation | 1 Cups-filters | 2024-11-21 | N/A |
The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. |