Filtered by CWE-668
Filtered by vendor Subscriptions
Total 648 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-21626 3 Fedoraproject, Linuxfoundation, Redhat 10 Fedora, Runc, Enterprise Linux and 7 more 2024-11-21 8.6 High
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.
CVE-2024-21605 2024-11-21 6.5 Medium
An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX 300 Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). Specific valid link-local traffic is not blocked on ports in STP blocked state but is instead sent to the control plane of the device. This leads to excessive resource consumption and in turn severe impact on all control and management protocols of the device. This issue affects Juniper Networks Junos OS: * 21.2 version 21.2R3-S3 and later versions earlier than 21.2R3-S6; * 22.1 version 22.1R3 and later versions earlier than 22.1R3-S4; * 22.2 version 22.2R2 and later versions earlier than 22.2R3-S2; * 22.3 version 22.3R2 and later versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2. This issue does not affect Juniper Networks Junos OS 21.4R1 and later versions of 21.4.
CVE-2024-21597 1 Juniper 1 Junos 2024-11-21 5.3 Medium
An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the intended access restrictions. In an Abstracted Fabric (AF) scenario if routing-instances (RI) are configured, specific valid traffic destined to the device can bypass the configured lo0 firewall filters as it's received in the wrong RI context. This issue affects Juniper Networks Junos OS on MX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S3; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R3; * 22.3 versions earlier than 22.3R2.
CVE-2024-20694 1 Microsoft 17 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 14 more 2024-11-21 5.5 Medium
Windows CoreMessaging Information Disclosure Vulnerability
CVE-2024-20692 1 Microsoft 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more 2024-11-21 5.7 Medium
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
CVE-2023-7204 1 Wp-staging 1 Wp Staging 2024-11-21 7.5 High
The WP STAGING WordPress Backup plugin before 3.2.0 allows access to cache files during the cloning process which provides
CVE-2023-7014 1 Amitzy 1 Molongui Authorship 2024-11-21 5.3 Medium
The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the 'ma_debu' parameter. This makes it possible for unauthenticated attackers to extract sensitive data including post author emails and names if applicable.
CVE-2023-6096 2024-11-21 7.4 High
Vladimir Kononovich, a Security Researcher has found a flaw that using a inappropriate encryption logic on the DVR. firmware encryption is broken and allows to decrypt. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
CVE-2023-5751 2024-11-21 7.8 High
A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong sphere. 
CVE-2023-5545 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-11-21 3.3 Low
H5P metadata automatically populated the author with the user's username, which could be sensitive information.
CVE-2023-5542 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-11-21 3.3 Low
Students in "Only see own membership" groups could see other students in the group, which should be hidden.
CVE-2023-50328 1 Ibm 1 Powersc 2024-11-21 3.7 Low
IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110.
CVE-2023-4910 1 Redhat 2 3scale Api Management, Red Hat 3scale Amp 2024-11-21 5.5 Medium
A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache.
CVE-2023-4230 1 Moxa 3 Iologik 4000 Series, Iologik E4200, Iologik E4200 Firmware 2024-11-21 5.3 Medium
A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which has the potential to facilitate the collection of information on ioLogik 4000 Series devices. This vulnerability may enable attackers to gather information for the purpose of assessing vulnerabilities and potential attack vectors.
CVE-2023-4217 1 Moxa 2 Eds-g503, Eds-g503 Firmware 2024-11-21 3.1 Low
A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.
CVE-2023-49347 1 Ubuntubudgie 1 Budgie Extras 2024-11-21 6 Medium
Temporary data passed between application components by Budgie Extras Windows Previews could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may read private information from windows, present false information to users, or deny access to the application.
CVE-2023-49346 1 Ubuntubudgie 1 Budgie Extras 2024-11-21 6 Medium
Temporary data passed between application components by Budgie Extras WeatherShow applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.
CVE-2023-49345 1 Ubuntubudgie 1 Budgie Extras 2024-11-21 6 Medium
Temporary data passed between application components by Budgie Extras Takeabreak applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.
CVE-2023-49344 1 Ubuntubudgie 1 Budgie Extras 2024-11-21 6 Medium
Temporary data passed between application components by Budgie Extras Window Shuffler applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.
CVE-2023-49343 1 Ubuntubudgie 1 Budgie Extras 2024-11-21 6 Medium
Temporary data passed between application components by Budgie Extras Dropby applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.