Total
10 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-37294 | 2024-06-13 | N/A | 5.5 MEDIUM | ||
| Aimeos is an Open Source e-commerce framework for online shops. All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack. Users should upgrade to versions 2022.10.17, 2023.10.17, or 2024.04 of the aimeos/aimeos-core package to receive a patch. | |||||
| CVE-2023-37912 | 1 Xwiki | 1 Xwiki-rendering | 2023-10-31 | N/A | 8.8 HIGH |
| XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of `org.xwiki.platform:xwiki-core-rendering-macro-footnotes` and `org.xwiki.platform:xwiki-rendering-macro-footnotes` and prior to version 15.1-rc-1 of `org.xwiki.platform:xwiki-rendering-macro-footnotes`, the footnote macro executed its content in a potentially different context than the one in which it was defined. In particular in combination with the include macro, this allows privilege escalation from a simple user account in XWiki to programming rights and thus remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.6 and 15.1-rc-1. There is no workaround apart from upgrading to a fixed version of the footnote macro. | |||||
| CVE-2021-3493 | 1 Canonical | 1 Ubuntu Linux | 2023-07-07 | 7.2 HIGH | 7.8 HIGH |
| The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges. | |||||
| CVE-2023-25754 | 1 Apache | 1 Airflow | 2023-05-12 | N/A | 9.8 CRITICAL |
| Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0. | |||||
| CVE-2023-26475 | 1 Xwiki | 1 Xwiki | 2023-03-13 | N/A | 8.8 HIGH |
| XWiki Platform is a generic wiki platform. Starting in version 2.3-milestone-1, the annotation displayer does not execute the content in a restricted context. This allows executing anything with the right of the author of any document by annotating the document. This has been patched in XWiki 13.10.11, 14.4.7 and 14.10. There is no easy workaround except to upgrade. | |||||
| CVE-2019-14819 | 1 Redhat | 1 Openshift Container Platform | 2023-02-12 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges to those allowed by the privileged Security Context Constraints. | |||||
| CVE-2020-7019 | 1 Elastic | 1 Elasticsearch | 2023-01-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional permissions against a restricted index. | |||||
| CVE-2020-7020 | 1 Elastic | 1 Elasticsearch | 2022-06-03 | 3.5 LOW | 3.1 LOW |
| Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices. | |||||
| CVE-2020-1719 | 1 Redhat | 1 Wildfly | 2021-06-16 | 5.5 MEDIUM | 5.4 MEDIUM |
| A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before wildfly 20.0.0.Final are affected. | |||||
| CVE-2017-2663 | 1 Redhat | 1 Subscription-manager | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| It was found that subscription-manager's DBus interface before 1.19.4 let unprivileged user access the com.redhat.RHSM1.Facts.GetFacts and com.redhat.RHSM1.Config.Set methods. An unprivileged local attacker could use these methods to gain access to private information, or launch a privilege escalation attack. | |||||