Total
271 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-4112 | 1 Redhat | 5 Ansible Automation Platform, Ansible Automation Platform Early Access, Ansible Automation Platform Text-only Advisories and 2 more | 2023-02-12 | 8.8 High |
| A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment. | ||||
| CVE-2020-1726 | 2 Libpod Project, Redhat | 3 Libpod, Enterprise Linux, Openshift Container Platform | 2023-02-12 | 5.9 Medium |
| A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and overwrite files in the volume.This issue was introduced in version 1.6.0. | ||||
| CVE-2017-2622 | 1 Redhat | 1 Openstack | 2023-02-12 | N/A |
| An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information. | ||||
| CVE-2017-2621 | 2 Openstack, Redhat | 2 Heat, Openstack | 2023-02-12 | 5.5 Medium |
| An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information. | ||||
| CVE-2017-15104 | 2 Heketi Project, Redhat | 2 Heketi, Enterprise Linux | 2023-02-12 | 7.8 High |
| An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file. | ||||
| CVE-2022-1117 | 1 Fapolicyd Project | 1 Fapolicyd | 2023-02-12 | 8.4 High |
| A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not correctly detect the runtime linker. The consequence is that the pattern detection for applications launched by the run time linker may fail to detect the pattern and allow execution. | ||||
| CVE-2018-10867 | 1 Redhat | 1 Certification | 2023-02-10 | 9.1 Critical |
| Files are accessible without restrictions from the /update/results page of redhat-certification 7 package, allowing an attacker to remove any file accessible by the apached user. | ||||
| CVE-2018-10863 | 1 Redhat | 1 Certification | 2023-02-10 | 7.5 High |
| It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory, through the /rhcert-transfer URL. An unauthorized attacker may use this flaw to gather sensible information. | ||||
| CVE-2022-48161 | 1 Easy Images Project | 1 Easy Images | 2023-02-08 | 7.5 High |
| Easy Images v2.0 was discovered to contain an arbitrary file download vulnerability via the component /application/down.php. This vulnerability is exploited via a crafted GET request. | ||||
| CVE-2022-48094 | 1 Lmxcms | 1 Lmxcms | 2023-02-08 | 4.9 Medium |
| lmxcms v1.41 was discovered to contain an arbitrary file read vulnerability via TemplateAction.class.php. | ||||
| CVE-2021-22015 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2023-02-03 | 7.8 High |
| The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance. | ||||
| CVE-2022-45129 | 1 Payara | 1 Payara | 2023-01-20 | 7.5 High |
| Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise before 5.45.0. | ||||
| CVE-2022-45426 | 1 Dahuasecurity | 8 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 5 more | 2023-01-05 | 6.5 Medium |
| Some Dahua software products have a vulnerability of unrestricted download of file. After obtaining the permissions of ordinary users, by sending a specific crafted packet to the vulnerable interface, an attacker can download arbitrary files. | ||||
| CVE-2022-45227 | 1 Dragino | 2 Lg01 Lora, Lg01 Lora Firmware | 2022-12-13 | 7.5 High |
| The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the directory listing at the URL https://10.10.20.74/lib/. This address has a backup file which can be downloaded without any authentication. | ||||
| CVE-2022-43449 | 1 Openharmony | 1 Openharmony | 2022-12-12 | 5.5 Medium |
| OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000. | ||||
| CVE-2021-29969 | 1 Mozilla | 1 Thunderbird | 2022-12-09 | 5.9 Medium |
| If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server. This vulnerability affects Thunderbird < 78.12. | ||||
| CVE-2022-44356 | 1 Wavlink | 2 Wl-wn531g3, Wl-wn531g3 Firmware | 2022-12-02 | 7.5 High |
| WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files. | ||||
| CVE-2022-44583 | 1 Watchtowerhq | 1 Watchtower | 2022-11-21 | 7.5 High |
| Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress. | ||||
| CVE-2022-41343 | 1 Dompdf Project | 1 Dompdf | 2022-11-21 | 7.5 High |
| registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule. | ||||
| CVE-2021-3717 | 1 Redhat | 4 Enterprise Linux, Jboss Enterprise Application Platform, Single Sign-on and 1 more | 2022-11-10 | 7.8 High |
| A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0. | ||||