CWE:
 

Topic
Date
Author
High
HanYazilim Paper Submission System .NET 1.0 Shell Upload
25.02.2019
KingSkrupellos
Med.
HanYazilim Paper Submission System .NET v1.0 Privilege Escalation / Backdoor Access
22.02.2019
KingSkrupellos
Low
Calamp.com Incorrect Privilege Assignment
15.05.2018
Vangelis Stykas


CVEMAP Search Results

CVE
Details
Description
2021-05-26
Medium
CVE-2020-10695

Vendor: Redhat
Software: Single sign-on
 

 
An insecure modification flaw in the /etc/passwd file was found in the redhat-sso-7 container. An attacker with access to the container can use this flaw to modify the /etc/passwd and escalate their privileges.

 
2021-04-19
Waiting for details
CVE-2021-20208

Updating...
 

 
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.

 
2021-03-24
Medium
CVE-2019-19349

Vendor: Redhat
Software: Openshift
 

 
An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

 
Medium
CVE-2019-19350

Vendor: Redhat
Software: Openshift
 

 
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

 
Medium
CVE-2019-19352

Vendor: Redhat
Software: Openshift co...
 

 
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

 
Medium
CVE-2019-19353

Vendor: Redhat
Software: Openshift co...
 

 
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hive as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

 
2021-02-17
Low
CVE-2021-1412

Vendor: Cisco
Software: Identity ser...
 

 
Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only administrator access to the Admin portal could exploit these vulnerabilities by browsing to one of the pages that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. For more information about these vulnerabilities, see the Details section of this advisory.

 
Low
CVE-2021-1416

Vendor: Cisco
Software: Identity ser...
 

 
Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only administrator access to the Admin portal could exploit these vulnerabilities by browsing to one of the pages that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. For more information about these vulnerabilities, see the Details section of this advisory.

 
2021-01-20
Medium
CVE-2021-1303

Vendor: Cisco
Software: Dna center
 

 
A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device. The vulnerability is due to improper enforcement of actions for assigned user roles. An attacker could exploit this vulnerability by authenticating as a user with an Observer role and executing commands on the affected device. A successful exploit could allow a user with the Observer role to execute commands to view diagnostic information of the devices that Cisco DNA Center manages.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top