Linuxfoundation: Security Vulnerabilities
SQL-Injection in Harbor allows priviledge users to leak the task IDs
CVSS Score
2.7
EPSS Score
0.003
Published
2024-06-11
Open Redirect in HarborĀ <=v2.8.4, <=v2.9.2, and <=v2.10.0 may redirect a user to a malicious site.
CVSS Score
4.3
EPSS Score
0.003
Published
2024-06-10
A vulnerability in the `download_model_with_test_data` function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system, potentially leading to remote code execution, deletion of system, personal, or application files, thus impacting the integrity and availability of the system. The issue arises from the function's handling of tar file extraction without performing security checks on the paths within the tar file, as demonstrated by the ability to overwrite the `/home/kali/.ssh/authorized_keys` file by specifying an absolute path in the malicious tar file.
CVSS Score
8.8
EPSS Score
0.018
Published
2024-06-06
In DA, there is a possible permission bypass due to an incorrect status check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355514; Issue ID: ALPS08355514.
CVSS Score
5.3
EPSS Score
0.0
Published
2024-05-06
Open Networking Foundation SD-RAN onos-kpimon 0.4.7 allows out-of-bounds array access in the processIndicationFormat1 function.
CVSS Score
8.1
EPSS Score
0.001
Published
2024-04-30
Open Networking Foundation SD-RAN ONOS onos-kpimon 0.4.7 allows blocking of the errCh channel within the Start function of the monitoring package.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-04-30
Open Networking Foundation SD-RAN ONOS onos-ric-sdk-go 0.8.12 allows infinite repetition of the processing of an error (in the Subscribe function implementation for the subscribed indication stream).
CVSS Score
6.5
EPSS Score
0.001
Published
2024-04-30
Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an index out-of-range condition in parseAlignBits.
CVSS Score
8.1
EPSS Score
0.002
Published
2024-04-30
Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an index out-of-range condition in putBitString.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-04-30
O-RAN RICAPP kpimon-go I-Release has a segmentation violation via a certain E2AP-PDU message.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-04-30