CVE-2019-18414

Sourcecodester Restaurant Management System 1.0 is affected by an admin/staff-exec.php Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code or adding a staff entry via a crafted HTML page...

GHSA-549F-73HH-MJ38 Command Injection in gitlabhook

All versions of gitlabhook are vulnerable to Command Injection. The package does not validate input the body of POST request and concatenates it to an exec call, allowing attackers to run arbitrary commands in the system. Recommendation No fix is currently available. Consider using an alternative...

Node.js third-party modules: [create-git] RCE via insecure command formatting

The create-git NPM module was vulnerable against command injection which was possible since some user supplied inputs were concatenated without proper checks inside a exec call, which made possible executing arbitrary commands besides the git one which is used by the tool. The PoC resulted in: js...

CredSSP Remote Code Execution Vulnerability March 2018 Security Update

The remote Windows host allows fallback to insecure versions of Credential Security Support Provider protocol CredSSP. It is therefore, affected by a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could relay user credentials and use them to execute...

ALBA-2019:2723 container-tools:rhel8 bug fix update

Bug Fixes: race/corruption: podman failed to launch containers BZ1741110 podman exec can fail with "failed to write ... to cgroup.procs invalid argument" BZ1743163...

container-tools:rhel8 bug fix update

Bug Fixes: race/corruption: podman failed to launch containers BZ1741110 podman exec can fail with "failed to write ... to cgroup.procs invalid argument" BZ1743163...

openSUSE Security Update : podman / slirp4netns and libcontainers-common (openSUSE-2019-2044)

This is a version update for podman to version 1.4.4 bsc1143386. Additional changes by SUSE on top : - Remove fuse-overlayfs because it's currently an unsatisfied dependency on SLE bsc1143386 - Update libpod.conf to use correct infracommand - Update libpod.conf to use better versioned pause...

EulerOS 2.0 SP5 : libvirt (EulerOS-SA-2019-1796)

According to the versions of the libvirt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API CVE-2019-10161 - libvirt: virDomainManagedSaveDefineXML API exposed to...

Remote code execution

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'...

Privilege Escalation

github.com/hashicorp/nomad is vulnerable to privilege escalation. The vulnerability exists as the exec driver tasks run with full Linux capabilities...

HashiCorp Nomad Access Control Error Vulnerability

HashiCorp Nomad is a distributed, data center-aware cluster and application scheduler from HashiCorp, USA. The program supports the deployment of microservices, batch, containerized and non-containerized applications. An access control error vulnerability exists in HashiCorp Nomad versions 0.9.0...

CVE-2019-12618

HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver...

Design/Logic Flaw

HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver...

UBUNTU-CVE-2019-12618

HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver...

CVE-2019-12618

CVE-2019-12618 affects HashiCorp Nomad 0.9.0–0.9.1 with Incorrect Access Control via the exec driver. Root cause described as an access control error leading to privilege escalation via the exec driver. A fix is available in Nomad 0.9.2 (and later); update recommended. No exploitation details are...

CVE-2019-12618

HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver...

CVE-2019-12618

Removed by vendor...

CVE-2019-12618

HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver...

PT-2019-12895 · Hashicorp · Hashicorp Nomad

Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad versions 0.9.0 through 0.9.1 Description: The issue is related to Incorrect Access Control via the exec driver. This affects the access control mechanism in HashiCorp Nomad, potentially allowing unauthorized access...

EulerOS 2.0 SP2 : libvirt (EulerOS-SA-2019-1724)

According to the versions of the libvirt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API CVE-2019-10161 - libvirt: arbitrary command execution via...