6 matches found
PT-2025-45355
Name of the Vulnerable Software and Affected Versions Advantech WebAccess/VPN versions prior to 1.1.5 Description The software contains a path traversal flaw in the AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction function. An authenticated network administrator can...
PT-2025-45357
Name of the Vulnerable Software and Affected Versions Advantech WebAccess/VPN versions prior to 1.1.5 Description The software contains a SQL injection issue in the AppManagementController.appUpgradeAction function. An authenticated, low-privileged user can inject SQL code through datatable searc...
Important: runc
Issue Overview: runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not...
PT-2023-3586 · Runc +9 · Runc +9
Name of the Vulnerable Software and Affected Versions: runc versions prior to 1.1.5 Description: The issue is related to rootless runc making /sys/fs/cgroup writable under certain conditions, specifically when runc is executed inside the user namespace and the config.json does not specify the...
PT-2023-3594 · Apparmor +10 · Apparmor +10
Name of the Vulnerable Software and Affected Versions: runc versions prior to 1.1.5 Description: The issue is related to the incorrect handling of symbolic links before accessing a file, which allows an attacker to access confidential data, compromise its integrity, and cause a denial of service...
Arbitrary Script Injection
Overview Affected versions of this package are vulnerable to Arbitrary Script Injection due to improper sanitization of the $event object passed to the native constructor functions. That isn't protected by the fast paths in $parse. Remediation Upgrade angularjs to version 1.1.5 or higher...