Lucene search
+L

6 matches found

Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.11 views

PT-2025-45355

Name of the Vulnerable Software and Affected Versions Advantech WebAccess/VPN versions prior to 1.1.5 Description The software contains a path traversal flaw in the AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction function. An authenticated network administrator can...

6.9CVSS6.5AI score0.00373EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.6 views

PT-2025-45357

Name of the Vulnerable Software and Affected Versions Advantech WebAccess/VPN versions prior to 1.1.5 Description The software contains a SQL injection issue in the AppManagementController.appUpgradeAction function. An authenticated, low-privileged user can inject SQL code through datatable searc...

8.6CVSS7.8AI score0.00284EPSS
Exploits0References5
Amazon
Amazon
added 2023/05/31 12:0 a.m.6 views

Important: runc

Issue Overview: runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not...

7.8CVSS6.8AI score0.00457EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2023/03/29 12:0 a.m.10 views

PT-2023-3586 · Runc +9 · Runc +9

Name of the Vulnerable Software and Affected Versions: runc versions prior to 1.1.5 Description: The issue is related to rootless runc making /sys/fs/cgroup writable under certain conditions, specifically when runc is executed inside the user namespace and the config.json does not specify the...

9.8CVSS6.7AI score0.04561EPSS
Exploits4References167
Positive Technologies
Positive Technologies
added 2023/03/25 12:0 a.m.7 views

PT-2023-3594 · Apparmor +10 · Apparmor +10

Name of the Vulnerable Software and Affected Versions: runc versions prior to 1.1.5 Description: The issue is related to the incorrect handling of symbolic links before accessing a file, which allows an attacker to access confidential data, compromise its integrity, and cause a denial of service...

9.8CVSS6.2AI score0.06604EPSS
Exploits5References173
Snyk
Snyk
added 2013/06/24 9:0 p.m.4 views

Arbitrary Script Injection

Overview Affected versions of this package are vulnerable to Arbitrary Script Injection due to improper sanitization of the $event object passed to the native constructor functions. That isn't protected by the fast paths in $parse. Remediation Upgrade angularjs to version 1.1.5 or higher...

8.1CVSS7.3AI score
Exploits0References2
Rows per page
Query Builder