4119 matches found
Information Disclosure
github.com/cri-o/cri-o is vulnerable to information disclosure.The vulnerability exists in setupContainerUser function in containercreate.go due to incorrect handling of the supplementary groups which allows an attacker to gain permissions and execute a binary code via container...
GHSA-PHJR-8J92-W5V7 CRI-O incorrect handling of supplementary groups may lead to sensitive information disclosure
Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute...
CRI-O incorrect handling of supplementary groups may lead to sensitive information disclosure
Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute...
AZL-39882 CVE-2022-2995 affecting package cri-o for versions less than 1.21.7-2
Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute...
CVE-2022-2995
Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute...
CVE-2022-2995
Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute...
CVE-2022-2995
Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute...
Information disclosure
Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute...
CVE-2022-2995
Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute...
SmartVista SVFE2 SQL注入漏洞
SmartVista SVFE2 is a subsystem of SmartVista, Inc. A security vulnerability exists in SmartVista SVFE2 version v2.2.22, which can be exploited to achieve SQL injection via the UserForm:jid88, UserForm:jid90, UserForm:jid92 parameters of the /SVFE2/pages/feegroups/countrygroup.jsf component. id92...
CVE-2022-39960
The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all groups from the Jira instance by making a groupexportdownload=true request to a plugins/servlet/groupexportforjira/admin/ URI...
Authorization
The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all groups from the Jira instance by making a groupexportdownload=true request to a plugins/servlet/groupexportforjira/admin/ URI...
An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
...
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
...
Information Disclosure
github.com/containers/podman is vulnerable to Information Disclosure. The vulnerability exists in multiple functions due to improper handling of the supplementary groups in the Podman container engine which allows an attacker to gain access to containers and execute arbitrary codes...
PT-2022-33395 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.19 through v5.19.3 Description: The issue is related to the vdpa sim blk, which is used to set the number of address spaces and virtqueue groups. The actual impact and attack plausibility have not yet been proven...
GHSA-4WJJ-JWC9-2X96 Podman's incorrect handling of the supplementary groups may lead to data disclosure, modification
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to...
GHSA-FJM8-M7M6-2FJP Buildah's incorrect handling of the supplementary groups may lead to data disclosure, modification
An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able t...
Buildah's incorrect handling of the supplementary groups may lead to data disclosure, modification
An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able t...
Podman's incorrect handling of the supplementary groups may lead to data disclosure, modification
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to...