CVE-2022-2989

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to...

Buildah 安全漏洞

Buildah is a tool that supports building OCI container images. A security vulnerability exists in the Buildah container engine, which stems from the fact that if an attacker has direct access to an affected container where a supplemental group is used to set access permissions and is able to...

CVE-2022-38295

Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /tablemanager/view/cuusergroups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function...

CuppaCMS 跨站脚本漏洞

CuppaCMS is a content management system CMS. A security vulnerability exists in CuppaCMS v1.0, which originates from a cross-site scripting vulnerability in /tablemanager/view/cuusergroups that allows an attacker to execute arbitrary web script or HTML via a specially crafted payload injected int...

CVE-2022-36109

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use...

DEBIAN-CVE-2022-36109

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use...

Information disclosure

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use...

UBUNTU-CVE-2022-36109

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use...

CVE-2022-36109

CVE-2022-36109 concerns a bug in Moby/Docker Engine where supplementary groups are not set up correctly inside a container. An attacker with access to a container could manipulate supplementary group access to bypass primary group restrictions, potentially exposing sensitive information or enabli...

CVE-2022-36109

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use...

CVE-2022-36109 Moby vulnerability relating to supplementary group permissions

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use...

SmartVista SVFE2 SQL注入漏洞

SmartVista SVFE2 is a subsystem of SmartVista, Inc. A security vulnerability exists in SmartVista SVFE2 version v2.2.22, which originates via the UserForm:jid88, UserForm:jid90, and UserForm:jid92 parameters in /SVFE2/pages/feegroups/servicegroup.jsf contain multiple SQL injection vulnerabilities...

PT-2022-4745 · Docker +4 · Moby +5

Name of the Vulnerable Software and Affected Versions: Moby Docker Engine versions prior to 20.10.18 Description: The issue is related to the improper setup of supplementary groups in Moby Docker Engine, which can allow an attacker with direct access to a container to bypass primary group...

CVE-2022-2995

Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute...

CVE-2022-2990

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able t...

CVE-2022-2989

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to...

CRI-O 安全漏洞

CRI-O is a lightweight container runtime environment for the Kubernetes system. CRI-O suffers from a security vulnerability that stems from the fact that if an attacker has direct access to an affected container where a supplemental group is used to set access permissions and is able to execute...

PT-2022-19901 · Podman +11 · Podman +11

Name of the Vulnerable Software and Affected Versions: Buildah versions prior to 20.10.18 CRI-O versions prior to 20.10.18 Docker versions prior to 20.10.18 Moby Docker Engine versions prior to 20.10.18 Podman versions prior to 20.10.18 Description: The issue arises from an incorrect handling of...

PT-2022-19895 · Docker +7 · Moby +8

Name of the Vulnerable Software and Affected Versions: Moby Docker Engine versions prior to 20.10.18 Podman affected versions not specified CRI-O affected versions not specified Buildah affected versions not specified Docker affected versions not specified Description: An incorrect handling of...

de.julielab:julielab-concept-creation-bioportal (>=1.2.0 <=1.3.1), de.julielab:julielab-concept-creation-famplex (>=1.2.0 <=1.3.1) +6 more potentially affected by CVE-2022-37423 via org.neo4j.procedure:apoc (>=4.4.0.16 <=4.4.0.2)

org.neo4j.procedure:apoc MAVEN version =4.4.0.16, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.3.1 - org.jqassistant.plugin:jqassistant-apoc-plugin =2.0.0 Source cves: CVE-2022-37423 Source advisory: OSV:GHSA-78F9-745F-278P...