Total
67 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-3789 | 1 Cloudfoundry | 1 Routing Release | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permissions can create a private domain that shadows the external domain of the route service, and map that route to an app. When the gorouter receives traffic destined for the external route service, this traffic will instead be directed to the internal app using the shadow route. | |||||
| CVE-2019-3787 | 1 Pivotal Software | 1 Cloud Foundry Uaa-release | 2024-11-21 | 4.3 MEDIUM | 8.3 HIGH |
| Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which leads to attack vectors including password recovery emails sent to a potentially fraudulent address. This would allow the attacker to gain complete control of the user's account. | |||||
| CVE-2019-15608 | 1 Yarnpkg | 1 Yarn | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The package integrity validation in yarn < 1.19.0 contains a TOCTOU vulnerability where the hash is computed before writing a package to cache. It's not computed again when reading from the cache. This may lead to a cache pollution attack. | |||||
| CVE-2024-1682 | 2024-11-18 | N/A | 4.3 MEDIUM | ||
| An unclaimed Amazon S3 bucket, 'codeconf', is referenced in an audio file link within the .rst documentation file. This bucket has been claimed by an external party. The use of this unclaimed S3 bucket could lead to data integrity issues, data leakage, availability problems, loss of trustworthiness, and potential further attacks if the bucket is used to host malicious content or as a pivot point for further attacks. | |||||
| CVE-2024-51523 | 1 Huawei | 1 Harmonyos | 2024-11-07 | N/A | 7.1 HIGH |
| Information management vulnerability in the Gallery module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2018-25104 | 2024-10-18 | 4.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was found in CoinGate Plugin up to 1.2.7 on PrestaShop. It has been rated as problematic. Affected by this issue is the function postProcess of the file modules/coingate/controllers/front/callback.php of the component Payment Handler. The manipulation leads to business logic errors. The attack may be launched remotely. Upgrading to version 1.2.8 is able to address this issue. The patch is identified as 0a3097db0aec7c5d66686c142c6abaa1e126ca16. It is recommended to upgrade the affected component. | |||||
| CVE-2024-42034 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-11 | N/A | 6.6 MEDIUM |
| LaunchAnywhere vulnerability in the account module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||