Total
67 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-3789 | 1 Cloudfoundry | 1 Routing Release | 2024-11-21 | 6.5 Medium |
| Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permissions can create a private domain that shadows the external domain of the route service, and map that route to an app. When the gorouter receives traffic destined for the external route service, this traffic will instead be directed to the internal app using the shadow route. | ||||
| CVE-2019-3787 | 1 Pivotal Software | 1 Cloud Foundry Uaa-release | 2024-11-21 | N/A |
| Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which leads to attack vectors including password recovery emails sent to a potentially fraudulent address. This would allow the attacker to gain complete control of the user's account. | ||||
| CVE-2019-15608 | 1 Yarnpkg | 1 Yarn | 2024-11-21 | 5.9 Medium |
| The package integrity validation in yarn < 1.19.0 contains a TOCTOU vulnerability where the hash is computed before writing a package to cache. It's not computed again when reading from the cache. This may lead to a cache pollution attack. | ||||
| CVE-2024-1682 | 1 Psf | 1 Psf-requests | 2024-11-18 | 4.3 Medium |
| An unclaimed Amazon S3 bucket, 'codeconf', is referenced in an audio file link within the .rst documentation file. This bucket has been claimed by an external party. The use of this unclaimed S3 bucket could lead to data integrity issues, data leakage, availability problems, loss of trustworthiness, and potential further attacks if the bucket is used to host malicious content or as a pivot point for further attacks. | ||||
| CVE-2024-51523 | 1 Huawei | 1 Harmonyos | 2024-11-07 | 7.1 High |
| Information management vulnerability in the Gallery module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-42033 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-17 | 6.9 Medium |
| Access control vulnerability in the security verification module mpact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | ||||
| CVE-2024-42034 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-11 | 6.6 Medium |
| LaunchAnywhere vulnerability in the account module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||