Common Weakness Enumeration

CWE-501

Allowed

Trust Boundary Violation

Abstraction: Base · Status: Draft

The product mixes trusted and untrusted data in the same data structure or structured message.

50 vulnerabilities reference this CWE, most recent first.

CVE-2024-23682 (GCVE-0-2024-23682)

Vulnerability from cvelistv5 – Published: 2024-01-19 20:13 – Updated: 2026-07-14 22:54
VLAI
Title
Artemis Java Test Sandbox Class Loading Escape
Summary
Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-501 - Trust Boundary Violation
  • CWE-653 - Improper Isolation or Compartmentalization
Assigner
Impacted products
Vendor Product Version
Affected: 0 , < 1.8.0 (maven)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:06:25.277Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://github.com/ls1intum/Ares/security/advisories/GHSA-227w-wv4j-67h4"
          },
          {
            "tags": [
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://github.com/ls1intum/Ares/issues/15"
          },
          {
            "tags": [
              "related",
              "x_transferred"
            ],
            "url": "https://github.com/ls1intum/Ares/releases/tag/1.8.0"
          },
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://github.com/advisories/GHSA-227w-wv4j-67h4"
          },
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://vulncheck.com/advisories/vc-advisory-GHSA-227w-wv4j-67h4"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 8.2,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23682",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-22T15:37:36.607839Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-20T18:25:03.328Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "de.tum.in.ase:artemis-java-test-sandbox",
          "packageURL": "pkg:maven/de.tum.in.ase/artemis-java-test-sandbox",
          "versions": [
            {
              "lessThan": "1.8.0",
              "status": "affected",
              "version": "0",
              "versionType": "maven"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:ls1intum:artemis_java_test_sandbox:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.8.0",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eArtemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-501",
              "description": "CWE-501 Trust Boundary Violation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-653",
              "description": "CWE-653 Improper Isolation or Compartmentalization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-14T22:54:43.394Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/ls1intum/Ares/security/advisories/GHSA-227w-wv4j-67h4"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/ls1intum/Ares/issues/15"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/ls1intum/Ares/releases/tag/1.8.0"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/advisories/GHSA-227w-wv4j-67h4"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vulncheck.com/advisories/vc-advisory-GHSA-227w-wv4j-67h4"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Artemis Java Test Sandbox Class Loading Escape",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2024-23682",
    "datePublished": "2024-01-19T20:13:55.453Z",
    "dateReserved": "2024-01-19T17:35:09.984Z",
    "dateUpdated": "2026-07-14T22:54:43.394Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-20265 (GCVE-0-2024-20265)

Vulnerability from cvelistv5 – Published: 2024-03-27 17:03 – Updated: 2024-08-01 21:52
VLAI
Summary
A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device. This vulnerability exists because unnecessary commands are available during boot time at the physical console. An attacker could exploit this vulnerability by interrupting the boot process and executing specific commands to bypass the Cisco Secure Boot validation checks and load an image that has been tampered with. This image would have been previously downloaded onto the targeted device. A successful exploit could allow the attacker to load the image once. The Cisco Secure Boot functionality is not permanently compromised.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-501 - Trust Boundary Violation
Assigner
Impacted products
Vendor Product Version
Cisco Cisco IOS XE Software Affected: N/A
Create a notification for this product.
Cisco Cisco Aironet Access Point Software Affected: 8.2.100.0
Affected: 8.2.130.0
Affected: 8.2.111.0
Affected: 8.2.110.0
Affected: 8.2.121.0
Affected: 8.2.141.0
Affected: 8.2.151.0
Affected: 8.2.160.0
Affected: 8.2.161.0
Affected: 8.2.164.0
Affected: 8.2.166.0
Affected: 8.2.170.0
Affected: 8.2.163.0
Affected: 8.3.102.0
Affected: 8.3.111.0
Affected: 8.3.112.0
Affected: 8.3.121.0
Affected: 8.3.122.0
Affected: 8.3.130.0
Affected: 8.3.131.0
Affected: 8.3.132.0
Affected: 8.3.133.0
Affected: 8.3.140.0
Affected: 8.3.141.0
Affected: 8.3.143.0
Affected: 8.3.150.0
Affected: 8.3.108.0
Affected: 8.3.90.53
Affected: 8.3.104.46
Affected: 8.3.200.200
Affected: 8.3.104.64
Affected: 8.3.15.165
Affected: 8.3.90.11
Affected: 8.3.135.0
Affected: 8.3.104.14
Affected: 8.3.90.36
Affected: 8.3.15.142
Affected: 8.3.104.37
Affected: 8.3.15.117
Affected: 8.3.15.120
Affected: 8.3.15.25
Affected: 8.3.15.158
Affected: 8.3.15.118
Affected: 8.3.90.25
Affected: 8.3.15.169
Affected: 8.3.90.58
Affected: 8.4.100.0
Affected: 8.4.1.199
Affected: 8.4.1.91
Affected: 8.4.1.142
Affected: 8.4.1.175
Affected: 8.4.1.218
Affected: 8.4.1.92
Affected: 8.5.103.0
Affected: 8.5.105.0
Affected: 8.5.110.0
Affected: 8.5.120.0
Affected: 8.5.131.0
Affected: 8.5.140.0
Affected: 8.5.135.0
Affected: 8.5.151.0
Affected: 8.5.101.0
Affected: 8.5.102.0
Affected: 8.5.161.0
Affected: 8.5.160.0
Affected: 8.5.100.0
Affected: 8.5.171.0
Affected: 8.5.164.0
Affected: 8.5.182.0
Affected: 8.5.182.11 ME
Affected: 8.7.102.0
Affected: 8.7.106.0
Affected: 8.7.1.16
Affected: 8.8.100.0
Affected: 8.8.111.0
Affected: 8.8.120.0
Affected: 8.8.125.0
Affected: 8.8.130.0
Affected: 8.6.101.0
Affected: 8.6.1.84
Affected: 8.6.1.70
Affected: 8.6.1.71
Affected: 8.9.100.0
Affected: 8.9.111.0
Affected: 8.10.105.0
Affected: 8.10.111.0
Affected: 8.10.130.0
Affected: 8.10.112.0
Affected: 8.10.122.0
Affected: 8.10.113.0
Affected: 8.10.121.0
Affected: 8.10.141.0
Affected: 8.10.142.0
Affected: 8.10.151.0
Affected: 8.10.150.0
Affected: 8.10.171.0
Affected: 8.10.181.0
Affected: 8.10.182.0
Affected: 8.10.161.0
Affected: 8.10.170.0
Affected: 8.10.183.0
Affected: 8.10.162.0
Affected: 8.10.185.0
Create a notification for this product.
Cisco Cisco Business Wireless Access Point Software Affected: 10.0.1.0
Affected: 10.0.2.0
Affected: 10.1.1.0
Affected: 10.1.2.0
Affected: 10.2.1.0
Affected: 10.2.2.0
Affected: 10.3.1.0
Affected: 10.3.1.1
Affected: 10.3.2.0
Affected: 10.4.1.0
Affected: 10.4.2.0
Affected: 10.6.1.0
Affected: 10.6.2.0
Affected: 10.7.1.0
Affected: 10.8.1.0
Affected: 10.5.2.0
Create a notification for this product.
Cisco Cisco Aironet Access Point Software (IOS XE Controller) Affected: 16.10.1e
Affected: 16.10.1
Affected: 17.1.1t
Affected: 17.1.1s
Affected: 17.1.1
Affected: 16.11.1a
Affected: 16.11.1
Affected: 16.11.1c
Affected: 16.11.1b
Affected: 16.12.1s
Affected: 16.12.4
Affected: 16.12.1
Affected: 16.12.2s
Affected: 16.12.1t
Affected: 16.12.4a
Affected: 16.12.5
Affected: 16.12.3
Affected: 16.12.6
Affected: 16.12.8
Affected: 16.12.7
Affected: 16.12.6a
Affected: 17.3.1
Affected: 17.3.2a
Affected: 17.3.3
Affected: 17.3.4
Affected: 17.3.5
Affected: 17.3.2
Affected: 17.3.4c
Affected: 17.3.5a
Affected: 17.3.5b
Affected: 17.3.6
Affected: 17.2.1
Affected: 17.2.1a
Affected: 17.2.3
Affected: 17.2.2
Affected: 17.5.1
Affected: 17.4.1
Affected: 17.4.2
Affected: 17.6.1
Affected: 17.6.2
Affected: 17.6.3
Affected: 17.6.4
Affected: 17.6.5
Affected: 17.6.6a
Affected: 17.6.5a
Affected: 17.10.1
Affected: 17.9.1
Affected: 17.9.2
Affected: 17.9.3
Affected: 17.7.1
Affected: 17.8.1
Affected: 17.11.1
Create a notification for this product.
cisco aironet_access_point_software Affected: 8.2.100.0 , ≤ 8.10.185.0 (custom)
    cpe:2.3:a:cisco:aironet_access_point_software:8.2.100.0:*:*:*:*:*:*:*
Create a notification for this product.
cisco business_wireless_access_point_software Affected: 10.0.1.0 , ≤ 10.8.1.0 (custom)
    cpe:2.3:a:cisco:business_wireless_access_point_software:10.0.1.0:*:*:*:*:*:*:*
Create a notification for this product.
cisco aironet_access_point_software Affected: 16.10.1 , ≤ 17.11.1 (custom)
    cpe:2.3:a:cisco:aironet_access_point_software:16.10.1:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cisco:aironet_access_point_software:8.2.100.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "aironet_access_point_software",
            "vendor": "cisco",
            "versions": [
              {
                "lessThanOrEqual": "8.10.185.0",
                "status": "affected",
                "version": "8.2.100.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:business_wireless_access_point_software:10.0.1.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "business_wireless_access_point_software",
            "vendor": "cisco",
            "versions": [
              {
                "lessThanOrEqual": "10.8.1.0",
                "status": "affected",
                "version": "10.0.1.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:aironet_access_point_software:16.10.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "aironet_access_point_software",
            "vendor": "cisco",
            "versions": [
              {
                "lessThanOrEqual": "17.11.1",
                "status": "affected",
                "version": "16.10.1",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20265",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-27T19:46:28.390425Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-01T15:33:37.498Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:52:31.616Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-ap-secureboot-bypass-zT5vJkSD",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-secureboot-bypass-zT5vJkSD"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS XE Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "product": "Cisco Aironet Access Point Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "8.2.100.0"
            },
            {
              "status": "affected",
              "version": "8.2.130.0"
            },
            {
              "status": "affected",
              "version": "8.2.111.0"
            },
            {
              "status": "affected",
              "version": "8.2.110.0"
            },
            {
              "status": "affected",
              "version": "8.2.121.0"
            },
            {
              "status": "affected",
              "version": "8.2.141.0"
            },
            {
              "status": "affected",
              "version": "8.2.151.0"
            },
            {
              "status": "affected",
              "version": "8.2.160.0"
            },
            {
              "status": "affected",
              "version": "8.2.161.0"
            },
            {
              "status": "affected",
              "version": "8.2.164.0"
            },
            {
              "status": "affected",
              "version": "8.2.166.0"
            },
            {
              "status": "affected",
              "version": "8.2.170.0"
            },
            {
              "status": "affected",
              "version": "8.2.163.0"
            },
            {
              "status": "affected",
              "version": "8.3.102.0"
            },
            {
              "status": "affected",
              "version": "8.3.111.0"
            },
            {
              "status": "affected",
              "version": "8.3.112.0"
            },
            {
              "status": "affected",
              "version": "8.3.121.0"
            },
            {
              "status": "affected",
              "version": "8.3.122.0"
            },
            {
              "status": "affected",
              "version": "8.3.130.0"
            },
            {
              "status": "affected",
              "version": "8.3.131.0"
            },
            {
              "status": "affected",
              "version": "8.3.132.0"
            },
            {
              "status": "affected",
              "version": "8.3.133.0"
            },
            {
              "status": "affected",
              "version": "8.3.140.0"
            },
            {
              "status": "affected",
              "version": "8.3.141.0"
            },
            {
              "status": "affected",
              "version": "8.3.143.0"
            },
            {
              "status": "affected",
              "version": "8.3.150.0"
            },
            {
              "status": "affected",
              "version": "8.3.108.0"
            },
            {
              "status": "affected",
              "version": "8.3.90.53"
            },
            {
              "status": "affected",
              "version": "8.3.104.46"
            },
            {
              "status": "affected",
              "version": "8.3.200.200"
            },
            {
              "status": "affected",
              "version": "8.3.104.64"
            },
            {
              "status": "affected",
              "version": "8.3.15.165"
            },
            {
              "status": "affected",
              "version": "8.3.90.11"
            },
            {
              "status": "affected",
              "version": "8.3.135.0"
            },
            {
              "status": "affected",
              "version": "8.3.104.14"
            },
            {
              "status": "affected",
              "version": "8.3.90.36"
            },
            {
              "status": "affected",
              "version": "8.3.15.142"
            },
            {
              "status": "affected",
              "version": "8.3.104.37"
            },
            {
              "status": "affected",
              "version": "8.3.15.117"
            },
            {
              "status": "affected",
              "version": "8.3.15.120"
            },
            {
              "status": "affected",
              "version": "8.3.15.25"
            },
            {
              "status": "affected",
              "version": "8.3.15.158"
            },
            {
              "status": "affected",
              "version": "8.3.15.118"
            },
            {
              "status": "affected",
              "version": "8.3.90.25"
            },
            {
              "status": "affected",
              "version": "8.3.15.169"
            },
            {
              "status": "affected",
              "version": "8.3.90.58"
            },
            {
              "status": "affected",
              "version": "8.4.100.0"
            },
            {
              "status": "affected",
              "version": "8.4.1.199"
            },
            {
              "status": "affected",
              "version": "8.4.1.91"
            },
            {
              "status": "affected",
              "version": "8.4.1.142"
            },
            {
              "status": "affected",
              "version": "8.4.1.175"
            },
            {
              "status": "affected",
              "version": "8.4.1.218"
            },
            {
              "status": "affected",
              "version": "8.4.1.92"
            },
            {
              "status": "affected",
              "version": "8.5.103.0"
            },
            {
              "status": "affected",
              "version": "8.5.105.0"
            },
            {
              "status": "affected",
              "version": "8.5.110.0"
            },
            {
              "status": "affected",
              "version": "8.5.120.0"
            },
            {
              "status": "affected",
              "version": "8.5.131.0"
            },
            {
              "status": "affected",
              "version": "8.5.140.0"
            },
            {
              "status": "affected",
              "version": "8.5.135.0"
            },
            {
              "status": "affected",
              "version": "8.5.151.0"
            },
            {
              "status": "affected",
              "version": "8.5.101.0"
            },
            {
              "status": "affected",
              "version": "8.5.102.0"
            },
            {
              "status": "affected",
              "version": "8.5.161.0"
            },
            {
              "status": "affected",
              "version": "8.5.160.0"
            },
            {
              "status": "affected",
              "version": "8.5.100.0"
            },
            {
              "status": "affected",
              "version": "8.5.171.0"
            },
            {
              "status": "affected",
              "version": "8.5.164.0"
            },
            {
              "status": "affected",
              "version": "8.5.182.0"
            },
            {
              "status": "affected",
              "version": "8.5.182.11 ME"
            },
            {
              "status": "affected",
              "version": "8.7.102.0"
            },
            {
              "status": "affected",
              "version": "8.7.106.0"
            },
            {
              "status": "affected",
              "version": "8.7.1.16"
            },
            {
              "status": "affected",
              "version": "8.8.100.0"
            },
            {
              "status": "affected",
              "version": "8.8.111.0"
            },
            {
              "status": "affected",
              "version": "8.8.120.0"
            },
            {
              "status": "affected",
              "version": "8.8.125.0"
            },
            {
              "status": "affected",
              "version": "8.8.130.0"
            },
            {
              "status": "affected",
              "version": "8.6.101.0"
            },
            {
              "status": "affected",
              "version": "8.6.1.84"
            },
            {
              "status": "affected",
              "version": "8.6.1.70"
            },
            {
              "status": "affected",
              "version": "8.6.1.71"
            },
            {
              "status": "affected",
              "version": "8.9.100.0"
            },
            {
              "status": "affected",
              "version": "8.9.111.0"
            },
            {
              "status": "affected",
              "version": "8.10.105.0"
            },
            {
              "status": "affected",
              "version": "8.10.111.0"
            },
            {
              "status": "affected",
              "version": "8.10.130.0"
            },
            {
              "status": "affected",
              "version": "8.10.112.0"
            },
            {
              "status": "affected",
              "version": "8.10.122.0"
            },
            {
              "status": "affected",
              "version": "8.10.113.0"
            },
            {
              "status": "affected",
              "version": "8.10.121.0"
            },
            {
              "status": "affected",
              "version": "8.10.141.0"
            },
            {
              "status": "affected",
              "version": "8.10.142.0"
            },
            {
              "status": "affected",
              "version": "8.10.151.0"
            },
            {
              "status": "affected",
              "version": "8.10.150.0"
            },
            {
              "status": "affected",
              "version": "8.10.171.0"
            },
            {
              "status": "affected",
              "version": "8.10.181.0"
            },
            {
              "status": "affected",
              "version": "8.10.182.0"
            },
            {
              "status": "affected",
              "version": "8.10.161.0"
            },
            {
              "status": "affected",
              "version": "8.10.170.0"
            },
            {
              "status": "affected",
              "version": "8.10.183.0"
            },
            {
              "status": "affected",
              "version": "8.10.162.0"
            },
            {
              "status": "affected",
              "version": "8.10.185.0"
            }
          ]
        },
        {
          "product": "Cisco Business Wireless Access Point Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.1.0"
            },
            {
              "status": "affected",
              "version": "10.0.2.0"
            },
            {
              "status": "affected",
              "version": "10.1.1.0"
            },
            {
              "status": "affected",
              "version": "10.1.2.0"
            },
            {
              "status": "affected",
              "version": "10.2.1.0"
            },
            {
              "status": "affected",
              "version": "10.2.2.0"
            },
            {
              "status": "affected",
              "version": "10.3.1.0"
            },
            {
              "status": "affected",
              "version": "10.3.1.1"
            },
            {
              "status": "affected",
              "version": "10.3.2.0"
            },
            {
              "status": "affected",
              "version": "10.4.1.0"
            },
            {
              "status": "affected",
              "version": "10.4.2.0"
            },
            {
              "status": "affected",
              "version": "10.6.1.0"
            },
            {
              "status": "affected",
              "version": "10.6.2.0"
            },
            {
              "status": "affected",
              "version": "10.7.1.0"
            },
            {
              "status": "affected",
              "version": "10.8.1.0"
            },
            {
              "status": "affected",
              "version": "10.5.2.0"
            }
          ]
        },
        {
          "product": "Cisco Aironet Access Point Software (IOS XE Controller)",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "16.10.1e"
            },
            {
              "status": "affected",
              "version": "16.10.1"
            },
            {
              "status": "affected",
              "version": "17.1.1t"
            },
            {
              "status": "affected",
              "version": "17.1.1s"
            },
            {
              "status": "affected",
              "version": "17.1.1"
            },
            {
              "status": "affected",
              "version": "16.11.1a"
            },
            {
              "status": "affected",
              "version": "16.11.1"
            },
            {
              "status": "affected",
              "version": "16.11.1c"
            },
            {
              "status": "affected",
              "version": "16.11.1b"
            },
            {
              "status": "affected",
              "version": "16.12.1s"
            },
            {
              "status": "affected",
              "version": "16.12.4"
            },
            {
              "status": "affected",
              "version": "16.12.1"
            },
            {
              "status": "affected",
              "version": "16.12.2s"
            },
            {
              "status": "affected",
              "version": "16.12.1t"
            },
            {
              "status": "affected",
              "version": "16.12.4a"
            },
            {
              "status": "affected",
              "version": "16.12.5"
            },
            {
              "status": "affected",
              "version": "16.12.3"
            },
            {
              "status": "affected",
              "version": "16.12.6"
            },
            {
              "status": "affected",
              "version": "16.12.8"
            },
            {
              "status": "affected",
              "version": "16.12.7"
            },
            {
              "status": "affected",
              "version": "16.12.6a"
            },
            {
              "status": "affected",
              "version": "17.3.1"
            },
            {
              "status": "affected",
              "version": "17.3.2a"
            },
            {
              "status": "affected",
              "version": "17.3.3"
            },
            {
              "status": "affected",
              "version": "17.3.4"
            },
            {
              "status": "affected",
              "version": "17.3.5"
            },
            {
              "status": "affected",
              "version": "17.3.2"
            },
            {
              "status": "affected",
              "version": "17.3.4c"
            },
            {
              "status": "affected",
              "version": "17.3.5a"
            },
            {
              "status": "affected",
              "version": "17.3.5b"
            },
            {
              "status": "affected",
              "version": "17.3.6"
            },
            {
              "status": "affected",
              "version": "17.2.1"
            },
            {
              "status": "affected",
              "version": "17.2.1a"
            },
            {
              "status": "affected",
              "version": "17.2.3"
            },
            {
              "status": "affected",
              "version": "17.2.2"
            },
            {
              "status": "affected",
              "version": "17.5.1"
            },
            {
              "status": "affected",
              "version": "17.4.1"
            },
            {
              "status": "affected",
              "version": "17.4.2"
            },
            {
              "status": "affected",
              "version": "17.6.1"
            },
            {
              "status": "affected",
              "version": "17.6.2"
            },
            {
              "status": "affected",
              "version": "17.6.3"
            },
            {
              "status": "affected",
              "version": "17.6.4"
            },
            {
              "status": "affected",
              "version": "17.6.5"
            },
            {
              "status": "affected",
              "version": "17.6.6a"
            },
            {
              "status": "affected",
              "version": "17.6.5a"
            },
            {
              "status": "affected",
              "version": "17.10.1"
            },
            {
              "status": "affected",
              "version": "17.9.1"
            },
            {
              "status": "affected",
              "version": "17.9.2"
            },
            {
              "status": "affected",
              "version": "17.9.3"
            },
            {
              "status": "affected",
              "version": "17.7.1"
            },
            {
              "status": "affected",
              "version": "17.8.1"
            },
            {
              "status": "affected",
              "version": "17.11.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device.\r\n\r This vulnerability exists because unnecessary commands are available during boot time at the physical console. An attacker could exploit this vulnerability by interrupting the boot process and executing specific commands to bypass the Cisco Secure Boot validation checks and load an image that has been tampered with. This image would have been previously downloaded onto the targeted device. A successful exploit could allow the attacker to load the image once. The Cisco Secure Boot functionality is not permanently compromised."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-501",
              "description": "Trust Boundary Violation",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-27T17:03:54.505Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-ap-secureboot-bypass-zT5vJkSD",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-secureboot-bypass-zT5vJkSD"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ap-secureboot-bypass-zT5vJkSD",
        "defects": [
          "CSCwf62026"
        ],
        "discovery": "INTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20265",
    "datePublished": "2024-03-27T17:03:54.505Z",
    "dateReserved": "2023-11-08T15:08:07.624Z",
    "dateUpdated": "2024-08-01T21:52:31.616Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-3661 (GCVE-0-2024-3661)

Vulnerability from cvelistv5 – Published: 2024-05-06 18:31 – Updated: 2024-08-28 19:09
VLAI
Title
DHCP routing options can manipulate interface-based VPN traffic
Summary
DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-306 - Missing Authentication for Critical Function
  • CWE-501 - Trust Boundary Violation
Assigner
Impacted products
Vendor Product Version
IETF DHCP Affected: 0
Create a notification for this product.
Date Public
2002-12-31 01:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:20:00.420Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://datatracker.ietf.org/doc/html/rfc2131#section-7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://datatracker.ietf.org/doc/html/rfc3442#section-7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://tunnelvisionbug.com/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.leviathansecurity.com/research/tunnelvision"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://news.ycombinator.com/item?id=40279632"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://issuetracker.google.com/issues/263721377"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://news.ycombinator.com/item?id=40284111"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.agwa.name/blog/post/hardening_openvpn_for_def_con"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bst.cisco.com/quickview/bug/CSCwk05814"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2024-3661"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-170"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://my.f5.com/manage/s/article/K000139553"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3661",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-08T04:00:07.962328Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-28T19:09:06.995Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "DHCP",
          "vendor": "IETF",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        }
      ],
      "datePublic": "2002-12-31T01:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "DHCP can add routes to a client\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
            }
          ],
          "value": "DHCP can add routes to a client\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306 Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-501",
              "description": "CWE-501 Trust Boundary Violation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-01T15:04:50.790Z",
        "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "shortName": "cisa-cg"
      },
      "references": [
        {
          "url": "https://datatracker.ietf.org/doc/html/rfc2131#section-7"
        },
        {
          "url": "https://datatracker.ietf.org/doc/html/rfc3442#section-7"
        },
        {
          "url": "https://tunnelvisionbug.com/"
        },
        {
          "url": "https://www.leviathansecurity.com/research/tunnelvision"
        },
        {
          "url": "https://news.ycombinator.com/item?id=40279632"
        },
        {
          "url": "https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/"
        },
        {
          "url": "https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/"
        },
        {
          "url": "https://issuetracker.google.com/issues/263721377"
        },
        {
          "url": "https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision"
        },
        {
          "url": "https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability"
        },
        {
          "url": "https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic"
        },
        {
          "url": "https://news.ycombinator.com/item?id=40284111"
        },
        {
          "url": "https://www.agwa.name/blog/post/hardening_openvpn_for_def_con"
        },
        {
          "url": "https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/"
        },
        {
          "url": "https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661"
        },
        {
          "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009"
        },
        {
          "url": "https://bst.cisco.com/quickview/bug/CSCwk05814"
        },
        {
          "url": "https://security.paloaltonetworks.com/CVE-2024-3661"
        },
        {
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-170"
        },
        {
          "url": "https://my.f5.com/manage/s/article/K000139553"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "DHCP routing options can manipulate interface-based VPN traffic",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
    "assignerShortName": "cisa-cg",
    "cveId": "CVE-2024-3661",
    "datePublished": "2024-05-06T18:31:21.217Z",
    "dateReserved": "2024-04-11T17:24:22.637Z",
    "dateUpdated": "2024-08-28T19:09:06.995Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-1725 (GCVE-0-2024-1725)

Vulnerability from cvelistv5 – Published: 2024-03-07 20:09 – Updated: 2025-11-14 01:32
VLAI
Title
Kubevirt-csi: persistentvolume allows access to hcp's root node
Summary
A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-501 - Trust Boundary Violation
Assigner
References
URL Tags
https://access.redhat.com/errata/RHSA-2024:1559 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1891 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2047 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-1725 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2265398 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Unaffected: a61f36c42700f54352919318ed806d1ae2d716f4 , < * (git)
Red Hat Red Hat OpenShift Container Platform 4.13 Unaffected: v4.13.0-202404200313.p0.g9d909f7.assembly.stream.el8 , < * (rpm)
    cpe:/a:redhat:openshift:4.13::el9
    cpe:/a:redhat:openshift:4.13::el8
Create a notification for this product.
Red Hat Red Hat OpenShift Container Platform 4.14 Unaffected: v4.14.0-202404161544.p0.g48fafc4.assembly.stream.el8 , < * (rpm)
    cpe:/a:redhat:openshift:4.14::el9
    cpe:/a:redhat:openshift:4.14::el8
Create a notification for this product.
Red Hat Red Hat OpenShift Container Platform 4.15 Unaffected: v4.15.0-202403220332.p0.gd3bdbce.assembly.stream.el8 , < * (rpm)
    cpe:/a:redhat:openshift:4.15::el9
    cpe:/a:redhat:openshift:4.15::el8
Create a notification for this product.
Date Public
2024-03-06 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:48:21.831Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:1559",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1559"
          },
          {
            "name": "RHSA-2024:1891",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1891"
          },
          {
            "name": "RHSA-2024:2047",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2047"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2024-1725"
          },
          {
            "name": "RHBZ#2265398",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265398"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-1725",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-12T18:08:26.582074Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-12T20:40:55.445Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/openshift/kubevirt-csi-driver/",
          "packageName": "kubevirt-csi-driver",
          "repo": "https://github.com/openshift/kubevirt-csi-driver/",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "a61f36c42700f54352919318ed806d1ae2d716f4",
              "versionType": "git"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.13::el9",
            "cpe:/a:redhat:openshift:4.13::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/kubevirt-csi-driver-rhel8",
          "product": "Red Hat OpenShift Container Platform 4.13",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.13.0-202404200313.p0.g9d909f7.assembly.stream.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.14::el9",
            "cpe:/a:redhat:openshift:4.14::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/kubevirt-csi-driver-rhel8",
          "product": "Red Hat OpenShift Container Platform 4.14",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.14.0-202404161544.p0.g48fafc4.assembly.stream.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.15::el9",
            "cpe:/a:redhat:openshift:4.15::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/kubevirt-csi-driver-rhel8",
          "product": "Red Hat OpenShift Container Platform 4.15",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-202403220332.p0.gd3bdbce.assembly.stream.el8",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "datePublic": "2024-03-06T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the kubevirt-csi component of OpenShift Virtualization\u0027s Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node\u0027s volume by creating a custom Persistent Volume that matches the name of a worker node."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-501",
              "description": "Trust Boundary Violation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-14T01:32:09.565Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:1559",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1559"
        },
        {
          "name": "RHSA-2024:1891",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1891"
        },
        {
          "name": "RHSA-2024:2047",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2047"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-1725"
        },
        {
          "name": "RHBZ#2265398",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265398"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-02-19T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-03-06T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Kubevirt-csi: persistentvolume allows access to hcp\u0027s root node",
      "x_redhatCweChain": "CWE-501: Trust Boundary Violation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-1725",
    "datePublished": "2024-03-07T20:09:11.616Z",
    "dateReserved": "2024-02-21T20:27:59.807Z",
    "dateUpdated": "2025-11-14T01:32:09.565Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-49788 (GCVE-0-2023-49788)

Vulnerability from cvelistv5 – Published: 2023-12-08 20:02 – Updated: 2024-08-02 22:01
VLAI
Title
Improper handling of browser-side provided input in richdocuments path handling
Summary
Collabora Online is a collaborative online office suite based on LibreOffice technology. Unlike a standalone dedicated Collabora Online server, the Built-in CODE Server (richdocumentscode) is run without chroot sandboxing. Vulnerable versions of the richdocumentscode app can be susceptible to attack via modified client->server commands to overwrite files outside the sub directory the server has provided for the transient session. Files which can be accessed are limited to those that the server process has access to. The bug was fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.602. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CWE
  • CWE-501 - Trust Boundary Violation
  • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
Vendor Product Version
CollaboraOnline online Affected: < 23.5.602
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:01:26.035Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-3r69-xvf7-v94j",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-3r69-xvf7-v94j"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "online",
          "vendor": "CollaboraOnline",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 23.5.602"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Collabora Online is a collaborative online office suite based on LibreOffice technology. Unlike a standalone dedicated Collabora Online server, the Built-in CODE Server (richdocumentscode) is run without chroot sandboxing. Vulnerable versions of the richdocumentscode app can be susceptible to attack via modified client-\u003eserver commands to overwrite files outside the sub directory the server has provided for the transient session. Files which can be accessed are limited to those that the server process has access to. The bug was fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.602. Users are advised to upgrade. There are no known workarounds for this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-501",
              "description": "CWE-501: Trust Boundary Violation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-08T20:02:07.086Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-3r69-xvf7-v94j",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-3r69-xvf7-v94j"
        }
      ],
      "source": {
        "advisory": "GHSA-3r69-xvf7-v94j",
        "discovery": "UNKNOWN"
      },
      "title": "Improper handling of browser-side provided input in richdocuments path handling"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-49788",
    "datePublished": "2023-12-08T20:02:07.086Z",
    "dateReserved": "2023-11-30T13:39:50.862Z",
    "dateUpdated": "2024-08-02T22:01:26.035Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-28597 (GCVE-0-2023-28597)

Vulnerability from cvelistv5 – Published: 2023-03-27 00:00 – Updated: 2025-02-19 15:27
VLAI
Title
Improper trust boundary implementation for SMB in Zoom Clients
Summary
Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user's device and data, and remote code execution.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-501 - Trust Boundary Violation
Assigner
Date Public
2023-03-14 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T13:43:22.755Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-28597",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-19T15:26:38.358743Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-501",
                "description": "CWE-501 Trust Boundary Violation",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-19T15:27:48.810Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Zoom (for Android, iOS, Linux, macOS, and Windows)",
          "vendor": "Zoom Video Communications Inc",
          "versions": [
            {
              "lessThan": "5.13.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Zoom Rooms (for Android, iOS, Linux, macOS, and Windows)",
          "vendor": "Zoom Video Communications Inc",
          "versions": [
            {
              "lessThan": "5.13.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Zoom VDI for Windows",
          "vendor": "Zoom Video Communications Inc",
          "versions": [
            {
              "lessThan": "5.13.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-03-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom\u2019s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user\u0027s device and data, and remote code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-501",
              "description": "CWE-501: Trust Boundary Violation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-27T00:00:00.000Z",
        "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "shortName": "Zoom"
      },
      "references": [
        {
          "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Improper trust boundary implementation for SMB in Zoom Clients",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
    "assignerShortName": "Zoom",
    "cveId": "CVE-2023-28597",
    "datePublished": "2023-03-27T00:00:00.000Z",
    "dateReserved": "2023-03-17T00:00:00.000Z",
    "dateUpdated": "2025-02-19T15:27:48.810Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-0629 (GCVE-0-2023-0629)

Vulnerability from cvelistv5 – Published: 2023-03-13 11:16 – Updated: 2025-02-27 20:12
VLAI
Title
Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation restrictions via the raw Docker socket and launch privileged containers
Summary
Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linux on Windows, via the -H (--host) CLI flag or the DOCKER_HOST environment variable and launch containers without the additional hardening features provided by ECI. This would not affect already running containers, nor containers launched through the usual approach (without Docker's raw socket). The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. This issue has been fixed in Docker Desktop 4.17.0. Affected Docker Desktop versions: from 4.13.0 before 4.17.0.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-424 - Improper Protection of Alternate Path
  • CWE-501 - Trust Boundary Violation
Assigner
References
Impacted products
Vendor Product Version
Docker Inc. Docker Desktop Affected: 4.13.0 , < 4.17.0 (semver)
Create a notification for this product.
Date Public
2023-03-13 11:15
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:17:50.272Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "release-notes",
              "x_transferred"
            ],
            "url": "https://docs.docker.com/desktop/release-notes/#4170"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-0629",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-27T20:07:27.576557Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T20:12:56.479Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Settings Management",
            "Enhanced Container Isolation"
          ],
          "platforms": [
            "MacOS",
            "Windows (Hyper-V)",
            "Linux"
          ],
          "product": "Docker Desktop",
          "vendor": "Docker Inc.",
          "versions": [
            {
              "lessThan": "4.17.0",
              "status": "affected",
              "version": "4.13.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2023-03-13T11:15:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to \u003ctt\u003edocker.raw.sock\u003c/tt\u003e, or \u003ctt\u003enpipe:////.pipe/docker_engine_linux\u003c/tt\u003e on Windows, via the \u003ctt\u003e-H\u003c/tt\u003e (\u003ctt\u003e--host\u003c/tt\u003e) CLI flag or the \u003ctt\u003eDOCKER_HOST\u003c/tt\u003e environment variable and launch containers without the additional hardening features provided by ECI. This would not affect already running containers, nor containers launched through the usual approach (without Docker\u0027s raw socket).\u003cbr\u003e\u003cbr\u003eThe affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges.\u003cbr\u003e\u003cp\u003eThis issue has been fixed in Docker Desktop 4.17.0. \u003cbr\u003e\u003cbr\u003eAffected Docker Desktop versions: from 4.13.0 before 4.17.0.\u003c/p\u003e"
            }
          ],
          "value": "Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linux on Windows, via the -H (--host) CLI flag or the DOCKER_HOST environment variable and launch containers without the additional hardening features provided by ECI. This would not affect already running containers, nor containers launched through the usual approach (without Docker\u0027s raw socket).\n\nThe affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges.\nThis issue has been fixed in Docker Desktop 4.17.0. \n\nAffected Docker Desktop versions: from 4.13.0 before 4.17.0.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-554",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-554 Functionality Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-424",
              "description": "CWE-424: Improper Protection of Alternate Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-501",
              "description": "CWE-501: Trust Boundary Violation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-13T11:16:41.171Z",
        "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "shortName": "Docker"
      },
      "references": [
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://docs.docker.com/desktop/release-notes/#4170"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation restrictions via the raw Docker socket and launch privileged containers",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
    "assignerShortName": "Docker",
    "cveId": "CVE-2023-0629",
    "datePublished": "2023-03-13T11:16:41.171Z",
    "dateReserved": "2023-02-01T22:40:41.487Z",
    "dateUpdated": "2025-02-27T20:12:56.479Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-0627 (GCVE-0-2023-0627)

Vulnerability from cvelistv5 – Published: 2023-09-25 15:31 – Updated: 2024-09-24 15:37
VLAI
Title
Docker Desktop 4.11.x allows --no-windows-containers flag bypass
Summary
Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-501 - Trust Boundary Violation
Assigner
References
Impacted products
Date Public
2022-09-01 10:00
Credits
Cure53
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:17:50.133Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "release-notes",
              "x_transferred"
            ],
            "url": "https://docs.docker.com/desktop/release-notes/#4120"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-0627",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-24T15:37:26.565896Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-24T15:37:48.589Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows",
            "x86"
          ],
          "product": "Docker Desktop",
          "vendor": "Docker Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "4.11.x"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Docker Desktop installed with the\u0026nbsp;\u003cspan style=\"background-color: rgb(239, 250, 102);\"\u003e--no-widnows-containers\u003c/span\u003e flag"
            }
          ],
          "value": "Docker Desktop installed with the\u00a0--no-widnows-containers flag"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Cure53"
        }
      ],
      "datePublic": "2022-09-01T10:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Docker Desktop 4.11.x allows \u003cspan style=\"background-color: rgb(239, 250, 102);\"\u003e--no-windows-containers\u003c/span\u003e flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).\u003cp\u003eThis issue affects Docker Desktop: 4.11.X.\u003c/p\u003e"
            }
          ],
          "value": "Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-554",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-554 Functionality Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-501",
              "description": "CWE-501: Trust Boundary Violation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-25T15:31:58.782Z",
        "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "shortName": "Docker"
      },
      "references": [
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://docs.docker.com/desktop/release-notes/#4120"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to 4.12.0"
            }
          ],
          "value": "Update to 4.12.0"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Docker Desktop 4.11.x allows --no-windows-containers flag bypass",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
    "assignerShortName": "Docker",
    "cveId": "CVE-2023-0627",
    "datePublished": "2023-09-25T15:31:58.782Z",
    "dateReserved": "2023-02-01T22:31:05.774Z",
    "dateUpdated": "2024-09-24T15:37:48.589Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-20826 (GCVE-0-2022-20826)

Vulnerability from cvelistv5 – Published: 2022-11-10 17:31 – Updated: 2024-08-03 02:24
VLAI
Summary
A vulnerability in the secure boot implementation of Cisco Secure Firewalls 3100 Series that are running Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated attacker with physical access to the device to bypass the secure boot functionality. This vulnerability is due to a logic error in the boot process. An attacker could exploit this vulnerability by injecting malicious code into a specific memory location during the boot process of an affected device. A successful exploit could allow the attacker to execute persistent code at boot time and break the chain of trust.
CWE
  • CWE-501 - Trust Boundary Violation
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Adaptive Security Appliance (ASA) Software Affected: 9.17.1
Affected: 9.17.1.9
Affected: 9.17.1.10
Affected: 9.17.1.13
Affected: 9.18.1
Affected: 9.18.1.3
Create a notification for this product.
Cisco Cisco Firepower Threat Defense Software Affected: 7.1.0
Affected: 7.2.0
Affected: 7.2.0.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:24:50.027Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-fw3100-secure-boot-5M8mUh26",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fw3100-secure-boot-5M8mUh26"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Adaptive Security Appliance (ASA) Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "9.17.1"
            },
            {
              "status": "affected",
              "version": "9.17.1.9"
            },
            {
              "status": "affected",
              "version": "9.17.1.10"
            },
            {
              "status": "affected",
              "version": "9.17.1.13"
            },
            {
              "status": "affected",
              "version": "9.18.1"
            },
            {
              "status": "affected",
              "version": "9.18.1.3"
            }
          ]
        },
        {
          "product": "Cisco Firepower Threat Defense Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "7.1.0"
            },
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "status": "affected",
              "version": "7.2.0.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the secure boot implementation of Cisco Secure Firewalls 3100 Series that are running Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated attacker with physical access to the device to bypass the secure boot functionality.\r\n\r This vulnerability is due to a logic error in the boot process. An attacker could exploit this vulnerability by injecting malicious code into a specific memory location during the boot process of an affected device. A successful exploit could allow the attacker to execute persistent code at boot time and break the chain of trust."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-501",
              "description": "Trust Boundary Violation",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-25T16:57:07.369Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-fw3100-secure-boot-5M8mUh26",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fw3100-secure-boot-5M8mUh26"
        }
      ],
      "source": {
        "advisory": "cisco-sa-fw3100-secure-boot-5M8mUh26",
        "defects": [
          "CSCwb08411"
        ],
        "discovery": "INTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2022-20826",
    "datePublished": "2022-11-10T17:31:54.657Z",
    "dateReserved": "2021-11-02T13:28:29.176Z",
    "dateUpdated": "2024-08-03T02:24:50.027Z",
    "requesterUserId": "4087f8c1-b21c-479b-99df-de23cb76b743",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-1799 (GCVE-0-2022-1799)

Vulnerability from cvelistv5 – Published: 2022-07-29 09:15 – Updated: 2025-04-21 13:51
VLAI
Title
Incorrect signature verification on Google play-services-basement in Google Play SDK
Summary
Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrading the SDK past the 2022-05-03 release.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-501 - Trust Boundary Violation
Assigner
References
Impacted products
Vendor Product Version
Google LLC Google Play Services SDK Affected: unspecified , < 18.0.2 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:17:00.354Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://developers.google.com/android/guides/releases#may_03_2022"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-1799",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-21T13:36:50.365222Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-21T13:51:11.410Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Google Play Services SDK",
          "vendor": "Google LLC",
          "versions": [
            {
              "lessThan": "18.0.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrading the SDK past the 2022-05-03 release."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-501",
              "description": "CWE-501 Trust Boundary Violation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-29T09:15:12.000Z",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://developers.google.com/android/guides/releases#may_03_2022"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Incorrect signature verification on Google play-services-basement in Google Play SDK",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2022-1799",
          "STATE": "PUBLIC",
          "TITLE": "Incorrect signature verification on Google play-services-basement in Google Play SDK"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Google Play Services SDK",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "18.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google LLC"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrading the SDK past the 2022-05-03 release."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-501 Trust Boundary Violation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://developers.google.com/android/guides/releases#may_03_2022",
              "refsource": "MISC",
              "url": "https://developers.google.com/android/guides/releases#may_03_2022"
            }
          ]
        },
        "source": {
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2022-1799",
    "datePublished": "2022-07-29T09:15:12.000Z",
    "dateReserved": "2022-05-19T00:00:00.000Z",
    "dateUpdated": "2025-04-21T13:51:11.410Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.