Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
linuxfoundation vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-37918
Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. A vulnerability has been found in Dapr that allows bypassing API token authentication, which is used by the Dapr sidecar to authenticate calls coming from the application, with ...
Linuxfoundation Dapr
5
CVSSv2
CVE-2021-36157
An issue exists in Grafana Cortex up to and including 1.9.0. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Cortex will attempt to parse a r...
Linuxfoundation Cortex
NA
CVE-2023-25809
runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes `/sys/fs/cgroup` writable in following conditons: 1. when runc is executed inside the user namespace, and the `config.json` does n...
Linuxfoundation Runc
NA
CVE-2023-46738
CubeFS is an open-source cloud-native file storage system. A security vulnerability was found in CubeFS HandlerNode in versions before 3.3.1 that could allow authenticated users to send maliciously-crafted requests that would crash the ObjectNode and deny other users from using i...
Linuxfoundation Cubefs
NA
CVE-2023-46741
CubeFS is an open-source cloud-native file storage system. A vulnerability was found in CubeFS prior to version 3.3.1 that could allow users to read sensitive data from the logs which could allow them escalate privileges. CubeFS leaks configuration keys in plaintext format in the...
Linuxfoundation Cubefs
8.3
CVSSv2
CVE-2021-36779
A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions before 1.1.3; longhorn versions befo...
Linuxfoundation Longhorn
NA
CVE-2023-32684
Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to version 0.16.0, a virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is mounted from the host. The official templa...
Linuxfoundation Lima
3.5
CVSSv2
CVE-2021-32662
Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In `@backstage/techdocs-common` versions before 0.6.3, a malicious actor could read sensitive files from the environment where TechDocs...
Linuxfoundation Backstage
NA
CVE-2022-39222
Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex instances with public clients (and by extension, clients accepting tokens issued by those Dex instances) are affected by this vulnerability if they are running a version before 2.35.0....
Linuxfoundation Dex
NA
CVE-2023-30512
CubeFS up to and including 3.2.1 allows Kubernetes cluster-level privilege escalation. This occurs because DaemonSet has cfs-csi-cluster-role and can thus list all secrets, including the admin secret.
Linuxfoundation Cubefs
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
log injection
CVE-2024-37079
type confusion
CVE-2024-32943
CVE-2024-30103
CVE-2024-37350
arbitrary code
CVE-2024-6189
CVE-2024-6225
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »