Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
linuxfoundation vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2023-33199
Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the `intoto/v0.0.2` type can cause a panic on a thread within the Rekor process. The thread is recovered so the clie...
Linuxfoundation Rekor
7.8
CVSSv3
CVE-2023-28642
runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibitin...
Linuxfoundation Runc
2 Github repositories
6.1
CVSSv3
CVE-2022-4875
A vulnerability has been found in fossology and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument sql/VarValue leads to cross site scripting. The attack can be initiated remotely. The patch is identified as 8e0eba001662c7eb35f045...
Linuxfoundation Fossology
8.6
CVSSv3
CVE-2020-5259
In affected versions of dojox (NPM package), the jqMix method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to ...
Linuxfoundation Dojox
6.5
CVSSv3
CVE-2023-30512
CubeFS up to and including 3.2.1 allows Kubernetes cluster-level privilege escalation. This occurs because DaemonSet has cfs-csi-cluster-role and can thus list all secrets, including the admin secret.
Linuxfoundation Cubefs
5.3
CVSSv3
CVE-2020-29662
In Harbor 2.0 prior to 2.0.5 and 2.1.x prior to 2.1.2 the catalog’s registry API is exposed on an unauthenticated path.
Linuxfoundation Harbor
7.5
CVSSv3
CVE-2022-25882
Versions of the package onnx prior to 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"
Linuxfoundation Onnx
5.3
CVSSv3
CVE-2021-36157
An issue exists in Grafana Cortex up to and including 1.9.0. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Cortex will attempt to parse a r...
Linuxfoundation Cortex
8.1
CVSSv3
CVE-2021-36780
A Missing Authentication for Critical Function vulnerability in longhorn of SUSE Longhorn allows malicious users to connect to a longhorn-engine replica instance granting it the ability to read and write data to and from a replica that they should not have access to. This issue a...
Linuxfoundation Longhorn
7.5
CVSSv3
CVE-2022-31073
KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, the ServiceBus server on the edge side may be susceptible to a DoS attack if an HTTP request containing a ver...
Linuxfoundation Kubeedge
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »