Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
coreos vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2020-5596
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and previous versions installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote malicious user to stop the network functio...
Mitsubishielectric Coreos
10
CVSSv2
CVE-2020-5599
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and previous versions installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command ('Argument Injection'...
Mitsubishielectric Coreos
NA
CVE-2022-3675
Fedora CoreOS supports setting a GRUB bootloader password using a Butane config. When this feature is enabled, GRUB requires a password to access the GRUB command-line, modify kernel command-line arguments, or boot non-default OSTree deployments. Recent Fedora CoreOS releases hav...
Redhat Fedora Coreos
6.8
CVSSv2
CVE-2021-20319
An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original i...
Redhat Coreos-installer
NA
CVE-2021-3917
A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local malicious user to have read access to potentially sensitive data. The highest threat from this vulnerability is to c...
Redhat Coreos-installer
NA
CVE-2022-3874
A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underly...
Redhat Satellite 6.0
Theforeman Foreman -
4.3
CVSSv2
CVE-2018-9090
CoreOS Tectonic 1.7.x and 1.8.x prior to 1.8.7-tectonic.2 deploys the Grafana web application using default credentials (admin/admin) for the administrator account located at grafana-credentials secret. This occurs because CoreOS does not randomize the administrative password to ...
Redhat Tectonic
5
CVSSv2
CVE-2018-5256
CoreOS Tectonic 1.7.x prior to 1.7.9-tectonic.4 and 1.8.x prior to 1.8.4-tectonic.3 mounts a direct proxy to the kubernetes cluster at /api/kubernetes/ which is accessible without authentication to Tectonic and allows an malicious user to directly connect to the kubernetes API se...
Redhat Tectonic
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2