Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
coreos vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-5646
NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and previous versions, GT1450-QMBDE CoreOS version "05.65.00.BD" and previous versions, GT1450-QLBDE...
Mitsubishielectric Coreos
9.8
CVSSv3
CVE-2020-5644
Buffer overflow vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and previous versions, GT1450-QMBDE CoreOS version "05.65.00.BD" and previous versions, GT1450-QLBDE CoreOS ve...
Mitsubishielectric Coreos
5.5
CVSSv3
CVE-2022-3675
Fedora CoreOS supports setting a GRUB bootloader password using a Butane config. When this feature is enabled, GRUB requires a password to access the GRUB command-line, modify kernel command-line arguments, or boot non-default OSTree deployments. Recent Fedora CoreOS releases hav...
Redhat Fedora Coreos
5.5
CVSSv3
CVE-2021-3917
A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local malicious user to have read access to potentially sensitive data. The highest threat from this vulnerability is to c...
Redhat Coreos-installer
7.8
CVSSv3
CVE-2021-20319
An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original i...
Redhat Coreos-installer
9.1
CVSSv3
CVE-2022-3874
A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underly...
Redhat Satellite 6.0
Theforeman Foreman -
6.1
CVSSv3
CVE-2018-9090
CoreOS Tectonic 1.7.x and 1.8.x prior to 1.8.7-tectonic.2 deploys the Grafana web application using default credentials (admin/admin) for the administrator account located at grafana-credentials secret. This occurs because CoreOS does not randomize the administrative password to ...
Redhat Tectonic
7.5
CVSSv3
CVE-2018-5256
CoreOS Tectonic 1.7.x prior to 1.7.9-tectonic.4 and 1.8.x prior to 1.8.4-tectonic.3 mounts a direct proxy to the kubernetes cluster at /api/kubernetes/ which is accessible without authentication to Tectonic and allows an malicious user to directly connect to the kubernetes API se...
Redhat Tectonic
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2