Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
red hat vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2022-1025
All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level.
Linuxfoundation Argo-cd
NA
CVE-2023-23947
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All Argo CD versions starting with 2.3.0-rc1 and before 2.3.17, 2.4.23 2.5.11, and 2.6.2 are vulnerable to an improper authorization bug which allows users who have the ability to update at least one cluste...
Linuxfoundation Argo-cd
NA
CVE-2023-22482
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions of Argo CD starting with v1.8.2 and before 2.3.13, 2.4.19, 2.5.6, and 2.6.0-rc-3 are vulnerable to an improper authorization bug causing the API to accept certain invalid tokens. OIDC providers inc...
Linuxfoundation Argo-cd 2.6.0
Linuxfoundation Argo-cd
NA
CVE-2022-41354
An access control issue in Argo CD v2.4.12 and below allows unauthenticated malicious users to enumerate existing applications.
Linuxfoundation Argo-cd
4
CVSSv2
CVE-2022-24348
Argo CD prior to 2.1.9 and 2.2.x prior to 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file.
Linuxfoundation Argo-cd
5
CVSSv2
CVE-2020-25644
A memory leak flaw was found in WildFly OpenSSL in versions before 1.1.3.Final, where it removes an HTTP session. It may allow the malicious user to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability.
Redhat Wildfly Openssl
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Single Sign-on 7.0
Redhat Jboss Fuse 7.0.0
Redhat Jboss Data Grid 7.0.0
Redhat Openshift Application Runtimes -
Redhat Data Grid 8.0
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp Service Level Manager -
7.5
CVSSv2
CVE-2019-10173
It was found that xstream API version 1.4.10 prior to 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote malicious user to run arbitrary shell commands when unmarshalling XML or any support...
Xstream Project Xstream 1.4.10
Oracle Banking Platform 2.4.0
Oracle Webcenter Portal 12.2.1.3.0
Oracle Webcenter Portal 11.1.1.9.0
Oracle Utilities Framework 4.2.0.3.0
Oracle Utilities Framework 4.2.0.2.0
Oracle Utilities Framework 2.2.0.0.0
Oracle Endeca Information Discovery Studio 3.2.0
Oracle Utilities Framework 4.4.0.0.0
Oracle Communications Unified Inventory Management 7.4.0
Oracle Retail Xstore Point Of Service 17.0
Oracle Utilities Framework
Oracle Communications Diameter Signaling Router
Oracle Communications Unified Inventory Management 7.3.0
Oracle Banking Platform
Oracle Communications Billing And Revenue Management Elastic Charging Engine 11.3.0.9.0
Oracle Communications Billing And Revenue Management Elastic Charging Engine 12.0.0.3.0
Oracle Business Activity Monitoring 12.2.1.3.0
Oracle Business Activity Monitoring 11.1.1.9.0
Oracle Endeca Information Discovery Studio 3.2.0.0
Oracle Banking Platform 2.7.1
Oracle Banking Platform 2.9.0
2 Github repositories
4.3
CVSSv2
CVE-2019-14860
It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further access unauthorized information.
Redhat Fuse
Redhat Syndesis -
NA
CVE-2023-40029
Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored in`kubectl.kubernetes.io/last-applied-configuration` annotation. pull request #7139 int...
Linuxfoundation Argo Continuous Delivery
NA
CVE-2023-40584
Argo CD is a declarative continuous deployment for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, the said component extracts a user-controlled tar.gz file w...
Linuxfoundation Argo Continuous Delivery
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400
CVE-2023-7252
CVE-2024-21111
denial of service
CVE-2024-29661
CVE-2024-22856
remote attackers
encryption
CVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »