Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
linuxfoundation vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-39222
Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex instances with public clients (and by extension, clients accepting tokens issued by those Dex instances) are affected by this vulnerability if they are running a version before 2.35.0....
Linuxfoundation Dex
5
CVSSv2
CVE-2020-29662
In Harbor 2.0 prior to 2.0.5 and 2.1.x prior to 2.1.2 the catalog’s registry API is exposed on an unauthenticated path.
Linuxfoundation Harbor
4
CVSSv2
CVE-2021-41151
Backstage is an open platform for building developer portals. In affected versions A malicious actor could read sensitive files from the environment where Scaffolder Tasks are run. The attack is executed by crafting a custom Scaffolder template with a `github:publish:pull-request...
Linuxfoundation Backstage
NA
CVE-2022-46463
An access control issue in Harbor v1.X.X to v2.5.3 allows malicious users to access public and private image repositories without authentication. NOTE: the vendor's position is that this "is clearly described in the documentation as a feature."
Linuxfoundation Harbor
3 Github repositories
NA
CVE-2022-39383
KubeVela is an open source application delivery platform. Users using the VelaUX APIServer could be affected by this vulnerability. When using Helm Chart as the component delivery method, the request address of the warehouse is not restricted, and there is a blind SSRF vulnerabil...
Linuxfoundation Kubevela
NA
CVE-2022-25882
Versions of the package onnx prior to 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"
Linuxfoundation Onnx
3.5
CVSSv2
CVE-2021-32662
Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In `@backstage/techdocs-common` versions before 0.6.3, a malicious actor could read sensitive files from the environment where TechDocs...
Linuxfoundation Backstage
9.3
CVSSv2
CVE-2019-3567
In some configurations an attacker can inject a new executable path into the extensions.load file for osquery and hard link a parent folder of a malicious binary to a folder with known 'safe' permissions. Under those circumstances osquery will load said malicious execut...
Linuxfoundation Osquery
6.8
CVSSv2
CVE-2018-6336
An issue exists in osquery. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsig...
Linuxfoundation Osquery
NA
CVE-2023-25153
containerd is an open source container runtime. prior to 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. ...
Linuxfoundation Containerd
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »