Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
linuxfoundation vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-43669
A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.0.1, v2.3.0. It can easily break down as many orderers as the attacker wants. This bug can be leveraged by constructing a message whose header is invalid to the interface Order. This bug has been admitted ...
Linuxfoundation Fabric 1.4.0
Linuxfoundation Fabric 2.0.0
Linuxfoundation Fabric 2.0.1
Linuxfoundation Fabric 2.3.0
7.5
CVSSv3
CVE-2022-45932
A SQL injection issue exists in AAA in OpenDaylight (ODL) prior to 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java deleteRole function is affected when the API interface /auth/v1/roles/ is used.
Linuxfoundation Opendaylight 0.16.0
Linuxfoundation Opendaylight 0.16.4
Linuxfoundation Opendaylight 0.15.6
Linuxfoundation Opendaylight 0.15.0
4.3
CVSSv3
CVE-2019-3990
A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and information can be obtained about registered users can be obtained via ...
Linuxfoundation Harbor
Linuxfoundation Harbor 1.9.0
Linuxfoundation Harbor 1.9.1
8.1
CVSSv3
CVE-2022-31034
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently rando...
Linuxfoundation Argo-cd 2.3.4
Linuxfoundation Argo-cd 2.4.0
Linuxfoundation Argo-cd 2.2.9
Linuxfoundation Argo-cd
5.4
CVSSv3
CVE-2022-31035
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a `javascript:` link in the UI. When clicked by a victim user, the script ...
Linuxfoundation Argo-cd 2.3.4
Linuxfoundation Argo-cd 2.4.0
Linuxfoundation Argo-cd 2.2.9
Linuxfoundation Argo-cd
4.3
CVSSv3
CVE-2022-31036
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.3.0 are vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server. A ...
Linuxfoundation Argo-cd 2.3.4
Linuxfoundation Argo-cd 2.4.0
Linuxfoundation Argo-cd 2.2.9
Linuxfoundation Argo-cd
6.5
CVSSv3
CVE-2022-23536
Cortex provides multi-tenant, long term storage for Prometheus. A local file inclusion vulnerability exists in Cortex versions 1.13.0, 1.13.1 and 1.14.0, where a malicious actor could remotely read local files as a result of parsing maliciously crafted Alertmanager configurations...
Linuxfoundation Cortex 1.13.0
Linuxfoundation Cortex 1.13.1
Linuxfoundation Cortex 1.14.0
7.5
CVSSv3
CVE-2021-43667
A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the method 'forwardToLeader'. This bug has been admitted and fixed by the developers of...
Linuxfoundation Fabric 1.4.0
Linuxfoundation Fabric 2.0.0
Linuxfoundation Fabric 2.1.0
7.1
CVSSv3
CVE-2023-40025
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting from version 2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already expired. The...
Linuxfoundation Argo-cd 2.8.0
Linuxfoundation Argo-cd 2.7.11
Linuxfoundation Argo-cd
7.5
CVSSv3
CVE-2021-36155
LengthPrefixedMessageReader in gRPC Swift 1.1.0 and previous versions allocates buffers of arbitrary length, which allows remote malicious users to cause uncontrolled resource consumption and deny service.
Linuxfoundation Grpc Swift 1.0.0
Linuxfoundation Grpc Swift 1.1.0
Linuxfoundation Grpc Swift 1.1.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »