Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
weave weave vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-35976
The GitOps Tools Extension for VSCode relies on kubeconfigs in order to communicate with Kubernetes clusters. A specially crafted kubeconfig leads to arbitrary code execution on behalf of the user running VSCode. Users relying on kubeconfigs that are generated or altered by other...
Weave Gitops Tools
9.8
CVSSv3
CVE-2022-35975
The GitOps Tools Extension for VSCode can make it easier to manage Flux objects. A specially crafted Flux object may allow for remote code execution in the machine running the extension, in the context of the user that is running VSCode. Users using the VSCode extension to manage...
Weave Gitops Tools
9.8
CVSSv3
CVE-2020-35464
Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the Weave Cloud Agent container may allow a remote malicious user to achieve root access with a blank password.
Weave Cloud Agent 1.3.0
9
CVSSv3
CVE-2019-5035
An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device co...
Google Nest Cam Iq Indoor Firmware 4620002
8.8
CVSSv3
CVE-2019-5038
An exploitable command execution vulnerability exists in the print-tlv command of Weave tool. A specially crafted weave TLV can trigger a stack-based buffer overflow, resulting in code execution. An attacker can trigger this vulnerability by convincing the user to open a speciall...
Openweave Openweave-core 4.0.2
8.8
CVSSv3
CVE-2019-5039
An exploitable command execution vulnerability exists in the ASN1 certificate writing functionality of Openweave-core version 4.0.2. A specially crafted weave certificate can trigger a heap-based buffer overflow, resulting in code execution. An attacker can craft a weave certific...
Openweave Openweave-core 4.0.2
8
CVSSv3
CVE-2020-26278
Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery. Weave Net before version 2.8.0 has a vulnerability in which can allow an malicious user to take over any host in the clus...
Weave Weave
7.8
CVSSv3
CVE-2022-23508
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources. GitOps run has a local S3...
Weave Weave Gitops
7.8
CVSSv3
CVE-2013-4251
The scipy.weave component in SciPy prior to 0.12.1 creates insecure temporary directories.
Scipy Scipy
Fedoraproject Fedora 19
Fedoraproject Fedora 20
Fedoraproject Fedora 18
Redhat Enterprise Linux 6.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 8.0
7.5
CVSSv3
CVE-2022-31098
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in the logging of Weave GitOps could allow an authenticated remote malicious user to view sensitive cluster configurations,...
Weave Weave Gitops 0.8.1
Weave Weave Gitops
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »