Filtered by vendor Linuxfoundation
Subscribe
Total
294 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20206 | 1 Linuxfoundation | 1 Container Network Interface | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
| An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as 'reboot'. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2021-31232 | 1 Linuxfoundation | 1 Cortex | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used. The HTTP basic auth password_file can be used as an attack vector to send any file content via a webhook. The alertmanager templates can be used as an attack vector to send any file content because the alertmanager can load any text file specified in the templates list. | |||||
| CVE-2021-32661 | 1 Linuxfoundation | 1 \@backstage\/plugin-techdocs | 2023-12-10 | 4.9 MEDIUM | 7.3 HIGH |
| Backstage is an open platform for building developer portals. In versions of Backstage's Techdocs Plugin (`@backstage/plugin-techdocs`) prior to 0.9.5, a malicious internal actor can potentially upload documentation content with malicious scripts by embedding the script within an `object` element. This may give access to sensitive data when other users visit that same documentation page. The ability to upload malicious content may be limited by internal code review processes, unless the chosen TechDocs deployment method is to use an object store and the actor has access to upload files directly to that store. The vulnerability is patched in the `0.9.5` release of `@backstage/plugin-techdocs`. | |||||
| CVE-2021-36157 | 1 Linuxfoundation | 1 Cortex | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Grafana Cortex through 1.9.0. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Cortex will attempt to parse a rules file at that location and include some of the contents in the error message. (Other Cortex API requests can also be sent a malicious OrgID header, e.g., tricking the ingester into writing metrics to a different location, but the effect is nuisance rather than information disclosure.) | |||||
| CVE-2021-32662 | 1 Linuxfoundation | 1 Backstage | 2023-12-10 | 3.5 LOW | 6.5 MEDIUM |
| Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In `@backstage/techdocs-common` versions prior to 0.6.3, a malicious actor could read sensitive files from the environment where TechDocs documentation is built and published by setting a particular path for `docs_dir` in `mkdocs.yml`. These files would then be available over the TechDocs backend API. This vulnerability is mitigated by the fact that an attacker would need access to modify the `mkdocs.yml` in the documentation source code, and would also need access to the TechDocs backend API. The vulnerability is patched in the `0.6.3` release of `@backstage/techdocs-common`. | |||||
| CVE-2021-29136 | 2 Linuxfoundation, Sylabs | 2 Umoci, Singularity | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used. | |||||
| CVE-2021-36153 | 1 Linuxfoundation | 1 Grpc Swift | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Mismanaged state in GRPCWebToHTTP2ServerCodec.swift in gRPC Swift 1.1.0 and 1.1.1 allows remote attackers to deny service by sending malformed requests. | |||||
| CVE-2021-36155 | 1 Linuxfoundation | 1 Grpc Swift | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates buffers of arbitrary length, which allows remote attackers to cause uncontrolled resource consumption and deny service. | |||||
| CVE-2021-23135 | 1 Linuxfoundation | 1 Argo Continuous Delivery | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs. This issue affects Argo CD 1.8 versions prior to 1.8.7; 1.7 versions prior to 1.7.14. | |||||
| CVE-2021-30465 | 2 Fedoraproject, Linuxfoundation | 2 Fedora, Runc | 2023-12-10 | 6.0 MEDIUM | 8.5 HIGH |
| runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition. | |||||
| CVE-2020-27847 | 1 Linuxfoundation | 1 Dex | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to bypass SAML authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects dex versions before 2.27.0. | |||||
| CVE-2020-11093 | 1 Linuxfoundation | 1 Indy-node | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Hyperledger Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In Hyperledger Indy before version 1.12.4, there is lack of signature verification on a specific transaction which enables an attacker to make certain unauthorized alterations to the ledger. Updating a DID with a nym transaction will be written to the ledger if neither ROLE or VERKEY are being changed, regardless of sender. A malicious DID with no particular role can ask an update for another DID (but cannot modify its verkey or role). This is bad because 1) Any DID can write a nym transaction to the ledger (i.e., any DID can spam the ledger with nym transactions), 2) Any DID can change any other DID's alias, 3) The update transaction modifies the ledger metadata associated with a DID. | |||||
| CVE-2021-21369 | 1 Linuxfoundation | 1 Besu | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Hyperledger Besu is an open-source, MainNet compatible, Ethereum client written in Java. In Besu before version 1.5.1 there is a denial-of-service vulnerability involving the HTTP JSON-RPC API service. If username and password authentication is enabled for the HTTP JSON-RPC API service, then prior to making any requests to an API endpoint the requestor must use the login endpoint to obtain a JSON web token (JWT) using their credentials. A single user can readily overload the login endpoint with invalid requests (incorrect password). As the supplied password is checked for validity on the main vertx event loop and takes a relatively long time this can cause the processing of other valid requests to fail. A valid username is required for this vulnerability to be exposed. This has been fixed in version 1.5.1. | |||||
| CVE-2020-26892 | 2 Fedoraproject, Linuxfoundation | 2 Fedora, Nats-server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled. | |||||
| CVE-2020-26521 | 2 Fedoraproject, Linuxfoundation | 2 Fedora, Nats-server | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code). | |||||
| CVE-2020-13794 | 1 Linuxfoundation | 1 Harbor | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| Harbor 1.9.* 1.10.* and 2.0.* allows Exposure of Sensitive Information to an Unauthorized Actor. | |||||
| CVE-2021-26924 | 1 Linuxfoundation | 1 Argo-cd | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Argo CD before 1.8.4. Browser XSS protection is not activated due to the missing XSS protection header. | |||||
| CVE-2021-26923 | 1 Linuxfoundation | 1 Argo-cd | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Argo CD before 1.8.4. Accessing the endpoint /api/version leaks internal information for the system, and this endpoint is not protected with authentication. | |||||
| CVE-2020-26290 | 1 Linuxfoundation | 1 Dex | 2023-12-10 | 6.8 MEDIUM | 9.6 CRITICAL |
| Dex is a federated OpenID Connect provider written in Go. In Dex before version 2.27.0 there is a critical set of vulnerabilities which impacts users leveraging the SAML connector. The vulnerabilities enables potential signature bypass due to issues with XML encoding in the underlying Go library. The vulnerabilities have been addressed in version 2.27.0 by using the xml-roundtrip-validator from Mattermost (see related references). | |||||
| CVE-2020-26273 | 1 Linuxfoundation | 1 Osquery | 2023-12-10 | 3.6 LOW | 5.2 MEDIUM |
| osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. In osquery before version 4.6.0, by using sqlite's ATTACH verb, someone with administrative access to osquery can cause reads and writes to arbitrary sqlite databases on disk. This _does_ allow arbitrary files to be created, but they will be sqlite databases. It does not appear to allow existing non-sqlite files to be overwritten. This has been patched in osquery 4.6.0. There are several mitigating factors and possible workarounds. In some deployments, the people with access to these interfaces may be considered administrators. In some deployments, configuration is managed by a central tool. This tool can filter for the `ATTACH` keyword. osquery can be run as non-root user. Because this also limits the desired access levels, this requires deployment specific testing and configuration. | |||||