linuxfoundation

550 tracked vulnerabilities.

CVE-2023-25809 MEDIUM
runc < 1.1.5 - Unauthenticated Permission Overwrite in /sys/fs/cgroup
Mar 29, 2023
CVSS 5.0
EPSS 0.00
CVE-2023-27561 HIGH
runc < 1.1.5 - Privilege Escalation via Custom Volume-Mount Configurations
Mar 03, 2023
CVSS 7.0
EPSS 0.00
CVE-2023-25173 MEDIUM
containerd < 1.5.18 - Incorrect Authorization via Supplementary Group Handling
Feb 16, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-25153 MEDIUM
containerd < 1.5.18 - Denial of Service via OCI Image Import
Feb 16, 2023
CVSS 6.2
EPSS 0.00
CVE-2023-25571 MEDIUM
Linuxfoundation Backstage Catalog-model < 1.2.0 - XSS
Feb 14, 2023
CVSS 6.8
EPSS 0.00
CVE-2023-25151 HIGH
opentelemetry-go-contrib 0.38.0-0.38.9 - Denial of Service via Query String Cardinality Exhaustion
Feb 08, 2023
CVSS 7.5
EPSS 0.01
CVE-2022-31671 HIGH
Harbor 2.0.0-2.4.2 and 1.0.0-1.10.12 - Authenticated Improper Authorization via P2P Preheat Execution Logs
Nov 14, 2024
CVSS 7.4
EPSS 0.01
CVE-2022-31670 HIGH
Harbor 1.0.0-1.10.12 - Authenticated Tag Retention Policy Modification via Permission Bypass
Nov 14, 2024
CVSS 7.7
EPSS 0.01
CVE-2022-31669 MEDIUM
Harbor 2.0.0-2.4.2 and 1.0.0-1.10.12 - Authenticated Improper Authorization in Tag Immutability Policy Update
Nov 14, 2024
CVSS 6.4
EPSS 0.00
CVE-2022-31668 HIGH
Harbor 2.0.0-2.4.2 - Authenticated Improper Authorization in P2P Preheat Policy Update
Nov 14, 2024
CVSS 7.4
EPSS 0.00
CVE-2022-31667 MEDIUM
Harbor 1.0.0-1.10.12 and 2.0.0-2.4.2 - Authenticated Improper Authorization via Robot Account Update
Nov 14, 2024
CVSS 6.4
EPSS 0.00
CVE-2022-31666 HIGH
Harbor 2.0.0-2.4.2 and 1.0.0-1.10.12 - Missing Authorization for Webhook Policy Management
Nov 14, 2024
CVSS 7.7
EPSS 0.00
CVE-2022-28357 CRITICAL
NATS nats-server <2.7.4 - Path Traversal
Sep 19, 2023
CVSS 9.8
EPSS 0.01
CVE-2022-32666 HIGH
Linuxfoundation Yocto - Denial of Service
Jul 04, 2023
CVSS 7.5
EPSS 0.01
CVE-2022-41354 MEDIUM
Argo CD < 2.4.28 and 2.5.0-2.5.16 - Unauthenticated Application Enumeration
Mar 27, 2023
CVSS 4.3
EPSS 0.01
CVE-2022-48363 HIGH
Automotive Grade Linux < 0.23.8 - Reachable Assertion via PipeWire Output Plugin
Feb 26, 2023
CVSS 7.5
EPSS 0.01
CVE-2022-25882 HIGH
ONNX < 1.13.0 - Path Traversal via Tensor Proto External Data Field
Jan 26, 2023
CVSS 7.5
EPSS 0.02
CVE-2022-46463 HIGH
Harbor 1.1.0-2.5.3 - Unauthenticated Access to Image Repositories
Jan 13, 2023
CVSS 7.5
EPSS 0.06
CVE-2022-4875 LOW
Fossology < 2023-01-02 - Cross-Site Scripting via sql/VarValue Argument
Jan 04, 2023
CVSS 2.4
EPSS 0.01
CVE-2022-23506 MEDIUM
Spinnaker Rosco < 1.27.3 - Sensitive Information Exposure in Packer Log Files
Jan 03, 2023
CVSS 4.3
EPSS 0.01
CVE-2022-23536 MEDIUM
Cortex <1.14.0 - Local File Inclusion
Dec 19, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-23471 MEDIUM
containerd < 1.5.16 - Memory Leak via CRI Stream Server Goroutine
Dec 07, 2022
CVSS 5.7
EPSS 0.01
CVE-2022-46770 HIGH
Mirage Firewall 0.8.0-0.8.3 - Denial of Service via Crafted Multicast UDP Packet
Dec 07, 2022
CVSS 7.5
EPSS 0.21
CVE-2022-45932 HIGH
OpenDaylight < 0.16.5 - SQL Injection via Role Deletion API
Nov 27, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-45931 HIGH
OpenDaylight < 0.16.5 - SQL Injection via User Deletion API
Nov 27, 2022
CVSS 7.5
EPSS 0.01