linuxfoundation

523 tracked vulnerabilities.

CVE-2021-41131 HIGH
The Update Framework < 0.18.1 and TUF < 0.19.0 - Path Traversal via Role Name
Oct 19, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-41151 MEDIUM
Backstage 0.9.4-0.15.8 - Path Traversal via Scaffolder Template Source Path
Oct 18, 2021
CVSS 6.8
EPSS 0.01
CVE-2021-41103 HIGH
containerd < 1.4.11 - Unauthenticated Path Traversal and Privilege Escalation via Insufficient Directory Permissions
Oct 04, 2021
CVSS 7.8
EPSS 0.00
CVE-2021-39228 MEDIUM
Tremor 0.7.2-0.11.6 - Use-After-Free in State Patch/Merge Operation
Sep 17, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-36157 MEDIUM
Grafana Cortex <1.9.0 - Path Traversal
Aug 03, 2021
CVSS 5.3
EPSS 0.00
CVE-2021-32760 MEDIUM
containerd <1.4.8-1.5.4 - Privilege Escalation
Jul 19, 2021
CVSS 5.0
EPSS 0.00
CVE-2021-36155 HIGH
gRPC Swift <= 1.1.0 - Denial of Service via LengthPrefixedMessageReader
Jul 09, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-36154 HIGH
gRPC Swift <= 1.1.1 - Denial of Service via HTTP/2 Frame Message Flood
Jul 09, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-36153 HIGH
gRPC Swift 1.1.0-1.1.1 - Denial of Service via Malformed Requests
Jul 09, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-32662 MEDIUM
Backstage < 0.6.3 - Path Traversal via docs_dir in mkdocs.yml
Jun 03, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-32661 MEDIUM
@backstage/plugin-techdocs < 0.9.5 - Stored Cross-Site Scripting via Object Element Injection
Jun 03, 2021
CVSS 6.8
EPSS 0.00
CVE-2021-32660 MEDIUM
@backstage/tehdocs-common <0.6.4 - Info Disclosure
Jun 03, 2021
CVSS 6.8
EPSS 0.00
CVE-2021-30465 HIGH
runc < 1.0.0-rc95 - Container Filesystem Breakout via Directory Traversal Race Condition
May 27, 2021
CVSS 8.5
EPSS 0.01
CVE-2021-31232 MEDIUM
CNCF Cortex <1.8.1 - Info Disclosure
Apr 30, 2021
CVSS 5.5
EPSS 0.00
CVE-2021-20288 HIGH
Ceph < 14.2.20 - Authentication Bypass via Key Reuse
Apr 15, 2021
CVSS 7.2
EPSS 0.00
CVE-2021-29136 MEDIUM
umoci < 0.4.7 - Arbitrary File Write via Symlink Traversal in Unpack Operation
Apr 06, 2021
CVSS 5.5
EPSS 0.00
CVE-2021-20206 HIGH
container_network_interface < 0.8.1 - Path Traversal via Plugin Type Field
Mar 26, 2021
CVSS 7.2
EPSS 0.00
CVE-2021-3127 HIGH
NATS Server 2.0.0-2.2.0 and JWT Library < 2.0.1 - Incorrect Access Control via Import Token Binding Mishandling
Mar 16, 2021
CVSS 7.5
EPSS 0.00
CVE-2021-21334 MEDIUM
containerd <1.3.10 and 1.4.0-<1.4.4 - Unintended Environment Variable Exposure via CRI Implementation
Mar 10, 2021
CVSS 6.3
EPSS 0.00
CVE-2021-21369 MEDIUM
Hyperledger Besu < 1.5.1 - Denial of Service via HTTP JSON-RPC Login Endpoint
Mar 09, 2021
CVSS 6.5
EPSS 0.01
CVE-2020-27847 CRITICAL
dex < 2.27.0 - SAML Authentication Bypass via Signature Validation
May 28, 2021
CVSS 9.8
EPSS 0.00
CVE-2020-28466 HIGH
nats_server < 2.2.0 - Denial of Service via Service Export/Import Cycle
Mar 07, 2021
CVSS 7.5
EPSS 0.08
CVE-2020-29662 MEDIUM
Harbor <2.0.5, <2.1.2 - Info Disclosure
Feb 02, 2021
CVSS 5.3
EPSS 0.00
CVE-2020-26290 CRITICAL
Dex < 2.27.0 - Cryptographic Signature Verification Bypass via XML Encoding Issue
Dec 28, 2020
CVSS 9.3
EPSS 0.01
CVE-2020-11093 HIGH
Hyperledger Indy <1.12.4 - Privilege Escalation
Dec 24, 2020
CVSS 7.5
EPSS 0.00
Products
yocto 114 pytorch 31 everest 29 nats-server 24 harbor 23 magma 22 containerd 16 runc 16 iot-yocto 15 cups-filters 14 backstage 13 dragonfly 13 open_network_operating_system 11 onnx 10 ceph 8 kubeedge 8 spinnaker 8 tekton_pipelines 8 automotive_grade_linux 6 cubefs 6 edge_virtualization_engine 5 foomatic-filters 5 osquery 5 dex 4 grpc_swift 4 indy-node 4 materialx 4 opendaylight 4 rekor 4 the_update_framework 4
Quick Filters
Critical CVEs With Exploits In CISA KEV