Vulnerabilities > Etcd
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-22 | CVE-2022-34038 | Out-of-bounds Write vulnerability in Etcd 3.5.4 Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go. | 7.5 |
| 2023-05-11 | CVE-2023-32082 | Unspecified vulnerability in Etcd etcd is a distributed key-value store for the data of a distributed system. | 4.3 |
| 2023-04-04 | CVE-2021-28235 | Improper Authentication vulnerability in Etcd 3.4.10 Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function. | 9.8 |
| 2020-08-05 | CVE-2020-15113 | Improper Preservation of Permissions vulnerability in multiple products In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. | 7.1 |
| 2020-08-05 | CVE-2020-15112 | Improper Validation of Array Index vulnerability in multiple products In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. | 6.5 |
| 2020-08-05 | CVE-2020-15106 | In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. | 6.5 |
| 2019-01-14 | CVE-2018-16886 | Improper Authentication vulnerability in multiple products etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. | 8.1 |