Vulnerabilities > Hashicorp > Nomad
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-24 | CVE-2020-28348 | Path Traversal vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. | 6.3 |
| 2020-10-22 | CVE-2020-27195 | Unspecified vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. | 6.4 |
| 2020-04-28 | CVE-2020-10944 | Cross-site Scripting vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-site scripting vulnerability such that files from a malicious workload could cause arbitrary JavaScript to execute in the web UI. | 3.5 |
| 2020-01-31 | CVE-2020-7956 | Improper Certificate Validation vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. | 7.5 |
| 2020-01-31 | CVE-2020-7218 | Allocation of Resources Without Limits or Throttling vulnerability in Hashicorp Nomad HashiCorp Nomad and Nonad Enterprise up to 0.10.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. | 5.0 |
| 2019-08-12 | CVE-2019-12618 | Improper Privilege Management vulnerability in Hashicorp Nomad 0.9.0/0.9.1 HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver. | 10.0 |