Vulnerabilities > Linuxfoundation

DATE CVE VULNERABILITY TITLE RISK
2020-12-28 CVE-2020-26290 Improper Verification of Cryptographic Signature vulnerability in Linuxfoundation DEX
Dex is a federated OpenID Connect provider written in Go.
6.8
2020-12-24 CVE-2020-11093 Improper Verification of Cryptographic Signature vulnerability in Linuxfoundation Indy-Node
Hyperledger Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity.
network
low complexity
linuxfoundation CWE-347
5.0
2020-12-16 CVE-2020-26273 Command Injection vulnerability in Linuxfoundation Osquery
osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework.
local
low complexity
linuxfoundation CWE-77
3.6
2020-12-11 CVE-2020-9301 Deserialization of Untrusted Data vulnerability in Linuxfoundation Spinnaker
Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5.
network
low complexity
linuxfoundation CWE-502
6.5
2020-12-01 CVE-2020-15257 Incorrect Resource Transfer Between Spheres vulnerability in Linuxfoundation Containerd
containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows.
local
low complexity
linuxfoundation CWE-669
3.6
2020-11-06 CVE-2020-26892 USE of Hard-Coded Credentials vulnerability in Linuxfoundation Nats-Server
The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled.
network
low complexity
linuxfoundation CWE-798
7.5
2020-11-06 CVE-2020-26521 Null Pointer Dereference vulnerability in Linuxfoundation Nats-Server
The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code).
network
low complexity
linuxfoundation CWE-476
5.0
2020-10-16 CVE-2020-15157 Insufficiently Protected Credentials vulnerability in multiple products
In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability.
4.3
2020-09-30 CVE-2020-26149 Insufficiently Protected Credentials vulnerability in Linuxfoundation Nats.Deno and Nats.Js
NATS nats.js before 2.0.0-209, nats.ws before 1.0.0-111, and nats.deno before 1.0.0-9 allow credential disclosure from a client to a server.
network
low complexity
linuxfoundation CWE-522
5.0
2020-09-30 CVE-2020-13794 Information Exposure vulnerability in Linuxfoundation Harbor
Harbor 1.9.* 1.10.* and 2.0.* allows Exposure of Sensitive Information to an Unauthorized Actor.
network
low complexity
linuxfoundation CWE-200
4.0