Vulnerabilities > Linuxfoundation

DATE CVE VULNERABILITY TITLE RISK
2021-07-19 CVE-2021-32760 Exposure of Resource TO Wrong Sphere vulnerability in Linuxfoundation Containerd
containerd is a container runtime.
6.8
2021-07-09 CVE-2021-36153 Unspecified vulnerability in Linuxfoundation Grpc Swift 1.1.0/1.1.1
Mismanaged state in GRPCWebToHTTP2ServerCodec.swift in gRPC Swift 1.1.0 and 1.1.1 allows remote attackers to deny service by sending malformed requests.
network
low complexity
linuxfoundation
5.0
2021-07-09 CVE-2021-36154 Uncontrolled Recursion vulnerability in Linuxfoundation Grpc Swift 1.0.0/1.1.0/1.1.1
HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remote attackers to deny service via the delivery of many small messages within a single HTTP/2 frame, leading to Uncontrolled Recursion and stack consumption.
network
low complexity
linuxfoundation CWE-674
5.0
2021-07-09 CVE-2021-36155 Classic Buffer Overflow vulnerability in Linuxfoundation Grpc Swift 1.0.0/1.1.0/1.1.1
LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates buffers of arbitrary length, which allows remote attackers to cause uncontrolled resource consumption and deny service.
network
low complexity
linuxfoundation CWE-120
5.0
2021-06-03 CVE-2021-32662 Path Traversal vulnerability in Linuxfoundation Backstage
Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs.
3.5
2021-06-03 CVE-2021-32661 Unrestricted Upload of File With Dangerous Type vulnerability in Linuxfoundation @Backstage/Plugin-Techdocs
Backstage is an open platform for building developer portals.
4.9
2021-06-03 CVE-2021-32660 Unrestricted Upload of File With Dangerous Type vulnerability in Linuxfoundation @Backstage/Techdocs-Common
Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs.
5.8
2021-05-28 CVE-2020-27847 Authentication Bypass BY Spoofing vulnerability in Linuxfoundation DEX
A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation.
network
low complexity
linuxfoundation CWE-290
7.5
2021-05-27 CVE-2021-30465 Path Traversal vulnerability in multiple products
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal.
6.0
2021-05-12 CVE-2021-23135 Exposure of Resource TO Wrong Sphere vulnerability in Linuxfoundation Argo Continuous Delivery
Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs.
local
low complexity
linuxfoundation CWE-668
2.1