Vulnerabilities > Linuxfoundation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-01 | CVE-2021-4326 | Unspecified vulnerability in Linuxfoundation Zowe A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. | 7.8 |
| 2023-02-26 | CVE-2022-48363 | Reachable Assertion vulnerability in Linuxfoundation Automotive Grade Linux In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. | 7.5 |
| 2023-02-17 | CVE-2021-32163 | Incorrect Authorization vulnerability in Linuxfoundation Modular Open Smart Network Authentication vulnerability in MOSN v.0.23.0 allows attacker to escalate privileges via case-sensitive JWT authorization. | 9.8 |
| 2023-02-16 | CVE-2023-25153 | Allocation of Resources Without Limits or Throttling vulnerability in Linuxfoundation Containerd containerd is an open source container runtime. | 5.5 |
| 2023-02-16 | CVE-2023-25173 | Unspecified vulnerability in Linuxfoundation Containerd containerd is an open source container runtime. | 7.8 |
| 2023-02-14 | CVE-2023-25571 | Cross-site Scripting vulnerability in Linuxfoundation products Backstage is an open platform for building developer portals. | 5.4 |
| 2023-02-08 | CVE-2023-25151 | Unspecified vulnerability in Linuxfoundation Opentelemetry-Go Contrib 0.38.0 opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. | 7.5 |
| 2023-01-26 | CVE-2022-25882 | Path Traversal vulnerability in Linuxfoundation Onnx Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd" | 7.5 |
| 2023-01-18 | CVE-2021-4314 | Improper Authentication vulnerability in Linuxfoundation Zowe API Mediation Layer It is possible to manipulate the JWT token without the knowledge of the JWT secret and authenticate without valid JWT token as any user. | 5.3 |
| 2023-01-13 | CVE-2022-46463 | Missing Authentication for Critical Function vulnerability in Linuxfoundation Harbor An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. | 7.5 |