Vulnerabilities > Linuxfoundation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-03 | CVE-2021-32661 | Unrestricted Upload of File with Dangerous Type vulnerability in Linuxfoundation @Backstage/Plugin-Techdocs Backstage is an open platform for building developer portals. | 7.3 |
| 2021-06-03 | CVE-2021-32660 | Unrestricted Upload of File with Dangerous Type vulnerability in Linuxfoundation @Backstage/Techdocs-Common Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. | 8.1 |
| 2021-05-28 | CVE-2020-27847 | Unspecified vulnerability in Linuxfoundation DEX A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. | 9.8 |
| 2021-05-27 | CVE-2021-30465 | Race Condition vulnerability in multiple products runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. | 8.5 |
| 2021-04-30 | CVE-2021-31232 | Unspecified vulnerability in Linuxfoundation Cortex The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used. | 5.5 |
| 2021-04-15 | CVE-2021-20288 | Improper Authentication vulnerability in multiple products An authentication flaw was found in ceph in versions before 14.2.20. | 7.2 |
| 2021-04-06 | CVE-2021-29136 | Improper Input Validation vulnerability in multiple products Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used. | 5.5 |
| 2021-03-26 | CVE-2021-20206 | Path Traversal vulnerability in Linuxfoundation Container Network Interface An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. | 7.2 |
| 2021-03-10 | CVE-2021-21334 | In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. | 6.3 |
| 2021-03-09 | CVE-2021-21369 | Unspecified vulnerability in Linuxfoundation Besu Hyperledger Besu is an open-source, MainNet compatible, Ethereum client written in Java. | 6.5 |