Vulnerabilities > Linuxfoundation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-09 | CVE-2021-36154 | Uncontrolled Recursion vulnerability in Linuxfoundation Grpc Swift 1.0.0/1.1.0/1.1.1 HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remote attackers to deny service via the delivery of many small messages within a single HTTP/2 frame, leading to Uncontrolled Recursion and stack consumption. | 5.0 |
| 2021-07-09 | CVE-2021-36155 | Allocation of Resources Without Limits or Throttling vulnerability in Linuxfoundation Grpc Swift 1.0.0/1.1.0/1.1.1 LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates buffers of arbitrary length, which allows remote attackers to cause uncontrolled resource consumption and deny service. | 5.0 |
| 2021-06-03 | CVE-2021-32662 | Path Traversal vulnerability in Linuxfoundation Backstage Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. | 3.5 |
| 2021-06-03 | CVE-2021-32661 | Unrestricted Upload of File with Dangerous Type vulnerability in Linuxfoundation @Backstage/Plugin-Techdocs Backstage is an open platform for building developer portals. | 4.9 |
| 2021-06-03 | CVE-2021-32660 | Unrestricted Upload of File with Dangerous Type vulnerability in Linuxfoundation @Backstage/Techdocs-Common Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. | 5.8 |
| 2021-05-28 | CVE-2020-27847 | Improper Handling of Syntactically Invalid Structure vulnerability in Linuxfoundation DEX A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. | 9.8 |
| 2021-05-27 | CVE-2021-30465 | Race Condition vulnerability in multiple products runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. | 8.5 |
| 2021-05-12 | CVE-2021-23135 | Information Exposure Through an Error Message vulnerability in Linuxfoundation Argo Continuous Delivery Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs. | 2.1 |
| 2021-04-30 | CVE-2021-31232 | Unspecified vulnerability in Linuxfoundation Cortex The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used. | 5.5 |
| 2021-04-15 | CVE-2021-20288 | Improper Authentication vulnerability in multiple products An authentication flaw was found in ceph in versions before 14.2.20. | 7.2 |