Vulnerabilities > Linuxfoundation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-06 | CVE-2021-29136 | Improper Input Validation vulnerability in multiple products Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used. | 2.1 |
| 2021-03-26 | CVE-2021-20206 | Path Traversal vulnerability in Linuxfoundation Container Network Interface An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. | 7.2 |
| 2021-03-15 | CVE-2021-26924 | Cross-site Scripting vulnerability in Linuxfoundation Argo-Cd An issue was discovered in Argo CD before 1.8.4. | 4.3 |
| 2021-03-15 | CVE-2021-26923 | Information Exposure vulnerability in Linuxfoundation Argo-Cd An issue was discovered in Argo CD before 1.8.4. | 5.0 |
| 2021-03-10 | CVE-2021-21334 | Exposure of Resource to Wrong Sphere vulnerability in multiple products In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. | 6.3 |
| 2021-03-09 | CVE-2021-21369 | Resource Exhaustion vulnerability in Linuxfoundation Besu Hyperledger Besu is an open-source, MainNet compatible, Ethereum client written in Java. | 4.0 |
| 2021-03-03 | CVE-2021-23347 | Cross-site Scripting vulnerability in Linuxfoundation Argo Continuous Delivery The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting (XSS) the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user. | 3.5 |
| 2021-02-09 | CVE-2021-26921 | Insufficient Session Expiration vulnerability in Linuxfoundation Argo Continuous Delivery In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled. | 5.0 |
| 2021-02-02 | CVE-2020-29662 | Cleartext Transmission of Sensitive Information vulnerability in Linuxfoundation Harbor In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s registry API is exposed on an unauthenticated path. | 5.0 |
| 2020-12-28 | CVE-2020-26290 | Improper Verification of Cryptographic Signature vulnerability in Linuxfoundation DEX Dex is a federated OpenID Connect provider written in Go. | 6.8 |