Vulnerabilities > Linuxfoundation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-18 | CVE-2019-16919 | Incorrect Default Permissions vulnerability in multiple products Harbor API has a Broken Access Control vulnerability. | 7.5 |
| 2019-09-25 | CVE-2019-16884 | Incorrect Authorization vulnerability in multiple products runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. | 7.5 |
| 2019-09-08 | CVE-2019-16097 | Missing Authorization vulnerability in Linuxfoundation Harbor core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. | 6.5 |
| 2019-07-22 | CVE-2019-1010234 | Improper Input Validation vulnerability in Linuxfoundation Open Network Operating System The Linux Foundation ONOS 1.15.0 and ealier is affected by: Improper Input Validation. | 9.8 |
| 2019-07-19 | CVE-2019-1010245 | OS Command Injection vulnerability in Linuxfoundation Open Network Operating System The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is affected by: Improper Input Validation. | 9.8 |
| 2019-07-18 | CVE-2019-1010252 | Improper Input Validation vulnerability in Linuxfoundation Open Network Operating System The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. | 4.9 |
| 2019-07-18 | CVE-2019-1010250 | Improper Input Validation vulnerability in Linuxfoundation Open Network Operating System The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. | 4.9 |
| 2019-07-18 | CVE-2019-1010249 | Integer Overflow or Wraparound vulnerability in Linuxfoundation Open Network Operating System The Linux Foundation ONOS 2.0.0 and earlier is affected by: Integer Overflow. | 4.9 |
| 2019-06-03 | CVE-2019-3567 | Link Following vulnerability in Linuxfoundation Osquery In some configurations an attacker can inject a new executable path into the extensions.load file for osquery and hard link a parent folder of a malicious binary to a folder with known 'safe' permissions. | 8.1 |
| 2019-02-11 | CVE-2019-5736 | OS Command Injection vulnerability in multiple products runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. local low complexity docker linuxfoundation redhat google linuxcontainers hp netapp apache opensuse d2iq fedoraproject canonical microfocus CWE-78 | 8.6 |