Vulnerabilities > Linuxfoundation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-10 | CVE-2024-22244 | Open Redirect vulnerability in Linuxfoundation Harbor Open Redirect in Harbor <=v2.8.4, <=v2.9.2, and <=v2.10.0 may redirect a user to a malicious site. | 6.1 |
| 2024-06-06 | CVE-2024-5187 | Unspecified vulnerability in Linuxfoundation Onnx 1.16.0 A vulnerability in the `download_model_with_test_data` function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. | 8.8 |
| 2024-03-15 | CVE-2023-51699 | OS Command Injection vulnerability in Linuxfoundation Fluid Fluid is an open source Kubernetes-native Distributed Dataset Orchestrator and Accelerator for data-intensive applications. | 6.0 |
| 2024-03-04 | CVE-2024-20022 | In lk, there is a possible escalation of privilege due to a missing bounds check. | 6.7 |
| 2024-02-23 | CVE-2024-27318 | Path Traversal vulnerability in multiple products Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. | 7.5 |
| 2024-02-23 | CVE-2024-27319 | Out-of-bounds Read vulnerability in multiple products Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy. | 9.1 |
| 2024-02-23 | CVE-2024-26150 | Path Traversal vulnerability in Linuxfoundation Backstage Backend-Common 0.21.0 `@backstage/backend-common` is a common functionality library for backends for Backstage, an open platform for building developer portals. | 7.5 |
| 2024-02-19 | CVE-2024-25626 | OS Command Injection vulnerability in Linuxfoundation Yocto Yocto Project is an open source collaboration project that helps developers create custom Linux-based systems regardless of the hardware architecture. | 9.8 |
| 2024-01-31 | CVE-2024-21626 | Exposure of Resource to Wrong Sphere vulnerability in multiple products runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. | 8.6 |
| 2024-01-25 | CVE-2024-23656 | Inadequate Encryption Strength vulnerability in Linuxfoundation DEX 2.37.0 Dex is an identity service that uses OpenID Connect to drive authentication for other apps. | 7.5 |