Vulnerabilities > Linuxfoundation > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-03 | CVE-2021-32660 | Unrestricted Upload of File with Dangerous Type vulnerability in Linuxfoundation @Backstage/Techdocs-Common Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. | 5.8 |
| 2021-04-30 | CVE-2021-31232 | Unspecified vulnerability in Linuxfoundation Cortex The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used. | 5.5 |
| 2021-03-10 | CVE-2021-21334 | Exposure of Resource to Wrong Sphere vulnerability in multiple products In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. | 6.3 |
| 2021-03-09 | CVE-2021-21369 | Resource Exhaustion vulnerability in Linuxfoundation Besu Hyperledger Besu is an open-source, MainNet compatible, Ethereum client written in Java. | 4.0 |
| 2021-02-02 | CVE-2020-29662 | Cleartext Transmission of Sensitive Information vulnerability in Linuxfoundation Harbor In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s registry API is exposed on an unauthenticated path. | 5.0 |
| 2020-12-28 | CVE-2020-26290 | Improper Verification of Cryptographic Signature vulnerability in Linuxfoundation DEX Dex is a federated OpenID Connect provider written in Go. | 6.8 |
| 2020-12-24 | CVE-2020-11093 | Improper Verification of Cryptographic Signature vulnerability in Linuxfoundation Indy-Node Hyperledger Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. | 5.0 |
| 2020-12-11 | CVE-2020-9301 | Deserialization of Untrusted Data vulnerability in Linuxfoundation Spinnaker Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. | 6.5 |
| 2020-12-01 | CVE-2020-15257 | Incorrect Resource Transfer Between Spheres vulnerability in multiple products containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. | 5.2 |
| 2020-09-30 | CVE-2020-26149 | Insufficiently Protected Credentials vulnerability in Linuxfoundation Nats.Deno and Nats.Js NATS nats.js before 2.0.0-209, nats.ws before 1.0.0-111, and nats.deno before 1.0.0-9 allow credential disclosure from a client to a server. | 5.0 |