| 2020-07-15 | CVE-2020-13788 | Server-Side Request Forgery (SSRF) vulnerability in Linuxfoundation Harbor
Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker with the ability to edit projects can scan ports of hosts accessible on the Harbor server's intranet. | 4.3 |
| 2020-06-26 | CVE-2020-10753 | Injection vulnerability in multiple products
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). | 6.5 |
| 2020-06-19 | CVE-2020-10750 | Information Exposure Through Log Files vulnerability in Linuxfoundation Jaeger
Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. | 5.5 |
| 2020-06-03 | CVE-2020-10749 | A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. | 6.0 |
| 2020-05-13 | CVE-2020-12831 | Incorrect Permission Assignment for Critical Resource vulnerability in Linuxfoundation Free Range Routing
An issue was discovered in FRRouting FRR (aka Free Range Routing) through 7.3.1. | 5.3 |
| 2020-04-23 | CVE-2020-1760 | Cross-site Scripting vulnerability in multiple products
A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. | 6.1 |
| 2020-04-13 | CVE-2020-1759 | A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. | 6.8 |
| 2020-03-20 | CVE-2019-19026 | SQL Injection vulnerability in multiple products
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform. | 4.9 |
| 2020-02-13 | CVE-2019-10785 | Cross-site Scripting vulnerability in multiple products
dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. | 6.1 |
| 2020-01-14 | CVE-2020-6173 | Resource Exhaustion vulnerability in Linuxfoundation the Update Framework
TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows Uncontrolled Resource Consumption. | 5.3 |