Vulnerabilities > Linuxfoundation > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-21 | CVE-2023-37036 | NULL Pointer Dereference vulnerability in Linuxfoundation Magma A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Uplink NAS Transport` packet missing an expected `ENB_UE_S1AP_ID` field. | 6.5 |
| 2025-01-21 | CVE-2023-37037 | NULL Pointer Dereference vulnerability in Linuxfoundation Magma A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `S1Setup Request` packet missing an expected `Supported TAs` field. | 6.5 |
| 2025-01-21 | CVE-2023-37038 | NULL Pointer Dereference vulnerability in Linuxfoundation Magma A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Uplink NAS Transport` packet missing an expected `MME_UE_S1AP_ID` field. | 6.5 |
| 2024-11-14 | CVE-2022-31666 | Missing Authorization vulnerability in Linuxfoundation Harbor Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users. The attacker could modify Webhook policies configured in other projects. | 5.4 |
| 2024-11-14 | CVE-2022-31667 | Incorrect Authorization vulnerability in Linuxfoundation Harbor Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to. By sending a request that attempts to update a robot account, and specifying a robot account id and robot account name that belongs to a different project that the user doesn’t have access to, it was possible to revoke the robot account permissions. | 6.4 |
| 2024-10-10 | CVE-2024-9798 | Cleartext Storage of Sensitive Information vulnerability in Linuxfoundation Zowe API Mediation Layer The health endpoint is public so everybody can see a list of all services. | 5.3 |
| 2024-10-10 | CVE-2024-9802 | Cleartext Storage of Sensitive Information vulnerability in Linuxfoundation Zowe API Mediation Layer The conformance validation endpoint is public so everybody can verify the conformance of onboarded services. | 5.3 |
| 2024-09-17 | CVE-2024-45815 | Unspecified vulnerability in Linuxfoundation Backstage Backstage is an open framework for building developer portals. | 6.5 |
| 2024-09-17 | CVE-2024-45816 | Path Traversal vulnerability in Linuxfoundation Backstage Backstage is an open framework for building developer portals. | 6.5 |
| 2024-09-17 | CVE-2024-46976 | Cross-site Scripting vulnerability in Linuxfoundation Backstage Backstage is an open framework for building developer portals. | 5.4 |