Vulnerabilities > Linuxfoundation > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-01-21 CVE-2023-37037 NULL Pointer Dereference vulnerability in Linuxfoundation Magma
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `S1Setup Request` packet missing an expected `Supported TAs` field.
low complexity
linuxfoundation CWE-476
6.5
2025-01-21 CVE-2023-37038 NULL Pointer Dereference vulnerability in Linuxfoundation Magma
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Uplink NAS Transport` packet missing an expected `MME_UE_S1AP_ID` field.
low complexity
linuxfoundation CWE-476
6.5
2024-11-14 CVE-2022-31666 Missing Authorization vulnerability in Linuxfoundation Harbor
Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users.  The attacker could modify Webhook policies configured in other projects.
network
low complexity
linuxfoundation CWE-862
5.4
2024-11-14 CVE-2022-31667 Incorrect Authorization vulnerability in Linuxfoundation Harbor
Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to.  By sending a request that attempts to update a robot account, and specifying a robot account id and robot account name that belongs to a different project that the user doesn’t have access to, it was possible to revoke the robot account permissions.
network
low complexity
linuxfoundation CWE-863
6.4
2024-10-10 CVE-2024-9798 Cleartext Storage of Sensitive Information vulnerability in Linuxfoundation Zowe API Mediation Layer
The health endpoint is public so everybody can see a list of all services.
network
low complexity
linuxfoundation CWE-312
5.3
2024-10-10 CVE-2024-9802 Cleartext Storage of Sensitive Information vulnerability in Linuxfoundation Zowe API Mediation Layer
The conformance validation endpoint is public so everybody can verify the conformance of onboarded services.
network
low complexity
linuxfoundation CWE-312
5.3
2024-09-17 CVE-2024-45815 Unspecified vulnerability in Linuxfoundation Backstage
Backstage is an open framework for building developer portals.
network
low complexity
linuxfoundation
6.5
2024-09-17 CVE-2024-45816 Path Traversal vulnerability in Linuxfoundation Backstage
Backstage is an open framework for building developer portals.
network
low complexity
linuxfoundation CWE-22
6.5
2024-09-17 CVE-2024-46976 Cross-site Scripting vulnerability in Linuxfoundation Backstage
Backstage is an open framework for building developer portals.
network
low complexity
linuxfoundation CWE-79
5.4
2024-09-02 CVE-2024-20084 Out-of-bounds Read vulnerability in multiple products
In power, there is a possible out of bounds read due to a missing bounds check.
4.4