Filtered by vendor Linuxfoundation
Subscribe
Total
294 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11090 | 1 Linuxfoundation | 1 Indy-node | 2020-06-22 | 5.0 MEDIUM | 7.5 HIGH |
| In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vulnerability. Indy Node has a bug in TAA handling code. The current primary can be crashed with a malformed transaction from a client, which leads to a view change. Repeated rapid view changes have the potential of bringing down the network. This is fixed in version 1.12.3. | |||||
| CVE-2018-21034 | 1 Linuxfoundation | 1 Argo Continuous Delivery | 2020-04-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets and other manifests which were stored within git. | |||||
| CVE-2020-8826 | 1 Linuxfoundation | 1 Argo Continuous Delivery | 2020-04-14 | 5.0 MEDIUM | 7.5 HIGH |
| As of v1.5.0, the Argo web interface authentication system issued immutable tokens. Authentication tokens, once issued, were usable forever without expiration—there was no refresh or forced re-authentication. | |||||
| CVE-2020-1887 | 1 Linuxfoundation | 1 Osquery | 2020-04-03 | 5.8 MEDIUM | 9.1 CRITICAL |
| Incorrect validation of the TLS SNI hostname in osquery versions after 2.9.0 and before 4.2.0 could allow an attacker to MITM osquery traffic in the absence of a configured root chain of trust. | |||||
| CVE-2019-16919 | 2 Linuxfoundation, Vmware | 3 Harbor, Cloud Foundation, Harbor Container Registry | 2020-04-01 | 5.0 MEDIUM | 7.5 HIGH |
| Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper project permissions and project scope on the API request to create a new robot account. | |||||
| CVE-2017-17697 | 1 Linuxfoundation | 1 Harbor | 2020-04-01 | 5.0 MEDIUM | 8.6 HIGH |
| The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping. | |||||
| CVE-2020-5259 | 1 Linuxfoundation | 1 Dojox | 2020-03-11 | 5.0 MEDIUM | 8.6 HIGH |
| In affected versions of dojox (NPM package), the jqMix method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. This has been patched in versions 1.11.10, 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2 | |||||
| CVE-2019-3567 | 1 Linuxfoundation | 1 Osquery | 2020-03-06 | 9.3 HIGH | 8.1 HIGH |
| In some configurations an attacker can inject a new executable path into the extensions.load file for osquery and hard link a parent folder of a malicious binary to a folder with known 'safe' permissions. Under those circumstances osquery will load said malicious executable with SYSTEM permissions. The solution is to migrate installations to the 'Program Files' directory on Windows which restricts unprivileged write access. This issue affects osquery prior to v3.4.0. | |||||
| CVE-2019-16302 | 1 Linuxfoundation | 1 Open Network Operating System | 2020-02-25 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Open Network Operating System (ONOS) 1.14. In the Ethernet VPN application (org.onosproject.evpnopenflow), the host event listener does not handle the following event types: HOST_MOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | |||||
| CVE-2019-16301 | 1 Linuxfoundation | 1 Open Network Operating System | 2020-02-25 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual tenant network application (org.onosproject.vtn), the host event listener does not handle the following event types: HOST_MOVED. In combination with other applications, this could lead to the absence of intended code execution. | |||||
| CVE-2019-16300 | 1 Linuxfoundation | 1 Open Network Operating System | 2020-02-25 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Open Network Operating System (ONOS) 1.14. In the access control application (org.onosproject.acl), the host event listener does not handle the following event types: HOST_REMOVED. In combination with other applications, this could lead to the absence of intended code execution. | |||||
| CVE-2019-16299 | 1 Linuxfoundation | 1 Open Network Operating System | 2020-02-25 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Open Network Operating System (ONOS) 1.14. In the mobility application (org.onosproject.mobility), the host event listener does not handle the following event types: HOST_ADDED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | |||||
| CVE-2019-16298 | 1 Linuxfoundation | 1 Open Network Operating System | 2020-02-25 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual broadband network gateway application (org.onosproject.virtualbng), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | |||||
| CVE-2019-16297 | 1 Linuxfoundation | 1 Open Network Operating System | 2020-02-25 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Open Network Operating System (ONOS) 1.14. In the P4 tutorial application (org.onosproject.p4tutorial), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | |||||
| CVE-2020-6174 | 1 Linuxfoundation | 1 The Update Framework | 2020-02-07 | 7.5 HIGH | 9.8 CRITICAL |
| TUF (aka The Update Framework) through 0.12.1 has Improper Verification of a Cryptographic Signature. | |||||
| CVE-2020-6173 | 1 Linuxfoundation | 1 The Update Framework | 2020-01-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows Uncontrolled Resource Consumption. | |||||
| CVE-2010-5325 | 3 Linuxfoundation, Oracle, Redhat | 8 Foomatic-filters, Linux, Enterprise Linux and 5 more | 2019-12-27 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a long job title. | |||||
| CVE-2019-1010252 | 1 Linuxfoundation | 1 Open Network Operating System | 2019-07-29 | 5.5 MEDIUM | 4.9 MEDIUM |
| The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: applyFlowRules() and apply() functions in FlowRuleManager.java. The attack vector is: network management and connectivity. | |||||
| CVE-2019-1010234 | 1 Linuxfoundation | 1 Open Network Operating System | 2019-07-25 | 7.5 HIGH | 9.8 CRITICAL |
| The Linux Foundation ONOS 1.15.0 and ealier is affected by: Improper Input Validation. The impact is: The attacker can remotely execute any commands by sending malicious http request to the controller. The component is: Method runJavaCompiler in YangLiveCompilerManager.java. The attack vector is: network connectivity. | |||||
| CVE-2019-1010250 | 1 Linuxfoundation | 1 Open Network Operating System | 2019-07-25 | 5.5 MEDIUM | 4.9 MEDIUM |
| The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity. | |||||