Filtered by vendor Linuxfoundation
Subscriptions
Total
307 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-48363 | 1 Linuxfoundation | 1 Automotive Grade Linux | 2025-03-11 | 7.5 High |
| In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer. | ||||
| CVE-2022-23506 | 1 Linuxfoundation | 1 Spinnaker | 2025-03-10 | 4.3 Medium |
| Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. Rosco prior to versions 1.29.2, 1.28.4, and 1.27.3 does not property mask secrets generated via packer builds. This can lead to exposure of sensitive AWS credentials in packer log files. Versions 1.29.2, 1.28.4, and 1.27.3 of Rosco contain fixes for this issue. A workaround is available. It's recommended to use short lived credentials via role assumption and IAM profiles. Additionally, credentials can be set in `/home/spinnaker/.aws/credentials` and `/home/spinnaker/.aws/config` as a volume mount for Rosco pods vs. setting credentials in roscos bake config properties. Last even with those it's recommend to use IAM Roles vs. long lived credentials. This drastically mitigates the risk of credentials exposure. If users have used static credentials, it's recommended to purge any bake logs for AWS, evaluate whether AWS_ACCESS_KEY, SECRET_KEY and/or other sensitive data has been introduced in log files and bake job logs. Then, rotate these credentials and evaluate potential improper use of those credentials. | ||||
| CVE-2023-25151 | 1 Linuxfoundation | 1 Opentelemetry-go Contrib | 2025-03-10 | 7.5 High |
| opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` uses the `httpconv.ServerRequest` function to annotate metric measurements for the `http.server.request_content_length`, `http.server.response_content_length`, and `http.server.duration` instruments. The `ServerRequest` function sets the `http.target` attribute value to be the whole request URI (including the query string)[^1]. The metric instruments do not "forget" previous measurement attributes when `cumulative` temporality is used, this means the cardinality of the measurements allocated is directly correlated with the unique URIs handled. If the query string is constantly random, this will result in a constant increase in memory allocation that can be used in a denial-of-service attack. This issue has been addressed in version 0.39.0. Users are advised to upgrade. There are no known workarounds for this issue. | ||||
| CVE-2023-25571 | 1 Linuxfoundation | 3 Backstage Catalog-model, Backstage Core-components, Backstage Plugin-catalog-backend | 2025-03-10 | 6.8 Medium |
| Backstage is an open platform for building developer portals. `@backstage/catalog-model` prior to version 1.2.0, `@backstage/core-components` prior to 0.12.4, and `@backstage/plugin-catalog-backend` prior to 1.7.2 are affected by a cross-site scripting vulnerability. This vulnerability allows a malicious actor with access to add or modify content in an instance of the Backstage software catalog to inject script URLs in the entities stored in the catalog. If users of the catalog then click on said URLs, that can lead to an XSS attack. This vulnerability has been patched in both the frontend and backend implementations. The default `Link` component from `@backstage/core-components` version 1.2.0 and greater will now reject `javascript:` URLs, and there is a global override of `window.open` to do the same. In addition, the catalog model v0.12.4 and greater as well as the catalog backend v1.7.2 and greater now has additional validation built in that prevents `javascript:` URLs in known annotations. As a workaround, the general practice of limiting access to modifying catalog content and requiring code reviews greatly help mitigate this vulnerability. | ||||
| CVE-2023-25153 | 2 Linuxfoundation, Redhat | 2 Containerd, Container Native Virtualization | 2025-03-10 | 6.2 Medium |
| containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images. | ||||
| CVE-2023-25173 | 2 Linuxfoundation, Redhat | 9 Containerd, Container Native Virtualization, Enterprise Linux and 6 more | 2025-03-10 | 5.3 Medium |
| containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Downstream applications that use the containerd client library may be affected as well. This bug has been fixed in containerd v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue. Users who rely on a downstream application that uses containerd's client library should check that application for a separate advisory and instructions. As a workaround, ensure that the `"USER $USERNAME"` Dockerfile instruction is not used. Instead, set the container entrypoint to a value similar to `ENTRYPOINT ["su", "-", "user"]` to allow `su` to properly set up supplementary groups. | ||||
| CVE-2024-22244 | 1 Linuxfoundation | 1 Harbor | 2025-02-26 | 4.3 Medium |
| Open Redirect in HarborĀ <=v2.8.4, <=v2.9.2, and <=v2.10.0 may redirect a user to a malicious site. | ||||
| CVE-2022-41354 | 2 Linuxfoundation, Redhat | 2 Argo-cd, Openshift Gitops | 2025-02-19 | 4.3 Medium |
| An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications. | ||||
| CVE-2024-24423 | 1 Linuxfoundation | 1 Magma | 2025-02-18 | 7.5 High |
| The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_esm_message_container function at /nas/ies/EsmMessageContainer.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. | ||||
| CVE-2024-24422 | 1 Linuxfoundation | 1 Magma | 2025-02-18 | 7.5 High |
| The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a stack overflow in the decode_protocol_configuration_options function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. | ||||
| CVE-2024-24419 | 1 Linuxfoundation | 1 Magma | 2025-02-18 | 7.5 High |
| The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_traffic_flow_template_packet_filter function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. | ||||
| CVE-2024-24418 | 1 Linuxfoundation | 1 Magma | 2025-02-18 | 7.5 High |
| The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_pdn_address function at /nas/ies/PdnAddress.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. | ||||
| CVE-2024-24417 | 1 Linuxfoundation | 1 Magma | 2025-02-18 | 7.5 High |
| The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_protocol_configuration_options function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. | ||||
| CVE-2024-24416 | 1 Linuxfoundation | 1 Magma | 2025-02-18 | 7.5 High |
| The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_access_point_name_ie function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. | ||||
| CVE-2023-37038 | 1 Linuxfoundation | 1 Magma | 2025-02-18 | 6.5 Medium |
| A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Uplink NAS Transport` packet missing an expected `MME_UE_S1AP_ID` field. | ||||
| CVE-2023-37037 | 1 Linuxfoundation | 1 Magma | 2025-02-18 | 6.5 Medium |
| A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `S1Setup Request` packet missing an expected `Supported TAs` field. | ||||
| CVE-2023-37036 | 1 Linuxfoundation | 1 Magma | 2025-02-18 | 6.5 Medium |
| A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Uplink NAS Transport` packet missing an expected `ENB_UE_S1AP_ID` field. | ||||
| CVE-2023-37034 | 1 Linuxfoundation | 1 Magma | 2025-02-18 | 6.5 Medium |
| A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Initial UE Message` packet missing an expected `TAI` field. | ||||
| CVE-2023-37033 | 1 Linuxfoundation | 1 Magma | 2025-02-18 | 6.5 Medium |
| A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Initial UE Message` packet missing an expected `EUTRAN_CGI` field. | ||||
| CVE-2023-37032 | 1 Linuxfoundation | 1 Magma | 2025-02-18 | 7.5 High |
| A Stack-based buffer overflow in the Mobile Management Entity (MME) of Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows remote attackers to crash the MME with an unauthenticated cellphone by sending a NAS packet containing an oversized `Emergency Number List` Information Element. | ||||