Latest Linuxfoundation Vulnerabilities

CVE-2024-23656
Dex 2.37.0 is discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers
go/github.com/dexidp/dex=2.37.0
Linuxfoundation Dex=2.37.0
CVE-2024-22424
Cross-Site Request Forgery (CSRF) in github.com/argoproj/argo-cd
go/github.com/argoproj/argo-cd/v2=2.10.0-rc1
go/github.com/argoproj/argo-cd/v2>=2.9.0-rc1<2.9.4
go/github.com/argoproj/argo-cd/v2>=2.8.0-rc1<2.8.8
go/github.com/argoproj/argo-cd/v2<2.7.16
go/github.com/argoproj/argo-cd>=0.1.0<=1.8.7
Linuxfoundation Argo-cd>=0.1.0<2.7.16
and 3 more
CVE-2024-21626
runc container breakout through process.cwd trickery and leaked fds
ubuntu/runc<1.1.4-0ubuntu1~18.04.2+
ubuntu/runc<1.1.7-0ubuntu1~20.04.2
ubuntu/runc<1.1.7-0ubuntu1~22.04.2
ubuntu/runc<1.1.7-0ubuntu2.2
ubuntu/runc<1.1.12
go/github.com/opencontainers/runc>=1.0.0-rc93<=1.1.11
and 7 more
CVE-2023-46742
CubeFS leaks users key in logs
go/github.com/cubefs/cubefs<3.3.1
Linuxfoundation Cubefs<3.3.1
CVE-2023-46741
CubeFS leaks magic secret key when starting Blobstore access service
go/github.com/cubefs/cubefs<3.3.1
Linuxfoundation Cubefs<3.3.1
CVE-2023-46740
Insecure random string generator used for sensitive data
go/github.com/cubefs/cubefs<3.3.1
Linuxfoundation Cubefs<3.3.1
CVE-2023-46739
Timing attack can leak user passwords
go/github.com/cubefs/cubefs<3.3.1
Linuxfoundation Cubefs<3.3.1
CVE-2023-46738
Authenticated users can crash the CubeFS servers with maliciously crafted requests
go/github.com/cubefs/cubefs<3.3.1
Linuxfoundation Cubefs<3.3.1
CVE-2023-6944
Rhdh: catalog-import function leaks credentials to frontend
Redhat Red Hat Developer Hub<1.21.0
Linuxfoundation Backstage<1.21.0
redhat/rhdh<1.21.0
npm/@backstage/backend-app-api<0.5.9-next.1
CVE-2023-32855
In aee, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not...
Linuxfoundation Yocto=2.6
Linuxfoundation Yocto=3.3
Linuxfoundation Yocto=4.0
Rdkcentral Rdk-b=2022q3
Google Android=12.0
Google Android=13.0
and 34 more
CVE-2023-20902
Timing attack risk in Harbor
Linuxfoundation Harbor<1.10.17
Linuxfoundation Harbor>=2.6.0<=2.6.4
Linuxfoundation Harbor>=2.7.0<2.7.3
Linuxfoundation Harbor>=2.8.0<2.8.3
CVE-2023-32829
In apusys, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed ...
Linuxfoundation Yocto=3.1
Linuxfoundation Yocto=3.3
Linuxfoundation Yocto=4.0
Mediatek Iot Yocto=23.0
Google Android=12.0
Google Android=13.0
and 14 more
CVE-2023-32820
In wlan firmware, there is a possible firmware assertion due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is...
Linuxfoundation Yocto=3.1
Linuxfoundation Yocto=3.3
Mediatek Iot Yocto=23.0
Google Android=11.0
Google Android=12.0
Google Android=13.0
and 52 more
CVE-2023-40026
Argo CD is a declarative continuous deployment framework for Kubernetes. In Argo CD versions prior to 2.3 (starting at least in v0.1.0, but likely in any version using Helm before 2.3), using a specif...
Linuxfoundation Argo-cd<2.3.0
CVE-2023-43632
As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port 8877 in EVE, exposing limited functionality of the TPM to the clients. VTPM allows clients to execute tpm...
Linuxfoundation Edge Virtualization Engine>=3.0.0<9.5.0
CVE-2023-43631
On boot, the Pillar eve container checks for the existence and content of “/config/authorized_keys”. If the file is present, and contains a supported public key, the container will go on to open por...
Linuxfoundation Edge Virtualization Engine<8.6.0
Linuxfoundation Edge Virtualization Engine>=9.0.0<9.5.0
CVE-2023-43636
In EVE OS, the “measured boot” mechanism prevents a compromised device from accessing the encrypted data located in the vault. As per the “measured boot” design, the PCR values calculated at diffe...
Linuxfoundation Edge Virtualization Engine<8.6.0
Linuxfoundation Edge Virtualization Engine>=9.0.0<9.5.0
CVE-2023-43630
PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was implemented in commit “7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, fixing this issue alone would not so...
Linuxfoundation Edge Virtualization Engine>=9.0.0<9.5.0
CVE-2023-43635
Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Different parts of the system update different PCR values in the TPM, resulti...
Linuxfoundation Edge Virtualization Engine<9.5.0
CVE-2022-28357
NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account.
Linuxfoundation Nats-server>=2.2.0<=2.7.4
CVE-2023-32815
In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is n...
Linuxfoundation Yocto=2.6
Google Android=13.0
Openwrt Openwrt=19.07.0
Openwrt Openwrt=21.02.0
Mediatek Mt2713
Mediatek Mt2735
and 43 more
CVE-2023-32811
In connectivity system driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User ...
Linuxfoundation Yocto=4.0
Mediatek Iot Yocto=23.0
Google Android=12.0
Google Android=13.0
Mediatek Mt2713
Mediatek Mt6779
and 21 more
CVE-2023-32810
In bluetooth driver, there is a possible out of bounds read due to improper input validation. This could lead to local information leak with System execution privileges needed. User interaction is not...
Linuxfoundation Yocto=3.1
Linuxfoundation Yocto=3.3
Linuxfoundation Yocto=4.0
Google Android=12.0
Google Android=13.0
Linux Linux kernel=4.19
and 50 more
CVE-2023-32813
In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is ...
Linuxfoundation Yocto=2.6
Google Android=13.0
Openwrt Openwrt=19.07.0
Openwrt Openwrt=21.02.0
Mediatek Mt2713
Mediatek Mt2735
and 47 more
CVE-2023-32812
In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local esclation of privileges with System execution privileges needed. User interaction is...
Linuxfoundation Yocto=2.6
Google Android=13.0
Openwrt Openwrt=19.07.0
Openwrt Openwrt=21.02.0
Mediatek Mt2713
Mediatek Mt2735
and 42 more
CVE-2023-32807
In wlan service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is n...
Linuxfoundation Yocto=4.0
Mediatek Iot Yocto=23.0
Google Android=13.0
Mediatek Mt6779
Google Android
Google Android
and 30 more
CVE-2023-32806
In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is ...
Linuxfoundation Yocto=4.0
Mediatek Iot Yocto=23.0
Google Android=12.0
Google Android=13.0
Openwrt Openwrt=21.02.0
Google Android
and 38 more
CVE-2023-20850
In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interactio...
Linuxfoundation Yocto=4.0
Mediatek Iot Yocto=23.0
Google Android=11.0
Google Android=12.0
Linux Linux kernel=6.1
Mediatek Mt2713
and 7 more
CVE-2023-20848
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction...
Linuxfoundation Yocto=4.0
Mediatek Iot Yocto=23.0
Google Android=11.0
Google Android=12.0
Linux Linux kernel=6.1
Mediatek Mt2713
and 7 more
CVE-2023-20846
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction ...
Linuxfoundation Yocto=4.0
Mediatek Iot Yocto=23.0
Google Android=11.0
Google Android=12.0
Linux Linux kernel=6.1
Mediatek Mt6895
and 6 more
CVE-2023-20845
In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is ne...
Linuxfoundation Yocto=4.0
Mediatek Iot Yocto=23.0
Google Android=11.0
Google Android=12.0
Linux Linux kernel=6.1
Mediatek Mt6895
and 5 more
CVE-2023-20843
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction ...
Linuxfoundation Yocto=4.0
Mediatek Iot Yocto=23.0
Google Android=11.0
Google Android=12.0
Linux Linux kernel=6.1
Mediatek Mt6895
and 6 more
CVE-2023-20842
In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interactio...
Linuxfoundation Yocto=4.0
Mediatek Iot Yocto=23.0
Google Android=11.0
Google Android=12.0
Linux Linux kernel=6.1
Mediatek Mt2713
and 7 more
CVE-2023-20841
In imgsys, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is ...
Linuxfoundation Yocto=4.0
Mediatek Iot Yocto=23.0
Google Android=11.0
Google Android=12.0
Linux Linux kernel=6.1
Mediatek Mt2713
and 7 more
CVE-2023-20849
In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is ...
Linuxfoundation Yocto=4.0
Mediatek Iot Yocto=23.0
Google Android=11.0
Google Android=12.0
Linux Linux kernel=6.1
Mediatek Mt2713
and 7 more
CVE-2023-20844
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction ...
Linuxfoundation Yocto=4.0
Mediatek Iot Yocto=23.0
Google Android=11.0
Google Android=12.0
Linux Linux kernel=6.1
Mediatek Mt6895
and 6 more
CVE-2023-20847
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local denial of service with System execution privileges needed. User interaction is ne...
Linuxfoundation Yocto=4.0
Mediatek Iot Yocto=23.0
Google Android=11.0
Google Android=12.0
Linux Linux kernel=6.1
Mediatek Mt6895
and 6 more
CVE-2023-20840
In imgsys, there is a possible out of bounds read and write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User intera...
Linuxfoundation Yocto=4.0
Mediatek Iot Yocto=23.0
Google Android=11.0
Google Android=12.0
Linux Linux kernel=6.1
Mediatek Mt6895
and 5 more
CVE-2023-20838
In imgsys, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for explo...
Linuxfoundation Yocto=3.1
Linuxfoundation Yocto=3.3
Linuxfoundation Yocto=4.0
Google Android=12.0
Google Android=13.0
Linux Linux kernel=4.19
and 50 more
CVE-2023-20839
In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is ne...
Linuxfoundation Yocto=4.0
Mediatek Iot Yocto=23.0
Google Android=11.0
Google Android=12.0
Linux Linux kernel=6.1
Mediatek Mt2713
and 7 more
CVE-2023-20835
In camsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for expl...
Linuxfoundation Yocto=4.0
Mediatek Iot Yocto=23.0
Google Android=12.0
Google Android=13.0
Mediatek Mt6895
Mediatek Mt6983
and 4 more
CVE-2023-20828
In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed ...
Linuxfoundation Yocto=2.6
Rdkcentral Rdk-b=2022q3
Google Android=12.0
Google Android=13.0
Openwrt Openwrt=19.07.0
Openwrt Openwrt=21.02.0
and 42 more
CVE-2023-20831
In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed ...
Linuxfoundation Yocto=2.6
Rdkcentral Rdk-b=2022q3
Google Android=12.0
Google Android=13.0
Openwrt Openwrt=19.07.0
Openwrt Openwrt=21.02.0
and 41 more
CVE-2023-20832
In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed ...
Linuxfoundation Yocto=2.6
Rdkcentral Rdk-b=2022q3
Google Android=12.0
Google Android=13.0
Openwrt Openwrt=19.07.0
Openwrt Openwrt=21.02.0
and 43 more
CVE-2023-20830
In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed ...
Linuxfoundation Yocto=2.6
Rdkcentral Rdk-b=2022q3
Google Android=12.0
Google Android=13.0
Openwrt Openwrt=19.07.0
Openwrt Openwrt=21.02.0
and 46 more
CVE-2023-20829
In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed ...
Linuxfoundation Yocto=2.6
Rdkcentral Rdk-b=2022q3
Google Android=12.0
Google Android=13.0
Openwrt Openwrt=19.07.0
Openwrt Openwrt=21.02.0
and 42 more
CVE-2023-20821
In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not neede...
Linuxfoundation Yocto=2.6
Rdkcentral Rdk-b=2022q3
Google Android=11.0
Google Android=12.0
Google Android=13.0
Openwrt Openwrt=19.07.0
and 65 more
CVE-2023-40584
Argo CD is a declarative continuous deployment for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack v...
Linuxfoundation Argo Continuous Delivery>=2.4.0<2.6.15
Linuxfoundation Argo Continuous Delivery>=2.7.0<2.7.14
Linuxfoundation Argo Continuous Delivery>=2.8.0<2.8.3
go/github.com/argoproj/argo-cd/v2>=2.8.0<2.8.3
go/github.com/argoproj/argo-cd/v2>=2.7.0<2.7.14
go/github.com/argoproj/argo-cd/v2>=2.4.0<2.6.15
CVE-2023-39348
### Impact ONLY IMPACTS those use GitHub Status Notifications Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token...
Linuxfoundation Spinnaker<1.28.8
Linuxfoundation Spinnaker>=1.29.0<1.29.6
Linuxfoundation Spinnaker>=1.30.0<1.30.3
Linuxfoundation Spinnaker=1.30.0
CVE-2023-40025
### Impact All versions of Argo CD starting from v2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already ex...
Linuxfoundation Argo-cd>=2.6.0<=2.6.13
Linuxfoundation Argo-cd=2.7.11
Linuxfoundation Argo-cd=2.8.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203